"Claudette meets GDPR" ECCG Meeting Brussels 23 – 24 October 2018.

Slides:

Advertisements

Similar presentations

Parma, 21st November 2003Minerva European Conference : Quality for cultural Web sites Quality Framework and Guidelines for Cultural Web Sites Isabelle.

Advertisements

IPeuropAware Philippe Cadre, French Patent and Registration Institute (INPI) WP leader for national patent and trademark offices Global Symposium of IP.

Child-friendly Terms of Use: Empowering children through social media Veronica Donoso 2 December, ICT coalition forum, Brussels.

Jose Braz, ERGEG Conference on Implementing the 3rd Package 11th December 2008 The Agency for the Cooperation of European Energy Regulators.

RFID The consumers’ scenarios Emilie Barrau ANEC General Assembly Brussels 1 June 2007.

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

Supplier Ethics: Program Checklist

European Accessibility Observatory State of the Art 6 th November 2009 Roberto Torena Cristóbal Manager of the Brussels Office.

Food control performance metrics Evidencing the effectiveness of enforcement activities Eoghan Daly, UK Policy and technical advisor (food)

Enforcement in the field of data protection

ICTS and VIOLENCE AGAINST CHILDREN: MINIMISING RISKS AND RELEASING POTENTIAL EXPERT CONSULTATION Costa Rica, 9-10 June 2014 Renato Leite Monteiro Council.

LOGO Kazakh Ablai khan University of International Relations and World Languages Tempus Project TEMPUS IT-SMGR - DOQUP Documentation for.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Enforcement reality - experience of consumer associations Finn Lützow-Holm Myrstad Head of Section, Digital Policy Twitter: finnmyrstad

Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.

Possible elements of the technical standards Pre-sessional consultations on registries Bonn, 2-3 June 2002 Andrew Howard UNFCCC secretariat

EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.

8. Annual WIPO Forum on Intellectual Property and SMEs for Intellectual Property Offices and Other Relevant Institutions in the OECD Countries 04-05/10/2010,

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

LOGO Kazakh Ablai khan University of International Relations and World Languages Tempus Project TEMPUS IT-SMGR - DOQUP Documentation for.

Achieving accessibility in tertiary education websites: The case study of the ASEAN University Network (AUN) Rattanavalee Maisak DIVISION OF INFORMATION.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

1 Analysis of Consumer Issues and Paths for Concrete Approaches Dr. Carsten Orwat Forschungszentrum Karlsruhe in the Helmholtz Association, Institute for.

© Services GmbH Multichannel Learning System: Research Protocol Strategy London, November 14, 2013 Dr. Andrea Lösch.

Osborneclarke.de OBA Breakfast Seminar 22 January 2013 Stephen Groom OC London Action points for UK advertisers.

Web and meeting at unimc Norms in web context for PA Applications of the norms in our websites

Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.

Expert Workshop Environmental Monitoring and Reporting Brussels November 2015.

Florence Forum, November 2008 Regulation (EC) 1228/ ERGEG Compliance Monitoring.

Web Sites Accessibility Evaluation Methodologies Neeta Verma Head, Data Centre Web Services Division National Informatics Centre, Department of IT, Government.

Ellinogermaniki Agogi Research and Development Department DigiSkills Network DigiSkills: Network for the enhancement of Digital competence skills.

Data Protection and Enabling Psi Re-use EVPSI & LAPSI Final Meeting

WP4 Models and Contents Quality Assessment

POST APPROVAL CHANGE MANAGEMENT PROTOCOLS IN THE EUROPEAN UNION

GLOBALG.A.P. Risk Assessment On Social Practice – GRASP

Apple Privacy Policy As of: 12 September 2016

Ian De Freitas, Partner, Farrer & Co 6 September 2017

European app matters Charles Lowe

▸ Agustín Reyna Conference dedicated to European Consumer Day Vilnius

Ireland’s transition towards the GDPR

General Data Protection Regulations and the IoT

6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.

