UK Google users could lose EU GDPR data protections

[5punk3monk3y]

I shall watch this tonight when I get a moment. Looks interesting.

It's nothing we don't already know, the BBC I assumed tried to shock viewers with "Amazon knows what you click so Taylor adds and predict what you like" oh and they also know what OS your using, location and time you clicked it nothing new there pop all that in to an algorithm and can then deduce if your on holiday, sick or can't sleep.

What they didn't explain very well was how Alexa mines information. It was said that Amazon records your conversations and que some expert stating that he turns his off due to it listening giving the impression that everything in listening distance is recorded and used.
Now the way I understand it is that Alexa listens for the word Alexa to be spoken then records the question which Amazon then harvest so no surprise there. Am I missing something?

I'm pretty sure that the recording of the question asked of Alexa is in the t&c's that you have to agree too before you can use Alexa.

My boss told me about it so I watched it, he was quite concerned about it and had no idea about sites cross linking or tracking. Or that smart speakers recorded what he thinks is everything.

To be honest it irritated me due to the above and I turned it off before the end.

 

[Deleted member 77746]

Wasn’t that good thought it was going to be more juicy. Nothing new that I already knew.

 

[Jokester]

Isn't GDPR enacted via the Data Protection Act 2018? So it is implemented in English Law?

Yes.

 

[Kronos]

I am sure I read somewhere over on the BBC News that currently only 11%of websites currently adhere to the GPDR rules anyway.

 

[tamzzy]

Now the way I understand it is that Alexa listens for the word Alexa to be spoken then records the question which Amazon then harvest so no surprise there. Am I missing something?

You're being listened to 100% of the time
https://www.google.com/amp/s/www.fo...-to-alexa-conversations-heres-what-to-do/amp/

 

[jpaul]

It's nothing we don't already know,

the usa ring neighborhood watch, with inhabitants giving law services access to their camera footage.
... the average anarchist probably knows where the off switch on alexa is.

 

[RDM]

No, the DPA is separate. It deals with some similar points, but sits in addition to the GDPR rather than enacting it.

And Yes, I am a lawyer

My mistake then. I had thought that the updated DPA had incorporated GDPR.

 

[Jokester]

My mistake then. I had thought that the updated DPA had incorporated GDPR.

It definitely does, there’s been several prosecutions in the UK for GDPR failings already after it came in in early 2018.

There’s issues around what they call data adequacy once we totally leave to address whether personal data can flow between the EU and the UK, but there shouldn’t be much issues because of DPA already being law and it will just need updated to address the additional requirements for cross border data flow once we’re non-EU.

For reference, the EU views the USA as meeting data adequacy requirements for GDPR (one of maybe a dozen non-EU countries).

 

[Uther]

If you're online you've given everything away already.

 

[Terminal_Boy]

All your data are belong to google.

And the data they don’t own belongs to Apple. Been that way for years.

 

[Sudden]

It definitely does, there’s been several prosecutions in the UK for GDPR failings already after it came in in early 2018.

Yes it incorporates parts of the GDPR (for example - the DPA appoints the ICO to be the regulator for the GDPR), but it is NOT a legislation that enacts the GDPR in English law (and neither is this necessary). From the ICO's own website as well:

The DPA 2018 sets out the data protection framework in the UK, alongside the GDPR. It contains four separate data protection regimes:

• Part 2 Chapter 2 (GDPR): supplements and tailors the GDPR;
• Part 2 Chapter 3 (applied GDPR): extends a modified GDPR to some other (rare) cases;
• Part 3: sets out a separate regime for law enforcement authorities; and
• Part 4: sets out a separate regime for the three intelligence services.
  
  

To be clear - the GDPR applies in the UK (now, and going forward until the transitional provisions end), but that's because an EU regulation is directly applicable in all member states without needing an English law enacting it. An EU Directive (e.g. - E-Commerce Directive), is not directly applicable so needs an English law to bring it into force. Therefore once the transitional period expires, the GDPR will no longer apply. However the ICO has already said that the government intends to pass a law which will make the GDPR applicable. See my previous post for source and exact language from the ICO's site.

 

[5punk3monk3y]

You're being listened to 100% of the time
https://www.google.com/amp/s/www.fo...-to-alexa-conversations-heres-what-to-do/amp/

That article contradicts itself the first couple of paragraphs state that Amazon can record anything and have listeners

So how are they listening to this private and sometimes shocking information? For a start, the reviewers are required to record the data whether the device has been activated on purpose or not. Meanwhile, if the reviewers hear any private details such as people’s names or bank details, they are told to simply mark it as “critical data” and move on to the next audio file.

the second part states that it's only after the key word is spoken.

Each of Amazon’s Echo devices uses on-device keyword spotting to detect the “wake” word (for example “hey Alexa”). Amazon says that no audio is stored or sent to the cloud unless the device detects this wake word. You can tell it has been detected when the light ring at the top of the Echo turns blue, indicating the device is streaming your voice request to the cloud.

