Interesting article on how zero-width-characters can be used to invisible tag (even short) texts.
Rosenthal, Der Vorentwurf für ein neues Datenschutzgesetz: Was er bedeutet, Jusletter v. 20.2.2017
This is excellent reading material – covers some very interesting aspects of Swiss privacy today (e.g. data subject access rights under current law)
Results of the Vernehmlassung and Botschaft of the Bundesrat
Summary of changes by David Vasella (post- vs. pre-Vernehmlassung Draft)
in English, incl.
- Raising user awareness
- Authenticating users
- Access Management
- Logging access and managing incidents
- Securing workstations
- Securing mobile data processing
- Protecting the internal network
- Securing servers
- Securing websites
- Ensuring continuity
- Archiving securely
- Supervising maintenance and data destruction
- Managing data processors
- Securing exchanges with other organisations
- Physical security
- Supervising software development
- Encrypting, guaranteeing integrity and signing
- Assess the security level of the personal data in your organisation
[..] “Insufficient consent
According to the SINTEF report, Grindr shares personal data with different of third parties.
When a user registers a user account in Grindr, the app asks for consent to the terms of service in whole, without individual elements being emphasized or singled out (see attached picture).
In the view of the Consumer Council, information about sensitive personal data being shared with third parties should not be hidden away in long terms of service and privacy policies. The Consumer Council cannot see that Grindr fulfill the conditions for gathering an informed and explicitly given consent.
The app does not provide an opportunity to not share personal data with third parties.”
Paper “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps”
by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney
εxodus is a privacy auditing platform for Android applications. It detects behaviors which can be dangerous for user privacy like ads, tracking, analytics, …
It can be run locally via https://github.com/exodus-privacy/exodus