Recherche avancée

Sur d’autres sites (5720)

• A Guide to GDPR Sensitive Personal Data

  13 mai 2024, par Erin

  The General Data Protection Regulation (GDPR) is one of the world’s most stringent data protection laws. It provides a legal framework for collection and processing of the personal data of EU individuals.

  The GDPR distinguishes between “special categories of personal data” (also referred to as “sensitive”) and other personal data and imposes stricter requirements on collection and processing of sensitive data. Understanding these differences will help your company comply with the requirements and avoid heavy penalties.

  In this article, we’ll explain what personal data is considered “sensitive” according to the GDPR. We’ll also examine how a web analytics solution like Matomo can help you maintain compliance.

  What is sensitive personal data ?

  The following categories of data are treated as sensitive :

  1. 1. Personal data revealing :
        • Racial or ethnic origin ;
        • Political opinions ;
        • Religious or philosophical beliefs ;
        • Trade union membership ;
     2. Genetic and biometric data ;
     3. Data concerning a person’s :
        • Health ; or
        • Sex life or sexual orientation.

  

  Sensitive vs. non-sensitive personal data : What’s the difference ?

  While both categories include information about an individual, sensitive data is seen as more private, or requiring a greater protection. 

  Sensitive data often carries a higher degree of risk and harm to the data subject, if the data is exposed. For example, a data breach exposing health records could lead to discrimination for the individuals involved. An insurance company could use the information to increase premiums or deny coverage. 

  In contrast, personal data like name or gender is considered less sensitive because it doesn’t carry the same degree of harm as sensitive data. 

  Unauthorised access to someone’s name alone is less likely to harm them or infringe on their fundamental rights and freedoms than an unauthorised access to their health records or biometric data. Note that financial information (e.g. credit card details) does not fall into the special categories of data.

  

  Legality of processing

  Under the GDPR, both sensitive and nonsensitive personal data are protected. However, the rules and conditions for processing sensitive data are more stringent.

  Article 6 deals with processing of non-sensitive data and it states that processing is lawful if one of the six lawful bases for processing applies. 

  In contrast, Art. 9 of the GDPR states that processing of sensitive data is prohibited as a rule, but provides ten exceptions. 

  It is important to note that the lawful bases in Art. 6 are not the same as exceptions in Art. 9. For example, while performance of a contract or legitimate interest of the controller are a lawful basis for processing non-sensitive personal data, they are not included as an exception in Art. 9. What follows is that controllers are not permitted to process sensitive data on the basis of contract or legitimate interest. 

  The exceptions where processing of sensitive personal data is permitted (subject to additional requirements) are : 

  • Explicit consent : The individual has given explicit consent to processing their sensitive personal data for specified purpose(s), except where an EU member state prohibits such consent. See below for more information about explicit consent. 
  • Employment, social security or social protection : Processing sensitive data is necessary to perform tasks under employment, social security or social protection law.
  • Vital interests : Processing sensitive data is necessary to protect the interests of a data subject or if the individual is physically or legally incapable of consenting. 
  • Non-for-profit bodies : Foundations, associations or nonprofits with a political, philosophical, religious or trade union aim may process the sensitive data of their members or those they are in regular contact with, in connection with their purposes (and no disclosure of the data is permitted outside the organisation, without the data subject’s consent).
  • Made public : In some cases, it may be permissible to process the sensitive data of a data subject if the individual has already made it public and accessible. 
  • Legal claims : Processing sensitive data is necessary to establish, exercise or defend legal claims, including legal or in court proceedings.
  • Public interest : Processing is necessary for reasons of substantial public interest, like preventing unlawful acts or protecting the public.
  • Health or social care : Processing special category data is necessary for : preventative or occupational medicine, providing health and social care, medical diagnosis or managing healthcare systems.
  • Public health : It is permissible to process sensitive data for public health reasons, like protecting against cross-border threats to health or ensuring the safety of medicinal products or medical devices. 
  • Archiving, research and statistics : You may process sensitive data if it’s done for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

  In addition, you must adhere to all data handling requirements set by the GDPR.

  Important : Note that for any data sent that you are processing, you always need to identify a lawful basis under Art. 6. In addition, if the data sent contains sensitive data, you must comply with Art. 9.

