She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.
Children’s data is subject to special protections under the GDPR, including the requirement that privacy policies must be written in a way that’s understandable to the service’s target audience.
Today I’m launching a legal claim against @tiktok_uk on behalf of millions of children whose data was illegally taken and transferred to unknown third parties for profit. Learn more about our fight to protect children's privacy @TikTokClaimUK for updates https://t.co/eSCxj4Jwqlpic.twitter.com/LBvNHq7Oth
Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.
These actions serve to:
limit the amount of data collected to only that which is necessary to support the purposes of the data collection
keep data from being modified in unauthorized ways, or accidentally
destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
“Exploitation and Sanitization of Hidden Data in PDF Files”
Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization. In this paper, we analyze hidden data found in the PDF files published by an organization. We gathered a corpus of 39664 PDF files published by 75 security agencies from 47 countries. We have been able to measure the quality and quantity of information exposed in these PDF files. It can be effectively used to find weak links in an organization: employees who are running outdated software. We have also measured the adoption of PDF files sanitization by security agencies. We identified only 7 security agencies which sanitize few of their PDF files before publishing. Unfortunately, we were still able to find sensitive information within 65% of these sanitized PDF files. Some agencies are using weak sanitization techniques: it requires to remove all the hidden sensitive information from the file and not just to remove the data at the surface. Security agencies need to change their sanitization methods.
Metadata (The MIT Press Essential Knowledge series)
