Posted on Leave a comment

GDPR Three Years on the Road: The 10 Key Developments You Should Know

on July 29, 2021

On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR.

Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.https://videopress.com/embed/jeN8KgiT?preloadContent=metadata&hd=1

#1: GDPR: It’s here to stay, and it’s never going to go away!

There’s been some debate around the need to reform the GDPR. However, it is unlikely that this reform is going to happen in the short term if we take into consideration that the European Commission noted in its 2020 evaluation report of the GDPR that it considers the GDPR has met its objectives. For the European Commission, the GDPR has given stronger rights to individuals while businesses are developing a compliance culture and using data protection as a competitive advantage, among others. 

#2: Playtime seems to be over (both for companies and DPAs)

Looking at the past three years of enforcement by the national data protection authorities, we have seen some kind of evolution in the enforcement area:

  • From June to the end of 2018: National authorities were setting up and reorganizing their teams to align their internal structure and resources with their new roles under the GDPR. This resulted in very few enforcements
  • Year 2019: The enforcement increased in 2019, but it consisted mainly of small fines and small companies being targeted
  • Year 2020: National data protection authorities started imposing very high monetary penalties, but many of these were appealed
  • Year 2021: This year, we have started to see more mature and sophisticated enforcement decisions

#3: GDPR: the global ripple effect

GDPR has been a great inspiration around the globe. Some countries have started to implement new data protection frameworks that are aligned with the GDPR, such as the United States with the California Consumer Privacy Act and Brazil with the General Law for the Protection of Personal Data (LGPD). India is following closely, and a law is expected to be finalized at the end of this year.

#4: Data transfers have become a key challenge

Data transfers have become a key challenge for global organizations. Following the European Court of Justice Schrems II case, companies need to complete a Data Transfer Impact Assessment before transferring any data outside of the EEA, assessing the law and practice of the country of the data importer.

Although the European Court of Justice didn’t invalidate the SCCs, companies now also have to supplement them with additional contractual and technical measures following the European Data Protection Board guidance.

#5: Brexit has added an additional level of complexity

Following Brexit, we now have two GDPRs – a UK one and an EU one. Although currently both frameworks are basically identical, we may expect that there will be some deviations in the future. Brexit has also brought some duplications in relation to appointments of DPOs, representatives and BCRs.

#6: EU countries make use of the possibility to finetune by national laws

The GDPR has brought a fair amount of harmonization into the EU data protection framework, however, it’s important to note that EU Member States still have the possibility to finetune the GDPR locally by imposing additional requirements in areas such as the appointment of DPOs, processing activities that require a Data Protection Impact Assessment, or the age under which parental consent is needed to provide online services to children.

#7: To consent or not to consent, that’s the question

GDPR raises the bar for consent: pre-ticked boxes are not valid, and companies shall be able to demonstrate that individuals were totally free when they gave consent. Also, consent can be withdrawn at any time. All of this makes consent a difficult legal basis to rely on.

#8: Regulator guidance: creating clarity or more confusion? (Thankfully it’s black and white…. No grey areas to cause confusion)

The EDPB and the national data protection authorities have issued a lot of guidance since 2018 on multiple matters such as virtual voice assistants, data breach notifications, international data transfers and the concepts of controller and processor. In most cases the guidance is more restrictive than the GDPR.

The European Court of Justice has also had an active role in defining the GDPR through cases such as Fashion ID, Orange and Schrems II.

#9: Much more sophisticated and balanced data processing/sharing agreements

The relationship between data processors and controllers has become more mature and sophisticated. All steps of the relationship – from the onboarding phase, following with the contract execution and during the whole contractual relationship – have been impacted by the GDPR.

#10: And more is yet to come: what about 2022?

The EU Commission is quite active on data protection. There’s new legislation on the horizon mirroring GDPR, such as the Artificial Intelligence Regulation. Another area where we expect changes is e-privacy.

