GDPR: Internet Privacy and Data Protection
With Internet privacy, social media data harvesting, hacked websites etc., being in the news so much lately, and the EU General Data Protection Regulation (GDPR) now in effect, we decided to write an outline on how Disabled World treats and safeguards your personal information when using our website.
The basic aim of the EU General Data Protection Regulation (GDPR) is to protect all European Union (EU) citizens from privacy and data breaches in an increasingly data-driven world.
After 4 years of preparation and debate the EU General Data Protection Regulation (GDPR) was approved by EU Parliament on 14th April 2016, and came into effect on 25th May 2018. From its charter: "The protection of natural persons in relation to the processing of personal data is a fundamental right."
The General Data Protection Regulation is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU) and the European Economic Area (EEA). The GDPR is designed to give EU citizens more control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Personal data under the GDPR means any information related to a natural person or 'Data Subject', that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking, forums, or websites with comment areas, medical information, or a computer IP address.
The GDPR will affect companies located in the European Union as well as those that have operations and customers there too. For children under 16, a person holding "parental responsibility" must opt-in to data collection on their behalf.
The GDPR also addresses the export of personal data outside the EU. Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable (GDPR page on Wikipedia.
I am sure other nations/states will also be adopting their own data protection laws/rules. However, a global version for all would be far easier to implement and would reshape the way organizations across the globe approach online privacy, data safety, and storage.
Is The GDPR the Beginning of the End for Online Comments/Forums?
As the GDPR compliance date (May 25th 2018) approached, no doubt you noticed more and more websites deleting and removing various website features and plug-ins such as, 3rd party social media share buttons, website analytic programs, both "in-house" and 3rd party user comments and comment scripts, public forums etc. many of which have been collecting and sometimes selling your personal information, browsing history and online surfing habits.
From May 25th, 2018, websites are now required to seek permission of E.U. and G.B. website visitors to allow tracking cookies, data gathering, and personalized ads - in fact anything that can identify you or your browsing habits on a web site.
We at Disabled World realized some time ago that Internet privacy, tracking cookies, targeted advertising based on a visitors browser history etc. was becoming like the "Wild West" and getting way out of line and we were not comfortable with our visitors, many who have disabilities, information possibly being gathered and used by 3rd parties for targeting, and other data gathering purposes - And it seems our foresight was 100% correct!
Be Careful Online! Recent Major Privacy Breaches
- February 11, 2019 - 620 MILLION ACCOUNTS stolen from 16 hacked websites now for sale on dark web - Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).
- Disqus Comments - The self reporting by Disqus of the hacking of their comment platform, which resulted in 17.5M stolen user names, email addresses, sign-up and login dates. Additionally, passwords for about one-third of Disqus users/commenter's were compromised. NOTE: To help protect against Disqus comment script tracking and advertising check out the browser addon/extension "uBlock Origin" (No affiliation).
- FaceBook Hacked - On September 25, 2018, Facebook announced a massive security issue affecting at least 50 million of its 2.23 billion active users. According to Facebook, the exploit was patched on Thursday, September 27, 2018. Update 9/29/2018: Facebook announced 3rd party apps were able to be accessed as well. Prior to FB learning of the hack, if the attackers were able to retrieve an access token for your account, they could theoretically log in to your account on their machine and have full access to it. Facebook's Guy Rosen said, "...hackers would also have access to any app that was linked to your account as well."
- Facebook - Dec. 19, 2018 - Facebook gave some companies more extensive access to user's personal data than it has previously revealed, letting them read private messages or see the names of friends without consent, according to a New York Times report.
- Facebook - This year (2018) Facebook was platinized for security and privacy breach, but now another scandal of this social platform has come across and that is Facebook's Location Tracking. Even you try but you can't hide Facebook's advertising system that uses your location to target ads.
- FaceBook Data Harvesting - Most of you would have also heard of the recent Cambridge Analytica and Facebook data scandal in which Facebook is facing international investigations into the illicit harvesting of as many as 87 million users' personal data and then developed a software program that profiled those citizens to predict voting patterns - and, through micro-targeted ads, influence US citizens' voting decisions.
- Instagram - Added 20th Nov 2018 - GDPR tool exposes user passwords - A report in The Intercept explains that the bug was an unfortunate consequence of the company's response to GDPR and data protection. Instagram says the bug was limited to "a small number of people," and those affected have been contacted.
- Google Plus - Tech giant Google has said that its social network Google+ will be shut down after it was discovered that a bug exposed private data of up to 500,000 users to external developers. The announcement was made by Ben Smith, Google Fellow and vice-president of engineering. Up to 500,000 people may have been affected by the flaw, which allowed hundreds of apps to access data including people's jobs, ages and location information.
