404 Not Found

The dispute arose from the draft decision of the Data Protection Commission (DPC) and the subsequent objections raised by various data protection authorities. The crux of the matter lies in the processing of personal data belonging to TikTok’s registered users aged between 13 and 17, along with specific concerns regarding design practices and issues concerning children below the age of 13.

Anu Talus, EDPB Chair, emphasized the responsibility of social media companies to present choices, especially to minors, in a fair and unbiased manner. She underscored the importance of providing privacy-related options objectively and neutrally, without resorting to deceptive or manipulative tactics. This decision reinforces the imperative for digital entities to exercise utmost care and implement robust measures to safeguard children’s data protection rights.

Findings of Non-Compliance:

• Infringement of Fairness Principle:

TikTok was found to have breached the GDPR’s principle of fairness in its processing of personal data pertaining to adolescents between 13 and 17 years old. Specifically, the Registration Pop-Up and Video Posting Pop-Up were analyzed, revealing biased design practices that influenced user choices.

• Challenges with Age Verification Measures:

Serious doubts were raised regarding the effectiveness of TikTok’s age verification measures during the specified period. The EDPB identified loopholes in the age gate intended to restrict access for users under 13, as well as deficiencies in post-access controls.

• Deficiencies in Privacy by Design:

The public-by-default settings adopted by TikTok were deemed contrary to the principles of data protection by design and default, data minimization, and transparency. This underscores the critical need for platforms to prioritize privacy in their design and default settings.

• Monetary Penalty:

In addition to a reprimand and compliance order, the IE DPA imposed a substantial fine of €345 million on TikTok as a consequence of the identified infringements.

The EDPB’s resolute decision, coupled with the IE DPA’s final verdict, marks a significant milestone in data protection, setting a powerful precedent for digital platforms. The imperative for fairness, transparency, and robust age verification measures underscores the evolving landscape of data privacy. As we move forward, the integration of privacy by design will play an increasingly pivotal role in shaping ethical data practices and ensuring the protection of user rights in an ever-connected world.

The post Landmark Ruling: EDPB Sets Precedent with Binding Decision on TikTok’s Data Practices appeared first on Jurcom GRC.

The term was first coined in a report by Ontario Information and Privacy Commissioner in 2010 and has since been endorsed by data privacy regulators around the world.

In January 2023, The International Organization for Standardization (ISO) adopted PbD as ISO 31700!

The key principle of privacy by design is that privacy should be built into all aspects of a project or initiative, rather than being tacked on as an afterthought. This means considering privacy at every stage of development, from planning and design to implementation and operation.

There are a number of ways to operationalize privacy by design, but some common elements include:

• Incorporating privacy into decision-making processes;
• Building Privacy into products and services from the ground up;
• Conducting risk assessments that consider potential impacts on privacy;
• Minimizing the collection and use of personal information;

ISO sets over 24,000 standards, including ISO 27001 for information security management systems, some of which organizations can be certified for compliance with after passing a review by auditing firms like our Solution Partner Prox.

Unveiled in 2009, Privacy by Design is a set of principles that calls for privacy to be taken into account throughout an organization’s data management process.

Since then it has been adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities and incorporated in the European General Data Protection Regulation (GDPR). However, only organizations that hold data of European residents are obliged to follow the GDPR. In 2018, the ISO formed a group to start planning for the inclusion of PbD in its standards.

Adoption by the ISO “gives life to operationalizing the concept of Privacy by Design,” said Ann Cavoukian, “helping organizations figure out how to do it. The standard is designed to be utilized by a whole range of companies — startups, multinational enterprises, and organizations of all sizes. With any product, you can make this standard work because it’s easy to adopt. We’re hoping privacy will be pro-actively embedded in the design of [an organization’s] operations and it will complement data protection laws.”

As a guideline, Privacy by Design applies to IT systems, accountable business practices, and physical design and networked infrastructure.

As originally written, PbD has seven principles, including those stating that privacy should be an organization’s default setting (no action is required by an individual to protect their privacy), it is embedded into the design of IT systems and business practices, and it is part of the entire data lifecycle.

In January 2023, the International Standards Organization (ISO) published ISO 31700-1:2023 and ISO/TR 31700-2:2023 standards on consumer protection and PbD for consumer goods and services. It includes general guidance on designing capabilities to enable consumers to enforce their privacy rights, assigning relevant roles and authorities, providing privacy information to consumers, conducting privacy risk assessments, establishing and documenting requirements for privacy controls, how to design privacy controls, lifecycle data management, and preparing for and managing a data breach.

See also; Legal Compliance With Artificial Intelligence (AI) Technology

Sources:

https://www.iso.org/obp/ui/#iso:std:iso:31700:-1:ed-1:v1:en

https://www.iso.org/obp/ui/#iso:std:iso:tr:31700:-2:ed-1:v1:en

https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf

The post Privacy by Design Became the ISO Standard! appeared first on Jurcom GRC.