From the United States’ perspective, there is a lot of activity and, as mentioned earlier, the GDPR has inspired it. Apart from the CCPA, in 2018, Alabama enacted a data breach notification law, and other states such as Washington, Virginia and New York have begun to introduce legislation of baseline privacy laws.

Cooley’s cyber/data/privacy group
  • 50+ lawyers globally counseling on privacy, cybersecurity and data protection matters
  • Holistic approach to compliance and security, built to preserve and protect enterprise value
  • Market leading privacy and data breach litigation
Contributors

Patrick Van Eecke

Guadalupe Sampedro

Travis LeBlanc

Amal Ali

Posted on Leave a comment

Hacktopia open call 2021

HACKTOPIA is een nieuw citizen science-initiatief van de stad Antwerpen en Vlaams onderzoekscentrum imec . Via deze ‘open call’ nodigen we burgers uit om  actief mee na te denken over de problematiek van wateroverlast in de stad Antwerpen. Welke uitdagingen kunnen worden aangepakt? Jullie komen zelf met het idee, wij zoeken mee naar de juiste technologie en data om de stad te ‘hacken’, bottom-up te verbeteren. Iedereen (burger) wetenschapper!

HACKTOPIA

HACKTOPIA is een initiatief van de Stad Antwerpen en Vlaams onderzoekscentrum imec waarbij we burgers empoweren  om de slimme stad van morgen vorm te geven. Jij komt met het idee, wij reiken de technologie en data aan om de stad zelf te ‘hacken’.  

Deze editie van HACKTOPIA heeft als thema WATER, en dan meer bepaald de problemen en vraagstukken die hierbij komen kijken. Hevige regenval of stormweer kan een heleboel water met zich meebrengen. Misschien vind je dat klimaatadaptatie nét niet snel genoeg gaat, of heb je zelfs al een straf idee over wat een stad als Antwerpen juist nodig heeft. Zie jij de last in wateroverlast?
 

Imec City of Things - HACKATOPIA



Schotel ons dan jouw op te lossen watervraagstukken voor… en wie weet steken jij en Anthony Liekens  (zelfverklaarde ‘mad scientist’ met een missie: wetenschap en technologie voor iedereen toegankelijk maken) van Makerspace Antwerpen binnenkort de handen uit de mouwen om ’t stad te hacken! 

Imec City of Things - Hackatopia

Mad scientist Anthony Liekens

What the Hack?! 

Stap 1  
Je  broedt op een idee of een uitdaging die je graag aangepakt ziet.  
Waaraan moet jouw idee of uitdaging voldoen? 

  • het thema wateroverlast staat centraal 
  • het is gebaseerd op een reële nood van (de inwoners van) Antwerpen 
  • het is relevant voor een groot aantal burgers van de stad (niet enkel voor jou) 
  • er zit een innovatief en – bij voorkeur – technologisch kantje aan 
  • het is een duurzame oplossing die na afloop van het project nog een eigen leven kan leiden  

Stap 2  
Je  zendt het idee in via onderstaand formulier. We contacteren je binnen de paar dagen om een telefonisch intakegesprek met ons te voeren.  

Stap 3  
Vanaf nu wordt het echt spannend! Je wordt misschien wel geselecteerd om je concept samen met ons verder te ontwikkelen.  

Stap 4  
Jij en je eventuele mede-makers nemen deel aan een aantal  workshops  (meer info hieronder). Professionele makers van Makerspace Antwerpen en experten van onder andere imec  staan je bij met raad en daad om je idee vorm te geven en een blauwdruk te ontwikkelen .

Stap 5  
De makers gaan samen met jou aan de slag om een simulatie van je oplossing te bouwen. Dit vroege prototype gaan we dan ‘in het echt’ testen  met (eind)gebruikers.  

Stap 6  
Na een spannend jury-event wordt het beste concept uitgekozen voor een vervolgtraject. Daarbij wordt je oplossing verder uitgewerkt tot een eerste werkend prototype (proof of concept). Ben je nieuwsgierig naar wat dit juist inhoudt? Lees dan zeker ook de GitHub-pagina van Klankentappers, het winnende imec Hackable City of Things, citizen science concept uit 2019!  

