{"id":202,"date":"2018-04-28T19:37:16","date_gmt":"2018-04-28T18:37:16","guid":{"rendered":"http:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/?p=202"},"modified":"2018-05-01T15:35:07","modified_gmt":"2018-05-01T14:35:07","slug":"gdpr-neighbourhood-and-privacy-by-design","status":"publish","type":"post","link":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/2018\/04\/28\/gdpr-neighbourhood-and-privacy-by-design\/","title":{"rendered":"GDPR, Neighbourhood and privacy by design"},"content":{"rendered":"<p><a href=\"http:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-251\" src=\"http:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill.jpg\" alt=\"\" width=\"607\" height=\"342\" srcset=\"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill.jpg 940w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill-300x169.jpg 300w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill-768x433.jpg 768w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill-355x200.jpg 355w\" sizes=\"auto, (max-width: 607px) 100vw, 607px\" \/><\/a><\/p>\n<p>At Neighbourhood, privacy, trust and security are core to our values and offer to users. Our conceptual design, and the development of our technology, marketing and communications, follows a &#8216;privacy by design&#8217; approach.<\/p>\n<p>This year in the UK the new Data Protection Bill comes into force. This represents the regulatory alignment of the UK with the European Union\u2019s new General Data Protection Regulation (GDPR), despite the UK\u2019s intended withdrawal from the European Union (Brexit).<\/p>\n<figure id=\"attachment_250\" aria-describedby=\"caption-attachment-250\" style=\"width: 840px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-250\" src=\"http:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR-1024x512.jpg\" alt=\"\" width=\"840\" height=\"420\" srcset=\"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR-1024x512.jpg 1024w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR-300x150.jpg 300w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR-768x384.jpg 768w, https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/GDPR-400x200.jpg 400w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/a><figcaption id=\"caption-attachment-250\" class=\"wp-caption-text\">Illustration showing key elements of GDPR (effective 25 May 2018) &#8211; DPOs, Compliance, Data Breaches and Personal Data<\/figcaption><\/figure>\n<p>The new measures specify:<\/p>\n<ul>\n<li>That the public will have greater control over personal data &#8211; including the right to be forgotten<\/li>\n<li>A new right to require social media platforms to delete information on children and adults when asked<\/li>\n<\/ul>\n<p style=\"text-align: right\">(<a href=\"https:\/\/www.gov.uk\/government\/news\/government-to-strengthen-uk-data-protection-law\">UK gov<\/a>)<\/p>\n<p>Neighbourhood has an advantage over existing social, location related applications, in launching at this time where we can take account of the mistakes and experiences of existing social media applications, implement practices and systems that align naturally with GDPR at their core, and build trust with our users on this front from the outset.<\/p>\n<h3>Key elements of GDPR and how Neighbourhood meets them<\/h3>\n<table style=\"width: 100%;border: 4px solid #52BE80;padding: 4px\">\n<tbody>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong> GDPR feature<\/strong><\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong> How Neighbourhood meets this requirement <\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Right to be forgotten<\/strong><\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>Messages on Neighbourhood are not publicly available or searchable, meaning that their comments will not come up in search engines, which has been a key issue in right to be forgotten claims<\/li>\n<li>Our users will be able to have full control over deleting any of their data within Neighbourhood: whether within groups, about activities, or in relation to transactions and reviews<\/li>\n<li>Our users will also be able to delete their entire profiles. If a user does that we will keep their data for a 14 day cooling off period during which none of it will be visible on Neighbourhood, after this time it will be fully deleted<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Control over personal data<\/strong><\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Our users operate under pseudonyms by default and control when and to whom they reveal their real names to other users and under what circumstances<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Our users are encouraged to use avatars as visual representations, which mitigates the risk of cyberstalking, especially given the \u2018local, social\u2019 nature of Neighbourhood<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Our users will be able to control the visibility and deletion of messages, from the time they are posted, indefinitely. It will be easy, inline and from all over the application, to delete messages. <\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Opt-in<\/strong><br \/>\nThe reliance on default opt-out or pre-selected \u2018tick boxes\u2019, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past. (<a href=\"https:\/\/www.gov.uk\/government\/news\/government-to-strengthen-uk-data-protection-law\">UK gov<\/a>).<\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>When individual users join up to Neighbourhood they will be informed as to how their data will be used, and opt into this<\/li>\n<li>Neighbourhood will be light on its collection of personal data: we will collect real names and age optionally, we will not collect date of birth. We will include an \u2018I know and trust this person in real life\u2019 button to add another level of trust to user identities, which is not reliant on personal data: this will be a form of \u2018reputation\u2019 that helps others understand how established and trusted others users are within the system<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><span style=\"font-weight: 400\">Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them. (<\/span><a href=\"https:\/\/www.gov.uk\/government\/news\/government-to-strengthen-uk-data-protection-law\"><span style=\"font-weight: 400\">UK gov<\/span><\/a><span style=\"font-weight: 400\">). Referred to in GDPR as <\/span><strong>Right to Access<\/strong><span style=\"font-weight: 400\">. (<\/span><a href=\"https:\/\/www.eugdpr.org\/key-changes.html\"><span style=\"font-weight: 400\">EU<\/span><\/a><span style=\"font-weight: 400\">).