As the world is on the verge of a major shift in the way we live and work, artificial intelligence (AI) has begun to transform our lives and societies. With the rapid development of artificial intelligence (AI) technology, the use of AI in various fields has become increasingly common. As AI technology continues to evolve, it will bring both opportunities and challenges for our societies. However, the application of artificial intelligence technology will also pose new challenges for data protection and privacy laws. Artificial intelligence (AI) is one of the most fascinating and potentially transformative technologies of our time. From self-driving cars to smart chatbots, AI is revolutionizing the way we live and work, and legal compliance with artificial intelligence (AI) is inevitable.

On the one hand, artificial intelligence has the potential to increase economic growth and productivity, create new jobs and industries, and improve our quality of life. On the other hand, there are also concerns about how artificial intelligence may affect employment, privacy and data protection as well as climate change.

Despite all the excitement, there is still great confusion about what artificial intelligence really is. In its simplest form, AI is any form of computing that can be said to be “intelligent”. That is, they can understand or learn from their environment and take actions that maximize their chances of success.

As we enter this new era of AI, it is important that we consider these issues carefully and implement policies and regulations that ensure AI is developed responsibly and for the benefit of all.

Legal compliance with artificial intelligence is an important issue.

For example, when artificial intelligence is used to process large volumes of data, it may be difficult to ensure that individuals’ data is processed in accordance with their rights under data protection laws. As artificial intelligence technology evolves, it may become possible for machines to make decisions that have a significant impact on the lives of individuals without any human intervention or oversight. This raises questions about who should be responsible for such decisions and how they can be held accountable.

So far, data protection and privacy laws have not kept pace with the evolution of AI technology.

It is important that these laws be updated to take into account the unique challenges posed by artificial intelligence so that the rights of individuals are adequately protected.

As AI technology continues to evolve, so do the legal implications of its use. There is a lot to learn about how to comply with the various legal requirements regarding its use. This is something that will likely continue to evolve over time as technology continues to evolve and grow in popularity. It is essential to be aware of the legal implications of using AI technology.

The development of artificial intelligence continues to amaze all of us day by day. So much so that it wrote this article itself. ?

See Also: Transfer Of Personal Data Between The EU And The UK Under The GDPR

The post Legal Compliance with Artificial Intelligence (AI) Technology appeared first on Jurcom GRC.

This means that companies will soon be required to publish detailed information on sustainability matters. This will increase a company’s accountability, prevent divergent sustainability standards, and ease the transition to a sustainable economy.

In practical terms, companies will have to report on how their business model affects their sustainability and how external sustainability factors (such as climate change or human rights issues) influence their activities. This will equip investors and other stakeholders better for making informed decisions on sustainability issues.

New Reporting Rules For Companies

The Corporate Sustainability Reporting Directive introduces more detailed reporting requirements and ensures that large companies and listed SMEs are required to report on sustainability matters such as environmental rights, social rights, human rights and governance factors.

The rules also apply to listed SMEs, taking into account their specific characteristics. An opt-out will be possible for listed SMEs during a transitional period, exempting them from the application of the directive until 2028.

The new sustainability reporting rules will apply to all large companies and to all companies listed on regulated markets except listed micro undertakings. These companies are also responsible for assessing the information applicable to their subsidiaries.

For non-European companies, the requirement to provide a sustainability report applies to all companies generating a net turnover of EUR 150 million in the EU and which have at least one subsidiary or branch in the EU exceeding certain thresholds. These companies must provide a report on their environmental, social and governance (ESG) impacts, as defined in this directive.

Next Steps of the Corporation Sustainability Reporting Directive

Following the Council’s approval today of the European Parliament’s position, the legislative act was adopted.

After being signed by the President of the European Parliament and the President of the Council, it will be published in the Official Journal of the European Union and will enter into force 20 days afterward. The new rules will need to be implemented by member states 18 months later.

Source; https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/council-gives-final-green-light-to-corporate-sustainability-reporting-directive/

https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_22_6747

Contact Us For More Information

The post EU Corporate Sustainability Reporting Directive appeared first on Jurcom GRC.

The new EU directive seeks to give customers more choice, allowing the share of their financial data with third parties. While this is going to be a cumbersome task for traditional financial institutions to adapt, with banks worried about losing their grip on customers’ data, if done right, open banking can be considered a force of good for the industry as a whole.

In this sense, it is crucial to understand that actually, this is an unmissable opportunity for banks and financial institutions to win back their customers, increase customer engagement and meet their changing needs. A key thing to understand, to move in that direction, is the potential of Application Programming Interfaces (APIs) and the importance of creating pricing policies for those. With a pricing policy, financial institutions can develop a business model on their APIs and build what will probably be their fastest growing and largest revenue channel in the future. Open banking represents a real possibility for financial services providers to increase their revenue, rather than just being a threat to their bottom line.

