From time to time, an anecdote comes across our desks that, as researchers, we find hard to leave alone. A few months ago, one of these opportunities appeared, and we thought it might be interesting to lift the hood, and show you how we dig into tough research hypotheses and decide if and when to write about them. Here's what happened.
Over a period of a few days this winter, we heard from one colleague, then another – 20 in all -- that conversations they'd had IRL ("in real life") seemingly resulted in ads and sponsored posts in Facebook. Given the state of "surveillance marketing," we weren't that surprised, until we read Facebook's T&Cs. There, the company explicitly stated that it wouldn't use data collected from a user's microphone for ad targeting. That's when we got curious.
First, we looked to the obvious: had our colleagues searched for the advertised item after having had the conversation? Had they checked into the same place as their friend, at the same time? Were they on the same network -- and thus sharing an IP address -- as someone who'd searched for the product or service? We rounded up the answers to these questions, and determined that "interest-by-proxy" was an unlikely cause.
More than four years after the European Union started its journey toward new privacy rules, the EU Parliament adopted the final text of the new EU General Data Protection Regulation (GDPR) last week. The EU will complete the long and controversial process that led to the new rules next month, publishing the Regulation in the Official Journal of the European Union, but no changes can be made at this point. This leaves businesses with a two-year period in which to get ready for its implementation. Some EU countries, like France, will implement the new rules before 2018.
As a security and risk professional, you must start working now to assess what the new rules mean for your organization and make the necessary changes to technology, processes, and people. As you approach the task, keep in mind that the GDPR introduces important changes, such as: