Recherche avancée

Sur d’autres sites (2321)

• LGPD : Demystifying Brazil’s New Data Protection Law

  31 août 2023, par Erin — Privacy

  The General Personal Data Protection Law (LGPD or Lei Geral de Proteção de Dados Pessoais) is a relatively new legislation passed by the Brazilian government in 2018. The law officially took effect on September 18, 2020, but was not enforced until August 1, 2021, due to complications from the COVID-19 pandemic.

  For organisations that do business in Brazil and collect personal data, the LGPD has far-reaching implications, with 65 separate articles that outline how organisations must collect, process, disclose and erase personal data.

  In this article, you’ll learn what the LGPD is, including its contents and how a legal entity can be compliant.

  What is the LGPD ?

  The LGPD is a new data protection and privacy law passed by the Federal Brazilian Government on May 29, 2018. The purpose of the law is to unify the 40 previous Brazilian laws that regulated the processing of personal data.

  

  Many of the older laws have been either updated or removed to accommodate this change. The LGPD comprises 65 separate articles, and each covers a different area of the legislation, such as the rights of data subjects and the legal bases on which personal data may be collected. It also sets out the responsibilities of the National Data Protection Authority (ANPD), a newly created agency responsible for the guidance, supervision and enforcement of the LGPD.

  LGPD compliance is essential for organisations wishing to operate in Brazil and collect personal data for commercial purposes, whether online or offline. However, understanding the different rules and regulations and even figuring out if the LGPD applies to you can be challenging.

  Fortunately, the LGPD is relatively easy to understand and shares many similarities with the General Data Protection Regulation (GDPR), the data protection law implemented on May 25, 2018, by the European Union. This may help you better understand why the LGPD was enacted, the policies it contains and the goals it hopes to achieve. Both laws are very similar, but some items are unique to Brazil, such as what qualifies as a legal basis for collecting personal data.

  For these reasons, organisations should not apply a one-size-fits-all approach to GDPR and LGPD compliance, for they are different laws with different guiding principles and requirements.

  Who does the LGPD apply to, and who is exempt ?

  The LGPD applies to any natural person, public entity and private entity that collects, processes and stores personal data for commercial purposes within the national territory of Brazil. The same also applies to those who process the personal data of Brazilian and non-Brazilian citizens within the national territory of Brazil, even if the data processor is outside of Brazil. It also applies to those who process personal data collected from the national territory of Brazil.

  So, what does this all mean ? 

  Regardless of your location, if you conduct any personal data processing activities in Brazil or you process data that was collected from Brazil, then there is a high possibility that the LGPD applies to you. This is especially true if the data processing is for commercial purposes ; or, to be more precise, for the offering or provision of goods or services. It also means that subjects whose personal data is collected under these conditions are protected by the nine data subject rights.

  There are exceptions where the LGPD does not apply to data processors. These include if you process personal data for private or non-commercial reasons ; for artistic, journalistic and select academic purposes ; and for the purpose of state security, public safety, national defence and activities related to the investigation and prosecution of criminal offenders. Also, if the processed data originates from a country with similar data protection laws to Brazil, such as any country in the European Union (where the GDPR applies), then the LGPD will not apply to that individual or organisation.

  For these reasons, it is vital that you are familiar with the LGPD so that your data processing activities comply with the new standards. This is also important for the future, as an estimated 75% of the global population’s personal data will be protected by a privacy regulation. Getting things right now will make life easier moving forward.

  What are the nine LGPD data subject rights ?

  The LGPD has nine data subject rights. These protect the rights and freedoms of subjects, regardless of their political opinion and religious belief.

  

  These rights, listed under Article 19 of the LGPD, confirm that a data subject has the right to :

  1. Confirm the processing of their data.
  2. Access their data.
  3. Correct data that is incomplete, not accurate and out of date.
  4. Anonymize, block and delete data that is excessive, unnecessary and was not processed in compliance with the law.
  5. Move their data to a different service provider or product provider by special request.
  6. Delete or stop using personal data under certain circumstances.
  7. Gain information about who the data processor has shared the processed data with, including private and public entities.
  8. Be informed as to what the consequences may be for denying consent to the collection of personal data.
  9. Revoke consent to have their personal data processed under certain conditions.

  Many of these data subject rights are like the GDPR. For example, both the GDPR and LGPD give data subjects the right to be informed, the right to access, the right to data portability and the right to rectify false data. However, while the LGPD has nine data subject rights, the GDPR has only eight. What is the extra data subject right ? The right to gain information on who a data processor has shared your data with.

  There are other slight differences between the GDPR and LGPD with regard to data subject rights. For instance, the GDPR has a clear right to restrict certain data processing activities, such as those related to automation. The LGPD has this, too. But the subject of data collection automation is under Article 20, separate from all the data subject rights listed under Article 19.

  Under what conditions can personal data in Brazil be processed ?

  There are various conditions under which organisations can legally conduct personal data processing in Brazil. The aim of these conditions is to give data subjects confidence — that their personal data is processed for only safe, legal and ethical reasons. Also, the conditions help data processors, both individuals and organisations, determine if they have a legal basis for processing personal data in or in relation to Brazil.

  

  According to Article 7 of the LGPD, data processing may only be carried out if done :

  1. With consent by the data subject.
  2. To comply with a legal or regulatory obligation.
  3. By public authorities to assist with the execution of a public policy, one established by law or regulation.
  4. To help research entities carry out studies ; granted, when possible, subjects can anonymize their data.
  5. To carry out a contract or preliminary procedure, in particular, one related to a contract where the data subject is a party.
  6. To exercise the right of an arbitration, administration or judicial procedure.
  7. To protect the physical safety or life of someone
  8. To protect the health of someone about to undergo a procedure performed by health entities
  9. To fulfill the legitimate interests of a data processor, unless doing so would compromise a data subject’s fundamental rights and liberties.
  10. To protect one’s credit score.

  Much like the nine data subject rights, there are key differences between the LGPD and GDPR. The GDPR has six lawful bases for data processing, while the LGPD has ten. One notable addition to the LGPD is for the protection of one’s credit score, which is not covered by the GDPR. Another reason to ensure compliance with both data protection laws separately.

  LGPD vs. GDPR : How do they differ ?

  The LGPD was modeled closely on the GDPR, so it’s no surprise the two are similar. 

  Both laws ensure a high level of protection for the rights and freedoms of data subjects. They outline the legal justifications for data processing, establish the responsibilities of a data protection authority and lay out the penalties for non-compliance. That said, there are key differences between them.

  First, data subject rights ; the LGPD has nine, while the GDPR has eight. The GDPR gives data subjects the right to request a human review of automated decision-making, while the LGPD does not. Second, the legal bases for processing ; the LGPD has ten, while the GDPR has six. The four legal bases unique to the LGPD are : for protection of credit, for protection of health, for protection of life and for research entities carrying out studies.

  Both the LGPD and GDPR have different non-compliance penalties. The maximum fine for an infraction under the GDPR is up to €20 million (or 4% of the offender’s annual global revenue, whichever is higher). The maximum fine for an LGPD infraction is up to 50 million reais (around €9.2 million), or up to 2% of an offender’s revenue in Brazil, whichever is higher.

  6 steps to LGPD compliance with Matomo

  Below are steps you can follow to ensure your organisation is LGPD compliant. You’ll also learn how Matomo can help you comply quickly and easily.

  

  Let’s dive in.

  1. Appoint a DPO

  A DPO is a person, group, or organisation that communicates with data processors, data subjects, and the ANDP.

  Curiously, the LGPD lets you appoint your own DPO — even if they reside out of Brazil. So if the LGPD applies to you, you can appoint someone in your organisation to be a DPO. Just make sure that the nominated person has the understanding and capacity to perform the role’s duties.

  2. Assess your data

  Once you’re familiar with the LGPD and confirm your eligibility for LGPD compliance, take the time to assess your data. If you plan to collect data within the territory of Brazil, you’ll need to confirm the exact location of your data subjects. 

  To do this in Matomo, simply go to the previous year’s calendar. Then click on visitors, go to locations, and look for Brazil under the “Region” section. This will tell you how many of your web visitors are located in Brazil.

  

  3. Review privacy practices

  Review your existing privacy policies and practices, as there’s a good chance they’ll need to be updated to comply with the LGPD. Also, review your data sharing and third-party agreements, as you may need to communicate these new policies to partners that you rely on to deliver your services. 

  Lastly, review your procedures for tracking personal data and Personally Identifiable Information (PII). You may need to modify the type of data that you track to comply with the LGPD. You may even be tracking this data without your knowledge.