In particular, the PSD2 directive makes space for the creation of a new layer between consumers and banks, giving them the opportunity to initiate payments between bank accounts on consumers’ behalf and broaden their offering with a new range of services. Providing, at the same time, an alternative to credit and debit cards, to pay online.

In fact, by using open banking APIs to process payments instead of cards, there’s the possibility of saving a significant amount of money and streamlining the whole process. With the concrete chance of attracting new forward-thinking business clients looking for the most innovative payment technology solutions.

At PaymentComponents we wanted to radically simplify this transition towards open banking and we built aplonAPI. A product that enables financial institutions like yours to offer Banking as a Service/Platform (BaaS/BaaP) solutions to your clients and monetize your APIs. It comes to you equipped with pre-built and tested APIs, packed in a ready-to-use sandbox. And with a developers portal that you can customize and brand as you want. To help you generate value from day one. Thanks to an API-connected FinTech ecosystem of AISPs and PISPs, we are able to empower you to open up a new revenue channel to put you ahead of the competition. Are you interested to learn more? You just need to schedule a demo with us. We will be glad to provide all the details and answer all your questions!

See also, Where Are My Datas? Data Transfer Methods Abroad

The post Open Banking Means New Revenue Streams for Financial Institutions appeared first on Jurcom GRC.

The PSD2, which allows for the first time the sharing of clients’ financial data with third parties, is considered the foundational step towards open banking and represents the most critical change in the banking sector for a long time. This new directive, together with technological innovation, facilitated the banking industry’s opening up, starting a new age of collaborations between incumbent banks and FinTech companies.

The changing needs of banks’ customers

People are now more educated and more digitized than ever and are looking for new ways to connect with their banks. They are pretending innovative services that can be easily integrated with the pool of other services, such as the rapidly growing FinTech apps, that they are using to manage their finances. All in all, the customers’ expectations are now soaring. And because of the coronavirus pandemic, which has dramatically accelerated the digital transformation in banking, they are now far more likely to use home banking and other digital channels, making branches in most cases unnecessary. These are new habits that are here to stay even when we will have passed this situation. The question of what are the real benefits of open banking is becoming more and more intriguing.

This context makes that open banking and continuous innovation are a need as well as an enormous opportunity for today’s banks to meet changing needs of customers, generate more engagements, and last but not least, increase revenues.

While it can appear as a potentially expensive task for financial institutions to adapt to this new open model, it’s not just a unique opportunity to attract more private customers but it could also be an even bigger one to attract business clients willing to use the latest technologies for their payments.

The need to switch to an API-led business model

By creating specific pricing policies for their advanced APIs, banks will be able to monetize their products and services with new revenue streams that before were impossible to imagine. They have, in this way, the opportunity to unlock the full potential of their API-based offerings to provide an alternative way to pay online, that has been for too long only limited to credit and debit card payments. Something that became possible, again thanks to PSD2. The new chance to initiate payments between bank accounts on the consumer’s behalf and the use of open APIs to process online payments permitting banks to lower the costs related to that.

As Jurcom and our solution partner Payment Components, we have been among the first to understand the true potential of open banking. We learned a lot by working with leading financial institutions. Understanding what are the main challenges and opportunities for those operating in the sector to take advantage of this historical transformation.

On this basis, our global partner developed an award-winning product, called aplonAPI, that represents the best solution available today for financial institutions that are willing to stay on top of the competition. With aplonAPI, you will be able to offer Banking as a Service/Platform (BaaS/BaaP) solutions to your customers and monetize your APIs in the simplest and fastest way possible. The best part is that you get a ready-to-use API sandbox, with a FinTech ecosystem of AISPs and PISPs, to modernize your payment system quickly and that can help you generate value from day one.

If you are interested in learning more about aplonAPI, all you need to do is schedule a demo today and we will get back to you as soon as possible to show you all the possibilities and how easy it is for you to get started with it.

The post These are the Real Benefits of Open Banking appeared first on Jurcom GRC.

This time we look at four specific open banking use cases that we think are particularly relevant for you to know, as well as what’s next with the open Finance API Framework announced by the ‘Berlin Group’.

Open Banking Use Cases Driving Digital Transformation

1. KYC Process Acceleration

Know Your Customer (KYC) procedures are part of the client onboarding process and include all the required actions needed by banks to help prevent and identify potential illegal activities – e.g. terrorism financing and money laundering. Practically speaking, the KYC process is composed of various steps that include ID card and proof-of-address documents verification. Thanks to PSD2 compliant open banking APIs, it’s now possible for financial institutions to dramatically accelerate the speed for such time-consuming procedures and reduce the compliance costs by automating a large percentage of the process.

