India mulls ban on probes into anonymized data use – with GDPR-style privacy laws India is following Europe down the data protection path, with draft legislation criticized as a mixed bag of good and bad laws being proposed on Friday. Under the proposals, there will be a data protection authority with the ability to impose fines; individuals get some new rights over how their data is handled, but not as …
IIRC, India (and Singapore, and few others) is one of the countries that the EU considers to *not* have adequate data safeguards in place for any company subject to GDPR to use as a data processor. You can imagine, that this puts a dampener on all that yummy outsourcing.
See: https://www.pwc.in/consulting/cyber-security/blogs/how-can-indian-organisations-prepare-for-the-gdpr-regime.html for a brief explanation.
El Reg readers should be aware that if they are working for an EU company (data controller) that uses an external data processor (such as an Indian outsourcer), they need to tread extremely carefully. The GDPR has real teeth. You do not want to mess it up.
An AC asked for a source on Singapore. I use that as one example. The key tenet is that the EU needs to have made an "adequacy decision" for a country, and Singapore isn't on that list, ergo, is not considered adequate by the EU.
Here's the official word from the EU: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
And here's a link from a local Singapore law site: https://lawgazette.com.sg/feature/the-new-european-general-data-protection-regulation/
hth!
The world has moved on, these days it's "BT" calling you to say there's "a problem with your router".
I haven't hung on the line long enough to find out what form a miscreancy they are up to. But I'll hazard a guess it's going to be some form of remote viewer and then mucking up your system. Perhaps someone can enlighten us.
The callers may be from India but I think a lot of the organisers are in the West.
They are obviously extremely well informed too, since after I led one up the garden path recently he began to tell me things about my mother of which I had no idea. BT take action against them? Oh come now. You can't expect a telecoms provider to do anything about abusive phone calls.
But those are the Fake News of BT! This is unacceptable! BT must be forced by law to hire thousands of prank call moderators who should weed those out in real time, as they happen! How long can we allow BT to get away claiming no responsibility like this?!? Think of the children!
If it can be re-identified, then it hasn't been properly anonymized in the first place.
That is not necessarily the case. Let's say that company A provide anonymized purchase data to a company Z who carry out data analysis.
And then company B provide anonymized health data to company Z,
And then company C provide anonymized travel data to company Z.
Company Z may, through intersections between data from A B and C, be able to identify individuals, where that would be impossible from any single one of the data sets.
That doesn't mean that the individual data sets are not sufficiently anonymized, just that accumulation of many data points from different sources can allow correlations which lead to the identity of the subject.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
