Government intrusion of data privacy continues to be a global issue, as a British court recently ruled that UK security agencies illegally collected citizens’ data for 17 years. Also in recent GRC news: Facebook joins the list of businesses adopting the Privacy Shield framework and more businesses are considering regulatory technology as compliance pressures increase.
Court: Citizens’ personal info illegally obtained by UK security agencies
A British court has ruled that UK citizens had their personal information unlawfully collected by multiple UK security agencies for 17 years. Britain’s investigatory powers tribunal ruled that MI5, MI6 and the Government Communications Headquarters were all implicated in the illegal actions. The agencies “failed to comply with article 8 protecting the right to privacy of the European convention of human rights” between the years 1998 and 2015, The Guardian reported.
Data obtained by the agencies included personal phone and web communications, as well as medical records, tax records, financial data and biographical information.
In 2014, UK security agencies were accused of illegal bulk data collection by groups that included Privacy International and Amnesty International. A New York Times editorial about the accusations noted that the British government neither admitted nor denied the allegations of mass surveillance.
Facebook adopts EU-U.S. Privacy Shield agreement
Facebook has adopted the EU-U.S. Privacy Shield framework, an agreement regulating how U.S. companies transfer EU citizen’s data electronically across international borders, The Telegraph reported. The Privacy Shield compliance requirements will apply to Facebook’s existing targeted advertisements that gather users’ data from other companies, as well as Facebook’s new Workplace application.
The Privacy Shield framework replaced safe harbor after the European Court of Justice overturned the agreement in 2015 due to concerns that it was enabling U.S. surveillance, according to The Telegraph. The court ruled that each country in the European Union should be able to decide how their citizen’s online data can be gathered and utilized.
As compliance pressures mount, businesses turn to regulatory tech
Government spending in the post-financial crisis world helped not only economies grow, but “government contracts, emerging market exposure and third-party agents” have also put pressure on companies’ from a regulatory compliance perspective, TechCrunch reported.
The increase in compliance and regulations has led to the coining of a new industry buzzword: regtech, which, according to TechCrunch, describes technologies dedicated to “creating solutions that ease the burden of compliance.”
One example where regtech can be of regulatory compliance assistance is identity management. “No number of new government committees and task forces will be able to protect businesses and organizations if they don’t know, on the most basic level, with whom they are doing business,” TechCrunch reported.