Microsoft 365 Get help with regulatory compliance

EU policy on combating hate speech online

Multichannel Learning System: Research Protocol Strategy

IP Awareness and Enforcement: Modular Based Actions for SMEs

Closing Remarks and Next Steps

First Partners’ Meeting

Confidentiality October 14, 2005.

Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.

PEER Regulatory Round Table on Bundled Products 2nd October 2017 Insights from the PEER event, Cases & Next Steps.

Safeguarding Consumers in the Digital World

Nettest An implementation of BEREC’s recommendations

Ethical questions on the use of big data in official statistics

The USE of country systems = capacity and accountability

Information technologies/NBIC and Big data

Best Home Automation Company

Reducing Service Debt via Accessible Procurement

Big Data ESSNet WP 1: Web scraping / Job Vacancies Pilot

PRESENTATION OF MONTENEGRO

Strengthening the Role of EQAVET National Reference Points

European Ethical Charter on the use of artificial intelligence in judicial systems and their environment.

Data Privacy by Design Expanding Security for bepress Users

SMEDATA Ensuring the Highest Degree of Privacy and Personal Data Protection through Innovative Tools for SMEs and Citizens Brussels, 3 December 2018.

GDPR – One Year On School Business Managers Forum 4 July 2019

Closing event 16th July 2019 Technical Assistance for Establishing the Institutional Framework for the Implementation of AIS/AES Project funded by the.

eHealth/mHealth Gisele Roesems

GDPR is here – are you ready?

Presentation transcript:

"Claudette meets GDPR" ECCG Meeting Brussels 23 – 24 October 2018

“Claudette meets GDPR” Project for “digital enforcement” BEUC in cooperation with the European University Institute, Florence and the University of Bologna. Aim of the project Test the use of Artificial Intelligence for automated scanning and evaluation of privacy policies Scan of privacy policies of 14 companies to assess compliance with GDPR. “Claudette”, was trained to detect clauses that potentially failed to meet GDPR requirements.

“Claudette meets GDPR” Which privacy policies?

“Claudette meets GDPR” Methodology Development of “golden standard” for GDPR-compliant privacy policy using the text of the GDPR and WP29 Guidelines on consent and on transparency Manual tagging of the text of the privacy policies to train “Claudette” Automated analysis of content of privacy policies performed by “Claudette”

“Claudette meets GDPR” Results of the project – Published 5th July Significant need for improvement! None of the analysed privacy policies fully meets the requirements established by the GDPR. 3,659 sentences (80,398 words) scanned in total: 401 sentences (11.0%) marked as containing unclear language. 1,240 (33.9%) contained “potentially problematic” clauses or clauses providing “insufficient” information.

“Claudette meets GDPR” Problems identified: Lack of information. (e.g. no information from companies to users about the third parties with whom they share or get data from.) Processing personal data in non-GDPR compliant manner . (e.g. clause stating that the user agrees to the company’s privacy policy by simply using its website). Vague and unclear language (makes it very hard for consumers to understand the actual content of the policy and how their data is used in practice).

“Claudette meets GDPR” What next? Aim to develop a long-term project to: Ensure a better enforcement of consumers' data protection rights using AI. Develop a tool that can be useful for DPAs, consumer orgs and, ultimately consumers themselves Next steps: Exploring options to continue developing “Claudette”. Using the tool to identify and inform enforcement actions.

“Claudette meets GDPR” More information: https://claudette.eui.eu/ http://www.claudette.eu/gdpr/ https://www.beuc.eu/publications/research-suggests-privacy- policies-leading-online-companies-do-not-fully-respect-gdpr/html https://www.beuc.eu/publications/beuc-x-2018-065_faq_- _artificial_intelligence_meets_gdpr.pdf https://www.beuc.eu/publications/beuc-x-2018- 066_claudette_meets_gdpr_report.pdf

Thank you for your attention www.beuc.eu @beuc