Suchergebnisse

Collecting information about consumers and businesses from various sources, Credit reference agencies (CRAs) help many organizations such as financial institutions to assess creditworthiness of applicants and customers of their services. CRAs' business model depends on processing a high volume of personal data including highly sensitive ones, which must be processed within the relevant legal frameworks in different countries they operate their business, e.g., the European Union's new GDPR (General Data Protection Regulation). This paper reports a data-driven analysis of CRA- and GDPR-related discussions on Twitter. Our analysis covers the three largest multi-national CRAs: Equifax, Experian and TransUnion and we also looked at the UK's data protection authority, ICO, and two UK-based privacy-advocating NGOs, Privacy International and Open Rights Group (ORG). We have analyzed public tweets of their official Twitter accounts and other public tweets talking about them. Our analysis revealed a very surprising lack of awareness of CRA- and GDPR-related data privacy issues within the general public and an astonishing lack of active communications of CRAs to the general public on relevant GDPR-related privacy issues: out of 39,549 collected tweets we identified only 153 relevant tweets (0.387%). This small number of tweets are dominated by mentions of security issues (.2), especially data breaches affecting CRAs, not data subject rights or privacy issues directly. Other tweets are mainly about complaints regarding inaccurate data in credit files and questions about how to exercise right to rectification, just two of many data subject rights defined in the GDPR.

After the European Union's new General Data Protection Regulation (GDPR) became applicable in May 2018,concerns about the legal compliance of public blockchain systems with rights guaranteed by GDPR have emerged, e.g., on the "right to be forgotten". In order to better understand how the blockchain sector sees the challenges raised by GDPR and how such their communications could influence their users, this paper reports our data-driven analysis of GDPR-related public online communications of blockchain developers and service providers.Our analysis covers 314 public blockchain systems, and two different online communication channels: legal documents including privacy policies, T&C (Terms and Conditions) documents and other similar legal documents published on systems' official websites and public tweets of their official Twitter accounts.Our analysis revealed that only a minority (86/314≈27.5%)of the investigated blockchain systems had covered GDPR at least once using one or both communication channels. Among the 86systems, only 27 systems (8.6%) had at least one legal document that actually talks about GDPR for the corresponding blockchain system. We noticed a systematic lack of detail about why and how the GDPR compliance issue was addressed, and most systems made questionable statements about GDPR compliance. There sults are surprising considering that the GDPR was enacted in 2016 and has been in effect since May 2018.