So which is it?

That article is like a text version of the episode of Panorama the other night.

 

[5punk3monk3y]

the usa ring neighborhood watch, with inhabitants giving law services access to their camera footage.
... the average anarchist probably knows where the off switch on alexa is.

Apologies, I assumed most new of this as I had seen high profile articles about it previously.

 

[jpaul]

yes, should be more, high profile than huawei manufacture of the chinese surveillance systems .... amazon the silent assassin


strawmen ?

The switch back is likely to avoid having a third country’s law apply to U.K. data, said Mike Chapple, a professor of information technology at the University of Notre Dame.

If it left U.K. customers to Ireland, Google could risk “double-jeopardy for fines and other sanctions” in the case of any breach because it would be subject to both U.K. and EU laws, said Michael Veale, a lecturer at University College London.

 

[Jokester]

Yes it incorporates parts of the GDPR (for example - the DPA appoints the ICO to be the regulator for the GDPR), but it is NOT a legislation that enacts the GDPR in English law (and neither is this necessary). From the ICO's own website as well:

The DPA 2018 sets out the data protection framework in the UK, alongside the GDPR. It contains four separate data protection regimes:

• Part 2 Chapter 2 (GDPR): supplements and tailors the GDPR;
• Part 2 Chapter 3 (applied GDPR): extends a modified GDPR to some other (rare) cases;
• Part 3: sets out a separate regime for law enforcement authorities; and
• Part 4: sets out a separate regime for the three intelligence services.
  

To be clear - the GDPR applies in the UK (now, and going forward until the transitional provisions end), but that's because an EU regulation is directly applicable in all member states without needing an English law enacting it. An EU Directive (e.g. - E-Commerce Directive), is not directly applicable so needs an English law to bring it into force. Therefore once the transitional period expires, the GDPR will no longer apply. However the ICO has already said that the government intends to pass a law which will make the GDPR applicable. See my previous post for source and exact language from the ICO's site.

Sorry, didn't realise the EU could directly pass laws on the nation states like that.

 

[gronf]

Aren't GDPR the people who are making Cyberpunk 3077? So you're telling me that Brexit is going to **** up my cloud save data?!

 

[NickK]

Yes it incorporates parts of the GDPR (for example - the DPA appoints the ICO to be the regulator for the GDPR), but it is NOT a legislation that enacts the GDPR in English law (and neither is this necessary). From the ICO's own website as well:

The DPA 2018 sets out the data protection framework in the UK, alongside the GDPR. It contains four separate data protection regimes:

• Part 2 Chapter 2 (GDPR): supplements and tailors the GDPR;
• Part 2 Chapter 3 (applied GDPR): extends a modified GDPR to some other (rare) cases;
• Part 3: sets out a separate regime for law enforcement authorities; and
• Part 4: sets out a separate regime for the three intelligence services.

To be clear - the GDPR applies in the UK (now, and going forward until the transitional provisions end), but that's because an EU regulation is directly applicable in all member states without needing an English law enacting it. An EU Directive (e.g. - E-Commerce Directive), is not directly applicable so needs an English law to bring it into force. Therefore once the transitional period expires, the GDPR will no longer apply. However the ICO has already said that the government intends to pass a law which will make the GDPR applicable. See my previous post for source and exact language from the ICO's site.

Any service company providing services into the EU with personal information is going to find they will still have to comply as they do now.

The closer the U.K. and EU are in the legal aspects the easier it will be to work in a digital age. Same for any country and ensuring compliance to their regulatory requirements for their citizen’s data.

The concept also means if we’re not careful then we will have operational staff or partners from cheap locations handling U.K. personal information without cover. Currently this should be declared and managed in accordance to the regulations. So it’s in the UK’s interest to maintain the safeguard people’s data at a level of GDPR or exceeding it.

My experience on this is I owned, designed and delivered PI carrying systems on a global basis for HSBC

 

[Tute]

Regardless of the UK's relationship with EU laws and regulations, people should stop using Google services and products. It sends a far stronger message than any law or legislation. Don't give them the data and they can't horde it!

 

[b00merang69]

OK, I will jump ship to be with the sheep on Apple.

 

[muon]

So the UK is dropping this part of GDPR?

https://ico.org.uk/for-organisation...tion-regulation-gdpr/international-transfers/

Effectively the problem is once the data is outside of the EEA, there is no guarantee a company cannot be forced by that foreign government to break GDPR protections. Most companies instead of jumping through loads of hoops have just kept the data in the EEA.

Regardless of the UK's relationship with EU laws and regulations, people should stop using Google services and products. It sends a far stronger message than any law or legislation. Don't give them the data and they can't horde it!

You can delete all your data if you want. Even set how far back any data should be held. 3 months is the shortest period you can set. Mine is set at 2 years.