  4. Anonymize tracking data

  Data subjects under the LGPD have the right to request data anonymity. Therefore, to be LGPD compliant, your organisation must be able to accommodate for such a request.

  Fortunately, Matomo has various data anonymization techniques that help you protect your data subject’s privacy and comply with the LGPD. These techniques include the ability to anonymize previously tracked raw data, anonymize visitor IP addresses, and anonymize relevant geo-location data such as regions, cities and countries.

  

  You can find these features and more under the Anonymize data tab within the Privacy menu on the Matomo Settings page. Learn more about how to configure privacy settings in Matomo.

  5. Comply with LGPD consent laws without cookies

  By using Matomo to anonymize the data of your data subjects, this enables you to comply with LGPD consent laws and remove the need to display cookie consent banners on your website. This is made possible by the fact that Matomo is a cookieless tracking web analytics platform.

  Unlike other web analytics platforms like Google Analytics, which collect and use third-party cookies (persistent data that remains on your device, until that data expires or until you manually delete it) for their “own purposes,” Matomo is different. We use alternative means to identify web visitors, such as count the number of unique IP addresses and perform browser fingerprinting, neither of which involve the collection of personal data.

  As a result, you don’t have to display cookie consent banners on your website, and you can track your web visitors even if they disable cookies.

  6. Give users the right to opt-out

  Under the LGPD, data subjects have the right to opt-out of your data collection procedures. For this reason, make sure that your web visitors can do this on your website.

  

  You can do this in Matomo by adding an opt-out from tracking form to your website. To do this, click on the cog icon in the top menu, load the settings page, and click on the Users opt-out menu item in the Privacy section. Then follow the instructions to customise and publish the Matomo opt-out form.

  Achieve LGPD compliance with Matomo

  Like GDPR for Europe, the LGPD will impact organisations doing business in Brazil. And while they both share much of the same definitions and data subject rights, they differ on what qualifies as a legal basis for processing sensitive data. Complying with the GDPR and LGPD separately is non-negotiable and essential to avoiding maximum fines of €20 million and €9.2 million, respectively.

  

  As a web analytics platform with LGPD compliance, Matomo prioritises data privacy without compromising performance. Switch to a powerful LGPD-compliant web analytics platform that respects users’ privacy. 

  Get a 21-day free trial of Matomo today. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to LGPD. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• Embed custom meta-data (bounding boxes) into HLS video stream

  8 mai 2024, par Alexender Iotko

  I'd like to embed bounding boxes, labels, etc. into live video stream to optionally draw them thereafter on the client-side in web-browser and looking for a way how to do.

  


  Could you please give me a hint how to insert the meta-data "on fly" and which player might be used for it ?

  


• What Is Data Ethics & Why Is It Important in Business ?

  9 mai 2024, par Erin

  Data is powerful — every business on earth uses data. But some are leveraging it more than others.

  The problem ?

  Not all businesses are using data ethically.

  You need to collect, store, and analyse data to grow your business. But, if you aren’t careful, you could be crossing the line with your data usage into unethical territories.

  In a society where data is more valuable than ever, it’s crucial you perform ethical practices.

  In this article, we break down what data ethics is, why it’s important in business and how you can implement proper data ethics to ensure you stay compliant while growing your business.

  What is data ethics ?

  Data ethics are how a business collects, protects and uses data.

  It’s one field of ethics focused on organisations’ moral obligation to collect, track, analyse and interpret data correctly.

  

  Data ethics analyses multiple ways we use data :

  • Collecting data
  • Generating data
  • Tracking data
  • Analysing data
  • Interpreting data
  • Implementing activities based on data

  Data ethics is a field that asks, “Is this right or wrong ?”

  And it also asks, “Can we use data for good ?”

  If businesses use data unethically, they could get into serious hot water with their customers and even with the law.

  You need to use data to ensure you grow your business to the best of your ability. But, to maintain a clean slate in the eyes of your customers and authorities, you need to ensure you have strong data ethics.

  Why you need to follow data ethics principles

  In 2018, hackers broke into British Airways’ website by inserting harmful code, leading website visitors to a fraudulent site. 

  The result ? 

  British Airways customers gave their information to the hackers without realising it : credit cards, personal information, login information, addresses and more.

  While this was a malicious attack, the reality is that data is an integral part of everyday life. Businesses need to do everything they can to protect their customers’ data and use it ethically.

  Data ethics is crucial to understand as it sets the standard for what’s right and wrong for businesses. Without a clear grasp of data ethics, companies will willingly or neglectfully misuse data.

