Does GDPR Cause Privacy Problems?


An article in The Register talks about a presentation at the Black Hat security conference in Las Vegas where “James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and even her mother's maiden name.” 

The presentation blamed that ability to game the system on the GDPR (the EU privacy law), and took the position that the GDPR actually caused a privacy problem. This position has been widely criticized. Rights to obtain your own information from those who have it were around long before the GDPR.  

It speaks more to a lack of appropriate processes to authenticate people who are asking for information about themselves.  

There are two practical takeaways from this.  

Entities with information on people need appropriate policies and protocols to authenticate those contacting them for information or to talk about their accounts.  

The next time your service provider asks you questions or seems reluctant to deal with you, keep in mind that it is for your protection.

Connect with David Canton on Twitter and LinkedIn.

David Canton