  Explicit consent

  While consent is a valid lawful basis for processing non-sensitive personal data, controllers are permitted to process sensitive data only with an “explicit consent” of the data subject.

  The GDPR does not define “explicit” consent, but it is accepted that it must meet all Art. 7 conditions for consent, at a higher threshold. To be “explicit” a consent requires a clear statement (oral or written) of the data subject. Consent inferred from the data subject’s actions does not meet the threshold. 

  The controller must retain records of the explicit consent and provide appropriate consent withdrawal method to allow the data subject to exercise their rights.

  Examples of compliant and non-compliant sensitive data processing

  Here are examples of when you can and can’t process sensitive data :

  • When you can process sensitive data : A doctor logs sensitive data about a patient, including their name, symptoms and medicine prescribed. The hospital can process this data to provide appropriate medical care to their patients. An IoT device and software manufacturer processes their customers’ health data based on explicit consent of each customer. 
  • When you can’t process sensitive data : One example is when you don’t have explicit consent from a data subject. Another is when there’s no lawful basis for processing it or you are collecting personal data you simply do not need. For example, you don’t need your customer’s ethnic origin to fulfil an online order.

  Other implications of processing sensitive data

  If you process sensitive data, especially on a large scale, GDPR imposes additional requirements, such as having Data Privacy Impact Assessments, appointing Data Protection Officers and EU Representatives, if you are a controller based outside the EU.

  Penalties for GDPR non-compliance

  Mishandling sensitive data (or processing it when you’re not allowed to) can result in huge penalties. There are two tiers of GDPR fines :

  • €10 million or 2% of a company’s annual revenue for less severe infringements
  • €20 million or 4% of a company’s annual revenue for more severe infringements

  In the first half of 2023 alone, fines imposed in the EU due to GDPR violations exceeded €1.6 billion, up from €73 million in 2019.

  Examples of high-profile violations in the last few years include :

  • Amazon : The Luxembourg National Commission fined the retail giant with a massive $887 million fine in 2021 for not processing personal data per the GDPR. 
  • Google : The National Data Protection Commission (CNIL) fined Google €50 million for not getting proper consent to display personalised ads.
  • H&M : The Hamburg Commissioner for Data Protection and Freedom of Information hit the multinational clothing company with a €35.3 million fine in 2020 for unlawfully gathering and storing employees’ data in its service centre.

  One of the criteria that affects the severity of a fine is “data category” — the type of personal data being processed. Companies need to take extra precautions with sensitive data, or they risk receiving more severe penalties.

  What’s more, GDPR violations can negatively affect your brand’s reputation and cause you to lose business opportunities from consumers concerned about your data practices. 76% of consumers indicated they wouldn’t buy from companies they don’t trust with their personal data.

  Organisations should lay out their data practices in simple terms and make this information easily accessible so customers know how their data is being handled.

  Get started with GDPR-compliant web analytics

  The GDPR offers a framework for securing and protecting personal data. But it also distinguishes between sensitive and non-sensitive data. Understanding these differences and applying the lawful basis for processing this data type will help ensure compliance.

  Looking for a GDPR-compliant web analytics solution ?

  At Matomo, we take data privacy seriously. 

  Our platform ensures 100% data ownership, putting you in complete control of your data. Unlike other web analytics solutions, your data remains solely yours and isn’t sold or auctioned off to advertisers. 

  Additionally, with Matomo, you can be confident in the accuracy of the insights you receive, as we provide reliable, unsampled data.

  Matomo also fully complies with GDPR and other data privacy laws like CCPA, LGPD and more.

  Start your 21-day free trial today ; no credit card required. 

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• ffmpeg drawtext Arabic fonts doesn't render correctly [closed]

  11 février 2024, par Mahmoud Abdellatief

  what i'm trying to achieve :
loop an image into a video and overlay Arabic Text from the Qur'an on it including the text diacritical mark, using a custom font.

