This caught the eye.
De Autoriteit Persoonsgegevens (AP) heeft een last onder dwangsom opgelegd aan Bluetrace. Dit bedrijf levert technologie waarmee in en rondom winkels de wifisignalen van mobiele apparaten worden opgevangen
The Dutch Data Protection Authority (AP) has imposed a cease and desist order on Bluetrace. This company supplies technology that collects Wi-Fi signals from mobile devices in and around stores.
Potentially, that is the EU out . . .
@uberseehandel
As you say, pretty major.
Much to my surprise, the Google translate does a decent job with the Dutch original these days, so worth translating the article reference in my original post. (Or finding a cow-cockie in the Waikato)
@uberseehandel
Guys
I have just received this email from The Cisco Meraki Team -
@The Cisco Meraki Team wrote:Dear Meraki Administrator,
At Cisco Meraki we have always been committed to protecting the data our customers entrust to our cloud-hosted service. Privacy goes to the heart of everything we do as a business. The General Data Protection Regulation (GDPR) is therefore a welcome opportunity to further refine our approach and ensure our customers can have complete confidence that they remain in ultimate control when they select a Cisco Meraki product or solution to simplify their IT.
With May 25th fast approaching, we’re reaching out to communicate our plans for helping our customers navigate the GDPR, and to share our continued commitment to protecting and respecting personal data, no matter where it is collected or processed. Our engineers have been hard at work preparing new features for the Meraki dashboard that will help enable our customers to meet their obligations under the GDPR. These new dashboard features will be fully rolled-out in the EU before May 25th.
We’ve covered the GDPR basics and some of the changes we’re planning on our website. These changes include steps we’re taking to address obligations of both the data “Processor” (that’s us at Meraki) and the data “Controller” (that’s our customers) under the GDPR. In brief, some of the enhancements we’re making include:
- The 'right to be forgotten'
• New dashboard APIs will allow Meraki customers to delete dashboard data, either for themselves, or in response to requests from users of their networks- Data access and portability
• New dashboard APIs will allow Meraki customers to access and export dashboard data, either for themselves, or in response to requests from users of their networks.- Restriction of processing
• New dashboard APIs will allow Meraki customers to request restriction of processing for dashboard data in response to requests from users of their networks.- Tracking GDPR-related requests
• The dashboard event log will include new functionality for tracking GDPR-related requests, like the actions described above.
- Consent tools
• Enhanced splash page functionality will allow Meraki customers to provide notice to, and obtain any necessary consents from, users of their networks for the collection, processing, and storage of network user data.
As these features are finalized we will be rolling out a dedicated webpage setting out additional details and a further email communication to ensure we reach everyone affected.
Thank you for being a valued Cisco Meraki customer.
This is more than "cutting it a bit close".
According to Meraki the features are not yet finalised, and a dedicated web page along with an email are what we can expect at some unspecified point in the future, by way of support. We have 29 days to implement our GDPR response, and we still don't know what to do.
It is well past time that Meraki took a more Global view of the world. I wonder how many Meraki folk know that the EU is a larger economic group than the US? Most of my European colleagues have been actively working on this for months, we have courts making decisions on what is and what isn't personal information. And for the benefit of whoever it was who understimated the importance GDPR, the courts will construe personal information very widely, including the situation whereby meta data would have to shared between legally separate organisations in order to match, say, dynamic IP addresses to individuals.
@uberseehandel
For the sake of completeness, and clarity I would point out -
GDPR is not just about binning data. It is also about keeping data that needs to be kept, for however many years is required.
The British government has just managed a horrendous fail 🔥, by destroying the disembarkation records of those Caribbean citizens who came over with their children after the war to help with rebuilding the damaged cities and facilities. This was 60 and 70 years ago. These records are the proof that those children are legal British residents.
The Home Secretary in 2010 authorised the destruction of those records. That hapless Home Secretary is now an even more hapless Prime Minister. This may be all it takes for May to be pushed out of office, and one of her putative successors, Amber Rudd, the present Home Secretary along with her, for trying to deport legal citizens, who no longer had access to the data required to prove their legality, because Mrs May had destroyed them, and the present Home Secretary didn't care.
The consequences of this go far beyond the appalling injustice done to the "Windrush generation", they could cause cause control of the British government to fall into the hands of the loony extremists shouting for Britain to leave the European Union. Most of this lot are venial liars, and that is the good thing about them. . . .
When something as dry as GDPR becomes front page news and the first item on the TV news bulletins, life has gone very badly wrong.
Lest anybody is tempted to feel smug about this, the US still keeps my withdrawn residency application from 1969 on record, and pulls me out of line and bullies me about it, which usually adds an hour to to the time it takes to transit immigration. Personally, I feel that is abusive record keeping.
@uberseehandel