  With a firm foundation of data ethics, businesses worldwide can make a collective effort to function smoothly, protect their customers, and, of course, protect their own reputation. 

  3 benefits of leaning into data ethics

  We’re currently transitioning to a new world led by artificial intelligence.

  While AI presents endless opportunities for innovation in the business world, there are also countless risks at play, and it’s never been more important to develop trust with your customers and stakeholders.

  With an influx of data being created and tracked daily, you need to ensure your business is prioritising data ethics to ensure you maintain trust with your customers moving forward.

  

  Here are three benefits of data ethics that will help you develop trust, maintain a solid reputation and stay compliant to continue growing your business :

  1. Compliance with data privacy

  Privacy is everything. 

  In a world where our data is being collected nonstop, and we live more public lives than ever with social media, AI and an influx of recording and tracking in everyday life, you need to protect the privacy of your customers.

  One crucial way to protect that privacy is by complying with major data privacy regulations.

  Some of the most common regulations you need to remain compliant with include :

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Personal Data Protection Law (LGPD)
  • Privacy and Electronic Communications (EC Directive) Regulations (PECR)

  While these regulations don’t directly address ethics, there’s a core overlap between privacy requirements like accountability, lawfulness and AI ethics.

  Matomo ensures you protect the privacy of your web and app users so you can track and improve your website performance with peace of mind.

  2. Maintain a good reputation

  While data ethics can help you maintain data privacy compliance, it can also help you maintain a good reputation online and offline.

  All it takes is one bad event like the British Airways breach for your company’s reputation to be ruined.

  If you want to keep a solid reputation and maintain trust with your stakeholders, customers and lawmakers, then you need to focus on developing strong data ethics.

  Businesses that invest time in establishing proper data ethics set the right foundation to protect their reputation, develop trust with stakeholders and create goodwill and loyalty.

  3. Increased trust means greater revenue

  What happens when you establish proper data ethics ?

  You’ll gain the trust of your customers, maintain a solid reputation and increase your brand image.

  Customers who trust you to protect their privacy and data want to keep doing business with you.

  So, what’s the end result for a business that values data ethics ?

  You’ll generate more revenue in the long run. Trust is one thing you should never put on the back burner if you have plans to keep growing your business. By leaning more into data ethics, you’ll be able to build that brand reputation that helps people feel comfortable buying your products and services on repeat.

  While spending time and money on data ethics may seem like an annoyance, the reality is that it’s a business investment that will pay dividends for years to come.

  5 core data ethics principles

  So, what exactly is involved in data ethics ?

  For most people, data ethics is a pretty broad and vague term. If you’re curious about the core pillars of data ethics, then keep reading.

  Here are five core data ethical principles you need to follow to ensure you’re protecting your customers’ data and maintaining trust :

  

  1. Data ownership

  The individual owns the data, not you. This is the first principle of data ethics. You don’t have control over someone else’s data. It’s theirs, and they have full ownership over it.

  Just as stealing a TV from an electronics store is a crime, stealing (or collecting) someone’s personal data without their consent is considered unlawful and unethical.

  Consent is the only way to ethically “own” someone’s data.

  How can you collect someone’s data ethically ?

  • Digital privacy policies
  • Signed, written agreements
  • Popups with checkboxes that allow you to track users’ behaviour

  Essentially, anytime you’re collecting data from your website or app users, you need to ensure you’re asking permission for that data.

  You should never assume a website visitor or customer is okay with you collecting your data automatically. Instead, ask permission to collect, track and use their data to avoid legal and ethical issues.

  2. Transparency

  The second core principle of data ethics within business is transparency. This means you need to be fully transparent on when, where and how you :

  • Collect data
  • Store data
  • Use data

  In other words, you need to allow your customers and website visitors to have a window inside your data activities.

  They need to be able to see exactly how you plan on using the data you’re collecting from them.

  For example, imagine you implemented a new initiative to personalise the website experience for each user based on individual behaviour. To do this, you’ll need to track cookies. In this case, you’d need to write up a new policy stating how this behavioural data is going to be collected, tracked and used.

  It’s within your website visitors’ rights to access this information so they can choose whether or not they want to accept or decline your website’s cookies.

  With any new data collection or tracking, you need to be 100% clear about how you’re going to use the data. You can’t be deceptive, misleading, or withholding any information on how you will use the data, as this is unethical and, in many cases, unlawful.