  


  example of the text to be rendered :

  


  بِسْمِ ٱللَّهِ ٱلرَّحْمَـٰنِ ٱلرَّحِيمِ


  


  the font used :
https://fonts.qurancomplex.gov.sa/wp02/wp-content/uploads/2024/01/UthmanicHafs_v22.zip

  


  font's unicode module :

  


  Unicode Module 
 
The Research and Development Unit in the Computer Department at King Fahd Glorious Qur’an Printing Complex relied on the unicode system unicode to create (Hafs) font in the Uthmanic Script, because this system is followed globally among computer and systems manufacturing companies in the world.

Unicode organization is a global code group that is used to define all codes and letters used in most of the world's languages and gathered in one code to facilitate the presentation and delivery on information despite of the language used. This global coding uses 1 to 4 bytes (byte = 8 bits) to encode letters, and so far only a third of the number available in Unicode organization to encode the letters of these languages.

Taking into account Hafs font with the Uthmanic Script, which was built entirely on the unicode system. We can explore the basic letters that were formed according to the following figure:

Whereas the font was developed starting from code (0600 ) to code (066FF ) Taking into account there are several encoded letters that haven't been used at all so it was replaces with the code []. The displayed copy above is the one that is been developed from the basic Arabic coding (0600-06FF) which was updated by Unicode organization in 2009.


  


  expected result :
exported video with correctly rendered text using the given font.

  


  actual result :
the text rendered contains only the diacritical marks ( which are the accents on top of the letters ) without the actual letters.


  


  what i tried :
this is my test command which exports just an image for faster results :

  


  Ffmpeg -loop 1  -i "image-2.jpg" -vf "drawtext=text='بِسْمِ ٱللَّهِ ٱلرَّحْمَـٰنِ ٱلرَّحِيمِ':fontsize=124:fontcolor=white:fontfile='UthmanicHafsV22.ttf':x=(w-text_w)/2:y=(h-text_h)/2" -frames:v 1  "output.png"


  


  

  • tried adding ft_load_flags , almost tried all of them

  


  • tried text_shaping=1 , with no success

  


  • tried textfile instead of text

  


  • tried changing the font, any font i try with it always have different problems, either some squares instead of the diacritical mark

  


  


  p.s im having same results on both latest ffmpeg compiled by myself on macos terminal with all required libraries enabled , and also on flutter ffmpeg kit full gpl

  


• Introducing the Matomo Connector for Looker Studio (Formerly Google Data Studio)

  26 janvier 2024, par Erin — Community

  Explore Matomo data like never before with the official Matomo Connector for Looker Studio. Matomo users can now securely display accurate web analytics data in Looker Studio for free.

  Connect Matomo to Looker Studio (formerly known as Google Data Studio) in a few clicks and start building dashboards instantly. Get access to a range of data visualisation capabilities and chart types in Looker Studio’s easy-to-use interface. 

  Leave behind manual, error-prone spreadsheet entries and disparate data. With the Matomo Connector for Looker Studio, you get unified, automated reporting and interactive dashboards for faster insights and smoother collaboration.

  What sets the official Matomo Connector for Looker Studio apart ?

  Our open-source connector puts security first by providing a reliable connection without relying on third-party intermediaries. It’s free, with no hidden charges, and no limits on the number of users or Matomo instances. Connect as many instances as you need. 

  Plus, our Support team is here anytime you need help.

  

  Who is this connector made for ?

  The Matomo Connector for Looker Studio is a good fit for institutions and corporations using Looker Studio, NGOs handling multiple entities, marketing agencies with various clients, and small to medium-sized businesses with advanced data practices.

  When is this connector not the best fit ?

  If you prioritise privacy and compliance, this might not be the right fit. The Looker Studio app operates on Google servers, and while we don’t log or store any data, privacy considerations should be carefully evaluated. Transferring data, especially visitor data, to external platforms can have privacy implications.

  Getting started

  Check out our documentation for an easy setup.

  To help, we’ve also created a template report so you can visualise your Matomo data instantly.

  Here’s how to get started :

  1. Visit the demo template report in Looker Studio
  2. Click the more options button then Make a copy

  

  3. Click Create data source within the New Data Source dropdown.

  

  4. Connect your Matomo (Full Connection Guide)
  5. Select the API > Main Metrics report
  6. Click Connect and then Add to Report
  7. Click Copy Report to finalise

  For additional support, visit our Matomo Looker Studio forum or reach out to our Looker Studio support team via email at support-lookerstudio@matomo.org