Meedoen 

  • Je schrijft je in via dit registratieformulier.
  • Bij selectie contacteren we je om een telefonisch intakegesprek in te plannen.
  • Tijdens dit gesprek evalueren we jouw idee aan de hand van de vooropgestelde selectiecriteria (zie: stap 1).
  • Na je eventuele selectie ontvang je nog een uitgebreidere briefing met wat je juist kan verwachten .

Voorwaarden 

Je engageert je om bij deelname:  

  • Te werken binnen een team van minimaal 3 en maximaal 6 personen. Het team wordt na selectie gevormd door imec en stad Antwerpen op basis van gelijkaardige uitdagingen en ideeën. 
    • Deelnemers die in groep inschrijven (max. 3 personen) worden bij selectie automatisch in hetzelfde team geplaatst. 
  • Het volledige proces te doorlopen, en deel te nemen aan alle workshops.  
  • Actief bij te dragen aan het maken van het prototype en het uitvoeren van de test.  
  • Je oplossing en de data die daar eventueel uit voortvloeien open te stellen voor je medeburgers, onderzoekers en de stad. 

Wat staat je te wachten?

Gedurende het onderzoeksproject word je ondersteund door een innovatiemanager van imec en een maker van Makerspace Antwerpen. Bovendien kan je steunen op het advies van experts van stad Antwerpen, imec en eventuele derde partijen.   

De workshops vinden telkens plaats op een donderdagavond na de werkuren (met uitzondering van de testingdag), en dit op volgende data: 

  1. Ideation – probleemstelling & afbakening idee: 07/10/2021 
  2. Get out of the Building – Omgevingsscan & expertadvies: 21/10/2021 
  3. Sketch & map: 09/11/2021 
  4. Prototyping: 18/11/2021 
  5. Testing: 25/11/2021 
  6. Jury & pitch – winnaarselectie: 09/12/2021 

Timing

  • Inschrijving tot en met  27/09/2021 
  • Project loopt tot en met  december 2021

Contact

Voor meer info of vragen over HACKTOPIA kan je terecht bij hacktopia@antwerpen.be   

Benieuwd naar meer?

  • Lees meer over Klankentappers, dit citizen-scienceproject wil wetenschappelijk onderbouwde geluidsmetingen betaalbaar en toegankelijk maken voor burgers.
     
  • Ontdek onze andere blogposts en projecten.   
https://www.imeccityofthings.be/nl/blog/hacktopia-open-call-2021
Posted on 2 Comments

Decrypted: Caution in the Age of the Quantified Self

Tracking your health and fitness with the help of smartphone apps and wearables is fun and motivating; auto insurers are now allowing drivers tracking options to prove their safety and save money.

Quantified-Self

Editor’s Note: For most of us, the wide world of technology is a wormhole of dubious trends with a side of jargon soup. If it’s not a bombardment of startups and tech trends (minimum viable product, Big Data, billion dollar IPO!) then it’s unrelenting feature mongering (Smart Everything! Siri!). What’s a level-headed guy with a few bucks in his pocket supposed to do? We’ve got an answer, and it’s not a ⌘+Option+Esc. Welcome to Decrypted, a new weekly commentary about tech’s place in the real world. We’ll spend some weeks demystifying and others criticizing, but it’ll all be in plain english. So take off your headphones, settle in for something longer than 140 characters and prepare to wise up.

Last month New York Times writer Ron Lieber wrote on his experience allowing State Farm to track his driving as part of their usage-based insurance policy. These types of systems are in their infancy, but they allow drivers to lower their insurance premiums based on safe driving, as determined by data points like acceleration, velocity and g-forces during turns. “For me, it turned driving into a game that could yield real money through safer behavior,” wrote Lieber.