  3. Privacy

  Another important branch of ethics is privacy. The ethical implications of this should be obvious.

  When your users, visitors, or customers enter your sphere of influence and you begin collecting data on them, you are responsible for keeping that data private.

  When someone accepts the terms of your data usage, they’re not agreeing to have their data released to the public. They’re agreeing to let you leverage that data as their trusted business provider to better serve them. They expect you to maintain privacy.

  You can’t spread private information to third parties. You can’t blast this data to the public. 

  This is especially important if someone allows you to collect and use their personally identifiable information (PII), such as :

  • First and last name
  • Email address
  • Date of birth
  • Home address
  • Phone number

  To protect your audience’s data, you should only store it in a secure database. 

  

  For example, Matomo’s web analytics solution guarantees the privacy of both your users and analytics data.

  With Matomo, you have complete ownership of your data. Unlike other web analytics solutions that exploit your data for advertising purposes, Matomo users can use analytics with confidence, knowing that their data won’t be sold to advertisers.

  Learn more about data privacy with Matomo here.

  Try Matomo for Free

  Get the web insights you need, while respecting user privacy.

  Start for free

  No credit card required

  4. Intention

  When you collect and store data, you need to tell your users why you’re collecting their data. But there’s another principle of data ethics that goes beyond the reason you give your customers.

  Intention is the reason you give yourself for collecting and using the data.

  Before you start collecting and storing data, you should ask yourself the following :

  • Why you need it
  • What you’ll gain from it
  • What changes you’ll be able to make after you analyse the data

  If your intention is wrong in any way, it’s unethical to collect the data :

  • You’re collecting data to hurt others
  • You’re collecting data to profit from your users’ weaknesses
  • You’re collecting data for any other malicious reason

  When you collect data, you need to have the right intentions to maintain proper data ethics ; otherwise, you could harm your brand, break trust and ruin your reputation.

  5. Outcomes

  You may have the best intentions, but sometimes, there are negative outcomes from data use.

  For example, British Airways’ intention was not to allow hackers to gain access and harm their users. But the reality is that their customers’ data was stolen and used for malicious purposes. While this isn’t technically unlawful, the outcome of collecting data ended badly.

  To ensure proper data ethics, you must have good standing with your data. This means protecting your users at all costs, maintaining a good reputation and ensuring proper privacy measures are set up.

  How to implement data ethics as a business leader

  As a business leader, CTO or CEO, it’s your responsibility to implement data ethics within your organisation. Here are some tips to implement data ethics based on the size and stage of your organisation :

  Startups

  If you’re a startup, you need to be mindful of which technology and tools you use to collect, store and use data to help you grow your business.

  It can be a real challenge to juggle all the moving parts of a startup since things can change so quickly. However, it’s crucial to establish a leader and allow easy access to ethical analysis resources to maintain proper data ethics early on.

  Small and medium-sized businesses

  As you begin scaling, you’ll likely be using even more technology. With each new business technique you implement, there will be new ways you’ll be collecting user data. 

  One of the key processes involved in managing data as you grow is to hire engineers who build out different technologies. You must have protocols, best practices and management overseeing the new technologies being built to ensure proper data ethics.

  Global businesses

  Have you scaled internationally ?

  There will be even more rules, laws, regulations and organisations to answer to if you start managing data unethically.

  You should have established teams or departments to ensure you follow proper privacy and data protocols worldwide. When you have a large organisation, you have more money and vast amounts of data. This makes you a bigger target for leaks, ransomware and hackers.

  You should ensure you have cross-departmental groups working to establish ongoing protocols and training to keep your data management in good standing.

  Leverage data ethically with Matomo

  Data is powerful.

  It’s a crucial point of leverage that’s required to stay competitive.

  However, improper use and management of data can give you a bad reputation, break trust and even cause you legal trouble.

  That’s why you must maintain good data ethics within your organisation.

  One of the most important places to set up proper data ethics and privacy measures is with your website analytics.

  Matomo is the leading, privacy-friendly web analytics solution in the world. It automatically collects, stores, and tracks data across your website ethically.

  With over 1 million websites using Matomo, you get to take full control over your website performance with :

  • Accurate data (no data sampling)
  • Privacy-friendly and GDPR-compliant analytics
  • Open-source for transparency and to create a custom solution for you

  Try Matomo free for 21-days. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now