2. Customer Identity Verification

Customer identity verification directly connects with the KYC process that we described in the previous point, and it’s usually considered an open banking priority for banks, payments companies, and other financial operators. The stricter requirements and related obligations introduced with the Strong Customer Authentication (SCA), as part of the PSD2, made the open banking possibilities even more essential to streamline the process.

3. Personal and Business Financial Management

Open banking makes much more interesting what’s possible to offer customers in terms of personal and business financial management. It allows increasing customer engagement with data-driven insights and by providing an aggregated view of all their accounts in one single application. This new opportunity for banks to analyze vast amounts of financial data in real-time allows them to offer clients a customized experience with personalized insights and suggestions.

4. Credit Risk Scoring Algorithm and Calculations

Thanks to APIs, account aggregation, and the use of algorithms with machine learning, open banking allows financial institutions to radically improve credit scoring by making it faster, more efficient, and even safer. It is now much easier to integrate it as an additional service on top of an existing commercial offer, giving the possibility to quickly calculate clients’ credit scores based on their income, loans, and aggregated accounts.

But that’s not all. If a lot in financial services have already been transformed, many more changes will come in the future. On top of Open Banking UK and Revised Directive on Payment Services (PSD2), it’s what the ‘Berlin Group’ is doing that we find of particular interest.

The ‘Berlin Group’ is a European coalition of banks and Third Party Providers (TPPs), including both Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs). The companies part of this group are working on payment interoperability standards and harmonization initiatives to define an open and standard scheme. In October 2020, they announced the open Finance API Framework, planned on top of the prominent NextGenPSD2 interoperability framework, designed to give TPPs, API access to bank accounts.

Based on open industry standards such as REST, JSON, and ISO20022, the new open Finance API Framework will offer a harmonized and interoperable set of APIs, allowing banks and TPPs to provide enriched and enhanced data, products, and services.

If you are interested in exploring the global movement of Open Banking and its benefits further, all you need to do is to contact Jurcom GRC Services and we will guide you on this long path safely.

The post 4 Open Banking Use Cases Driving Digital Transformation appeared first on Jurcom GRC.

Banks can have immediate benefits from open banking APIs

• Expanded Revenue Sources

A 2016 study by Accenture found that UK banks risked losing 43% of their payments-based revenue by 2020. The study attributes this to PSD2, regulation on interchange fees, and competition from fintech players. In the EU market, Payment Initiation Service Providers (PISPs) who initiate payments directly from shoppers’ bank accounts, threaten significant revenue losses for banks according to a 2018 McKinsey report.

Using APIs that facilitate account aggregation and the building of third-party products on top of banks’ legacy systems, banks can not only protect but also widen their revenue base. Additionally, since banks can also access account data from other banks, they can build products to offer tailored services to their existing clientele.

• Launch Competing Products to Fintech

Bankers usually look at the PSD2 requirement for banks to open up to third parties as an inconvenience that makes them vulnerable to competition. However, they usually ignore the fact that banks can act as third parties and access functionalities as well as data from other banks.

This not only diversifies revenue sources but keeps banks in direct contact with customers, thereby protecting their brands from being eroded by fintechs who would otherwise relegate them to white-label service providers in the background.

• Provide Richer Offerings

As banks embrace advanced APIs that can “think”, they are better placed to provide richer product offerings with less effort. By working with third-party tools and platforms that can analyze, manipulate, and get insights from customer data, banks can develop an unmatched role as advisers.

Open APIs can also make integration into corporate systems seamless, leading to new value-added services for corporates such as reconciliation of transactions, payment rooting, automated payments, cash pooling, etc.

How Can Banks Approach the Use of APIs

Banks don’t need to build from scratch to take advantage of PSD2. There are tools already available. If one wants to connect to other banks for account aggregation, technology is already present that connects hundreds of banks via a single interface.

Moreover, banks should be receptive to partnering with fintechs to acquire speed and technology. We are in a banking revolution where the fastest and most efficient innovator wins. Instead of struggling to build new bleeding-edge technology – something that is not always native to banks, they can focus on leveraging existing customer relationships and their financial muscle. Then couple that with technology from third parties to win.

On another front, banks can look at collaboration with fintechs through APIs, as a means of distributing products into unreached markets. Some fintechs, through savvy marketing and tailored user interfaces, have managed to capture the attention of Millennials. A bank interested in opening up to new demographics would benefit from such a partnership. The same could be said about fintechs wanting to reach banks’ customers.

See also, BRSA Has Been Issued Critical Regulation On Information Deemed Confidential

The post Banks Can Be On The Winning Side Of The Open Banking APIs appeared first on Jurcom GRC.