Driving data is one part of the new, so-called “quantified self”, in which car sensors, home thermostats and omnipresent on-person devices gather objective information to create a viewable, digital portrait of someone’s life. Data collection is quickly becoming popular due to the effectiveness and objectivity of using data to adjust premiums, target advertisements and generally operate a consumer-facing business better. The immediate incentives for early stage adopters like Lieber of any tracking device are clear: understanding and motivation. In the case of auto insurance, this digital portrait has so far led “participants in the program [to] get an average of 10 to 15 percent off their premium”. But for consumers, there are also troubling implications looming concerning how a person’s digital portrait can be used and the security of important data.

The worries aren’t exactly new. At the advent of popular location services such as FourSquare, the excitement users felt seeing where they’d been and their ability to keep tabs on their friends was a draw soon tinged by the risks of oversharing (which can be quickly summed up by the aptly named Please Rob Me, a site that serves to show people how information they post online can be used against them). Currently, in an exact parallel, fitness trackers are gaining popularity because of their ability to help users visualize and track their fitness and compare themselves to their friends, not to mention the motivation inherent in having every one of their steps counted (doubters need to look no further than David Sedaris’s experiences). While the danger in the first instance of being “located” appeals readily to a person’s hard-wired sense of caution, the potential dangers inherent in the recent rise of tracking health data using wearable devices and smartphone apps is more real, and much more insidious.

The potential dangers inherent in the recent rise of tracking health data using wearable devices and smartphone apps is real, and insidious.

To see these dangers one can look again to the car insurance example. Currently, according to Lieber, there’s no penalty for dangerous driving for those who opt into the program, only discounts for safe driving. But as more drivers agree to share their data, there will be a built-in relative cost for “private” driving, as rates will remain constant for holdouts. There’s also the potential that premiums for holdouts will rise if these drivers share similar characteristics (age, race, income level, location) with other drivers who have installed sensors into their cars and proven themselves risky drivers.

This same logic could ostensibly be carried over into other, more personal areas. Wearable companies like Fitbit and Jawbone have been an increasingly popular choice in capturing data for large shares of health-conscious consumers. But what they do with that data is up to them. In a series on privacy concerns held last spring, the FTC found that the “12 [health] apps tested transmitted information to 76 different third-parties”, including consumer health metrics along with identifying characteristics. These third-parties include data brokers, who keep tabs on millions of Americans.

While scrutiny has caused existing companies to change their privacy policies, including Fitbit, and companies new to the segment to stress privacy conscious policy — Apple dedicated a new section of their site to privacy considerations after they announced their HealthKit app — there exists no stringent set of laws dictating how these companies can use the data they collect. HIPAA and the Health Insurance Portability and Accountability Act do not extend beyond medical records to cover seemingly innocuous health data on your smartphone, and while these apps receive some FDA regulation, the agency is mostly policing safety, not privacy.

“Health data stored by patients in apps is typically not protected by federal health privacy laws, although some apps may be covered by state privacy laws, so historically consumers using these apps were protected to the extent the app vendors abided by any promises made in their licensing agreements or privacy policies”, Deven McGraw, a health care attorney for Manatt, Phelps & Phillips, recently told Politico.

To users, the future consequences of data tracking are far off and unknown, while the current benefits make data tracking actually a very appealing prospect.

And companies have huge incentives to gain, and keep open, access to these data. For insurance companies, the data allows them to more accurately adjust premiums and mitigate financial risks; in the case of advertisers, any available data helps to target adverts and sell products more effectively. In an interview in Forbes, Kelly Barnes, who tracks healthcare for PricewaterhouseCoopers, said she’s “very confident we’re all going to be on insurance marketplaces in the not-too-distant future”, via our digital selves.

Amplifying the danger is the present landscape. To users, the future consequences of data tracking are far off and unknown, while the current benefits make data tracking actually a very appealing prospect. In the coming years, those who allow access to health data for their insurance company and can prove high levels of fitness — and, although it’s still on the horizon, good eating habits via soon-to-be-developed glucose monitoring devices — will see their premiums shrink. Even if you don’t opt to give information to insurance companies, you might soon be convinced otherwise by your employer. Companies seeing the health benefits of “recommended” but not mandatory use of wristbands has led health tracking companies to target employers, pitching them on their ability to monitor their employees and motivate them to be healthier, or at the very least, take the stairs occasionally. Healthier employees are cheaper for insurance reasons, work harder and don’t take off as much. Insurance companies and employers will now be able to accurately assess risk and better motivate the health of their employees and customers. In short, everyone will be able to do their jobs better — which sounds great, unless you fall on the left side of the health bell-curve.