<\/span><\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>Furthermore, our users will be able to access an archive of all of their messages and other data from the time they join.<\/li>\n<li>They will easily be able to delete specific data items and all of their data from this archive page.<\/li>\n<li>They will not need to contact Neighbourhood to access this data due to our built in transparency features.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Data Portability<\/strong><br \/>\nGDPR introduces data portability &#8211; the right to transmit data to another controller. (<a href=\"https:\/\/www.eugdpr.org\/key-changes.html\">EU<\/a>).<\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>The archive page above will be made a downloadable CSV for easy porting to other services.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">Require <strong>\u2018explicit\u2019 consent<\/strong> to be necessary for processing <strong>sensitive personal data<\/strong><br \/>\nExpand the definition of \u2018personal data\u2019 to include IP addresses, internet cookies and DNA. (<a href=\"https:\/\/www.gov.uk\/government\/news\/government-to-strengthen-uk-data-protection-law\">UK gov<\/a>).<\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>Neighbourhood will use cookies only to support the smooth user experience of our web application visitors, we will not plug in advertising or other partner technology that involves tracking users across the internet for advertising or other purposes.<\/li>\n<li>Neighbourhood\u2019s business model does not involve the sharing of personal data with any other businesses or organisations.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Identification from anonymised data<\/strong><\/p>\n<p>New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data. (UK gov).<\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">We are keenly aware that even non-personal data can be combined in a way that negatively impacts individuals. Even though we do not collect many types of sensitive data (no medical, date of birth or financial information) we have considered that some Neighbourhood data, for example user\u2019s fitness habits, might be of interest to health insurance companies and employers. We have no interest in supporting combination of data for these purposes. We will not provide any data profiles about our users to any partners or clients. Specifically, where appropriate to support our business model, we will provide only narrow, aggregated reports about our users to partners that allow no tracing or profiling of our individual users<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Terms and conditions<\/strong><br \/>\nThe conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese. (EU).<\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>Neighbourhood will display for users terms and conditions that are easy to understand and follow, in \u2018clear and plain language\u2019. We will also implement an innovative \u2018in line privacy\u2019 feature &#8211; where all around the site, users can click to see data privacy terms and controls relevant to that specific interaction\/ activity.<\/li>\n<li>We will carry our user testing on our terms and conditions and get feedback from our users on making sure they are quick to read and understand, while being appropriately comprehensive.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 2px solid #52BE80;padding: 3px\"><strong>Data Protection Officer<\/strong><\/td>\n<td style=\"border: 2px solid #52BE80;padding: 3px\">\n<ul>\n<li>As our Chief Operating Officer, Shivam will be responsible for our data processing activities. He will undertake GDPR training and will liaise with external GDPR service providers as needed to support on specific tasks and for security and privacy audits.<\/li>\n<li>However our entire team are committed to privacy and trust is at the core of what we do and offer, therefore every feature we design and operation we undertake, will include \u2018privacy and trust\u2019 considerations, that we discuss as a team and document as we go along, meaning that we continue to have \u2018privacy by design\u2019 principles followed throughout the development and operation of our application.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: right\">Data protection bill image source: <a href=\"https:\/\/dma.org.uk\/article\/new-data-protection-bill-will-strengthen-uk-data-protection-law\">The DMA<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Neighbourhood, privacy, trust and security are core to our values and offer to users. Our conceptual design, and the development of our technology, marketing and communications, follows a &#8216;privacy by design&#8217; approach. This year in the UK the new Data Protection Bill comes into force. This represents the regulatory &hellip;<\/p>\n","protected":false},"author":2944,"featured_media":251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[29,28,21,4,5],"class_list":["post-202","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised","tag-data-protection-bill","tag-gdpr","tag-individual-users","tag-privacy","tag-trust"],"jetpack_featured_media_url":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-content\/uploads\/sites\/259\/2018\/04\/dataprotectionbill.jpg","_links":{"self":[{"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/users\/2944"}],"replies":[{"embeddable":true,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":12,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/posts\/202\/revisions\/377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/media\/251"}],"wp:attachment":[{"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/generic.wordpress.soton.ac.uk\/neighbourhood\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}