web site – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Mon, 10 Jun 2019 08:51:56 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg web site – Privacy Design® / 32 32 CNIL fines SERGIC 400,000 EUR (web site vulnerability) /2019/06/10/cnil-fines-sergic-400000-eur-web-site-vulnerability/ Mon, 10 Jun 2019 08:51:17 +0000 /?p=854 Continue reading "CNIL fines SERGIC 400,000 EUR (web site vulnerability)"

]]> Very interesting case, that needs some closer analysis.

The fine is about 0.9% of SERGIC’s annual turnover in 2017.

During the on-line audit of September 7, 2018, CNIL agents retrieved files accessible from URLs composed as follows:
https: //www.crm.sergic .com / documents / upload / eresa / X.pdf
– where by changing X you could access another persons’s file.

SERGIC tries to argue that they shouldn’t have done that, etc.. – to no avail. CNIL observes that exploiting vulnerability does not require any particular technical expertise in computer science. CNIL also consider that the use of a script does not require any advanced skills to exploit this vulnerability.

(Should be good week-end reading.)

https://www.legifrance.gouv.fr/affichCnil.do?id=CNILTEXT000038552658

]]> Dutch DPA opinion on Cookie Walls /2019/05/26/dutch-dpa-opinion-on-cookie-walls/ Sun, 26 May 2019 19:36:25 +0000 /?p=712 https://datamatters.sidley.com/dutch-supervisory-authority-opines-on-use-of-cookie-walls/ ]]> Bavaria DPA Dashboard on inspections (planned, ongoing, completed) /2018/11/07/bavaria-dpa-dashboard-on-inspections-planned-ongoing-completed/ Wed, 07 Nov 2018 21:10:02 +0000 /?p=647 incl. completed online inspection of 172 wordpress web sites planned, e.g. inspections around data deletion in SAP, questionnaires, detailed expectations on controls, ..

https://www.lda.bayern.de/de/kontrollen

]]> Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use /2018/02/21/germany-bavaria-dpa-scanning-for-web-sites-for-privacy-compliant-google-analytics-use/ Wed, 21 Feb 2018 16:46:14 +0000 /?p=246 Continue reading "Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use"

]]> In 2012, the Bavarian DPA scanned German web sites for the privacy compliant use of Google Analytics.

The DPA checked

  • if a written processing agreement had been put in place with Google,
  • if the privacy notice on the web site was transparent on the use of Google Analytics and the users’ option to avoid being tracked
  • if the Google Analytics’ “anonymization feature” was enabled in the web site’s source code

13.404 Webseiten had been tested 2.371 companies were contacted for shortcomings.

More information (in German) on  https://www.lda.bayern.de/de/google_analytics.html

]]>