Doubtless, the future will hold online privacy legislation, like the kind President Obama urged in 2012. But the incentives to leave the door open to selling and using this data by Big Business are extraordinary, as indicated by businesses with an interest in data exerting their vast lobbying power in order to obstruct legislation in Washington. Stymied legislation has led states to take privacy law into their own hands, to limited effect.

Currently, available tracking technology is mostly harmless, and usually beneficial and fun. But the trend of big data is only going to expand. The future could see the rise of much more intimate and revealing data, such as genome mapping (some companies already offer genome sequencing services) or wearables that extend beyond obvious biometric data for more revealing, and therefore valuable, body chemistry. In these latter cases, data could reveal information and punish users based on the likelihood they’ll develop future conditions (the motivating reason behind the passage of the Genetic Information Nondiscrimination Act in 2008), in addition to addressing their day-to-day habits. But those worries are far off, and for now users who want to continue wearing a Fitbit should do so. They just need to keep in mind that they don’t have to be high profile for their data to be valuable.

BY J. TRAVIS SMITH | SEP 19, 2014 | GEAR PATROL

Posted on 3 Comments

Whoop’s New Wearable Can Go on Your Wrist—or in Your Clothes

Your workout apparel just got a lot smarter.

fitness tracker
Slide Whoop’s new 4.0 fitness tracker into your shorts, leggings, shirt, or sports bra.PHOTOGRAPH: WHOOP

ASK PEOPLE IF they’ve heard of the Whoop activity-tracking wearable and they’ll either look at you blankly or say they couldn’t work out, sleep, or live without it. It’s a wrist wearable aimed at fitness fanatics—pro and college athletes, CrossFitters and weekend warriors—and it stands out for a couple of reasons. For one, the only way to get a Whoop wearable is to pay a monthly or annual subscription fee. And two, one of its marquee features is that it tells wearers how much physical strain they can handle on any given day.

You might not think that business model would be worth $3.6 billion. But some investors—and an undisclosed number of subscribers—seem to think Whoop is a big whoop. Now, the Boston company is expanding its product line and getting into “smart” clothing: The Whoop module that’s normally worn on the wrist has been redesigned so that it can also be attached to Whoop-branded athletic apparel. The new Whoop, which the company has dubbed Whoop 4.0, is also the first consumer product on the market to ship with a new kind of super-charged silicon lithium battery.

“Smart clothes” have struggled to gain traction before, and when it comes to wearables specific to the wrist, Apple dominates that market. But Whoop thinks its combination of continuous health monitoring and new “Any-Wear” technology, which is supposed to determine where on the body you’re wearing your Whoop and adjust your data-tracking accordingly, will set it apart in a sea of tracking tech.

“We’ve long felt that wearable technology should be cool or invisible. Those are the only two paradigms we want to develop on,” says Will Ahmed, Whoop’s cofounder and chief executive. “In terms of ‘cool,’ it’s an area we’ve focused on a lot historically, making it something that you can dress up or dress down. But ‘invisible’ is, ‘How do we make it disappear?’”