- Google+ (Again) - Google will end its social network Google+ in April, four months earlier than expected, after finding another security issue impacting more than 50 million people. In a blog post Monday 10th Dec., 2018, , Google said that a November software update caused the Google+ API to inadvertently make users' personal information viewable to developers, even if they had opted to keep their details private.
- YouTube - YouTube moved to address the newest in a string of "brand safety" controversies that could affect its advertising business late yesterday (20/2/2019) by restricting ads on millions of videos as they further refine their ads policies and improve enforcement around violative comments. In addition, YouTube suspended comments on tens of millions of videos that are likely innocent but could be subject to predatory comments. These changes have resulted in the removal of 4.3 million videos and 3.7 million comments to date.
- Reddit - In a post published Wednesday 1st August 2018, Reddit said an attacker breached several employee accounts in mid-June. The attacker then accessed a complete copy of backup data spanning from the site's launch in 2005 to May 2007. The data included cryptographically salted and hashed password data from that period, along with corresponding user names, email addresses, and all user content, including private messages. "On June 19, we learned that an attacker compromised a few of Reddit's accounts with cloud and source code hosting providers by intercepting SMS 2FA verification codes," a Reddit spokesperson said in a statement.
- Twitter - 336 Million Twitter users asked to change password after the company recently discovered a bug that stored user passwords in plain text in an internal system.
- Ashley Madison Hack - In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a dating website for extramarital affairs. Because of the site's policy of not deleting users' personal information – including real names, home addresses, search history and credit card transaction records, the group were able to copy the site's user base and threatened to release user names and personally identifying information if the site would not immediately shut down. On 18 and 20 August, the group leaked more than 25 gigabytes of company data, including private user details.
Every day unreported website data breaches are occurring on small, as well as not so small, websites without adequate security system(s) in place.
How to Take Control of Your Facebook Account - Things you have control over that can help make your Facebook experience better for you - Facebook.
How We Protect Your Privacy on Disabled World
- We stopped using the FaceBook comment "plugin" due to the ease in which comments made on Disabled World could also be posted to the commenter's FaceBook page if a small box near the comment submit area, that could easily be missed, wasn't unchecked/un-ticked. This sometimes resulted in a commenters post appearing on their FaceBook timeline when it wasn't their intention for it to do so.
- We replaced the FaceBook comment system with a 3rd party comments system from Disqus, but due to accessibility issues, not to mention the concern for our visitors privacy - as David Fleck, general manager of advertising at Disqus stated - "We have the largest and deepest audience profiles on the web." - "Translation: We're tracking everyone who visits a website with Disqus enabled and building a profile of them based on the content of the sites they visit and any comments they leave. "Deeper" than Facebook". Needless to say the Disqus comment script was promptly removed from Disabled World, as well as our sister sites, to address both data privacy and hacking concerns.
- We updated to the latest powerful and secure servers and re-located our hosting to Canada, due to their tougher data privacy laws. Our server is constantly scanned for attempted security breaches and hacking attempts. No user information is stored on our servers apart from essential log data, which may include your IP address, these logs are fully deleted on a regular basis.
- We discontinued and removed our regular weekly newsletter and deleted all names and email addresses of subscribers.
- We removed a 3rd party social media sharing script - (ShareThis - Which nearly a year after removing they self reported just being hacked! - See above data breach list) - that made it easier to post our article headlines and pictures to platforms such as; Twitter, FaceBook, LinkedIn, Google+ etc. This has now been replaced, (18/07/18), by an inhouse manually coded system that does not use cookies and is completely anonymous to use.
- We removed Google Analytics, a popular website add on that is used by the majority of websites to analyze the number of visitors to a website, regional statistics, browsers used, time on website/pages, and much much more.
Our Cookie Information, Privacy Policy, and Terms of Service pages have been updated to reflect these changes.
What Countries Make Up the European Union (EU)?
There are currently 28 countries that are in the EU, they are listed below including the EU country abbreviations:
(Full list of ISO 3166 World Country Codes)
Austria - AT | Italy - IT |
Belgium - BE | Latvia - LV |
Bulgaria - BG | Lithuania - LT |
Croatia - HR | Luxembourg - LU |
Cyprus - CY | Malta - MT |
Czech Republic - CZ | Netherlands - NL |
Denmark - DK | Poland - PL |
Estonia - EE | Portugal - PT |
Finland - FI | Romania - RO |
France - FR | Slovakia - SK |
Germany - DE | Slovenia - SI |
Greece - GR | Spain - ES |
Hungary - HU | Sweden - SE |
Ireland - IE | United Kingdom - GB |
Disabled World provides general information only. Materials presented are never meant to substitute for qualified medical care. Any 3rd party offering or advertising does not constitute an endorsement.