Buyers might also notice their dollars disappearing when they factor in a $24 per month subscription to Whoop’s fitness-tracking software platform—the hardware is included in that—and the cost of Whoop’s new apparel, which includes $69 boxers, a $79 sports bra, and $109 leggings. But serious exercisers who are used to paying top price for fitness apparel might not bat an eye at those costs. (And if they did bat an eye, Whoop would certainly track it.)Track Star

person inserting WHOOP into sock
The new Whoop fitness tracker can be worn in a band on your wrist like before, or it can slide into one of the company’s new workout apparel pieces, like these leggings.  PHOTOGRAPH: WHOOP

Whoop tracks heart rate variability, resting heart rate, respiratory rate, and sleep. The new Whoop 4.0 sensor module still tracks all of the above, but it’s 33 percent smaller than the third-generation Whoop, says Ahmed. This is partly what makes the Whoop clothing line possible: The device had to be small enough to fit comfortably in apparel pockets. It also has to sit snug to the skin, so that there’s a “good agreement between the sensor and your skin” and accurate data can be captured, says John Capodilupo, another cofounder and the company’s chief technology officer.

Because Whoop thinks that customers will attach the Whoop module to different parts of their body on any given day—which is one way to convince the Apple Watch-wearing crowd that they could also buy into Whoop—it developed an algorithm that automatically detects where the Whoop is being placed and processes biometric data accordingly. The software was developed based on more than 20,000 data sets gathered from thousands of beta testers wearing both Whoop tech and standard heart-rate-monitoring chest straps, Capodilupo says. The company has not published its methodology or the full results of this research.

The Whoop 4.0, which goes on sale this week and ships later in September, has some more new features. It vibrates during sleep cycles to wake up wearers. It has a built-in pulse oximeter as well as a skin temperature sensor. Those are not uncommon in activity-tracking wearables, though.

woman working out
Still works on the wrist if that’s where you like it. PHOTOGRAPH: WHOOP

What’s especially interesting about the new Whoop is its lithium-ion battery technology. It’s the first consumer product to ship with battery tech developed by Sila Nanotechnologies, a buzzy Alameda, California, company that uses microscopic silicon particles to “supercharge lithium-ion cells when they’re used as the battery’s negative electrode,” as WIRED reported last year.

Sila Nano doesn’t actually make the batteries. It provides its proprietary silicon nanoparticles and recipes to battery makers. The company’s founder, Gene Berdichevsky, thinks this battery tech will eventually make its way into electric vehicles. (Berdichevsky was also an early employee at Tesla.) But he says it’s challenging to scale the manufacturing equipment for Sila Nano’s materials to the size and volume needed for electric vehicles, so it’s starting out with small electronics.

What this means for Whoop wearers is that version 4.0 has the same expected battery life as previous Whoop bands—around five days of continuous tracking per charge—but the physical battery is smaller. And as with any battery technology that pushes the limits of chemistry and physics, years of research and development were required before the tech could be considered commercially viable; silicon has a tendency to swell, which stresses batteries. But Berdichevsky has said in the past he believes Sila Nano has solved this “expansion” problem with its nanoparticles.Wear It Out

woman in sports bra
Whoop sells a 4.0-compatible sports bra as well. PHOTOGRAPH: WHOOP

It remains to be seen whether people want to wear “smart clothes,” or if wrist wearables are providing enough value for wearers for now. Over the past decade, tech behemoths like Intel, as well as lesser-known upstarts like Athos, OmSignal, and Sensoria, have dabbled in sensor-filled clothing, the idea being that it provides a more passive tracking experience while the wearer is being active. The results have been mixed.Most Popular

Stefan Olander, a former Nike executive who launched the FuelBand wrist wearable for Nike back in 2012, said in an email that connected apparel involves “much more friction than wrist-worn devices. Anything that requires batteries, charging, pairing, is harder to wash, or anything else that requires a change in behavior, is going to have a hard time becoming a truly scalable consumer proposition.” (Olander, who has been working on another not-yet-released connected fitness product, was not briefed specifically on Whoop’s new product, and was speaking broadly about the product category.)

“True scale comes from simple solutions that enhance people’s lives, with as little unnecessary change as possible,” Olander says.

Whoop, of course, thinks it is that simple solution, with its screenless, customizable bands, wear-it-and-forget-about-it battery life, and now, its ability to slip right into your workout clothes. It just also happens to target a very specific demographic that will pay to subscribe to a workout wearable—and now, will also pay top dollar for its apparel.

FROM WIRED