Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsHave You Reconsidered Third-Party Access to Your Data?
Has your organization reconsidered the data access provided to third-parties over the past year?
Third-party data sharing has been a hot topic in the privacy world over the past year as the European Union General Data Protection Regulation (GDPR) put additional vendor management obligations on controllers utilizing processors and Facebook became the center of attention for the government and media.
A number of changes were made by corporations preceding implementation of GDPR last year but the May 25th deadline was by no means the end of them. Companies continue to look to improve their third-party vendor and and partner management. A recent announcement by Google about changes to its requirements underlines the need for other organizations to make efforts in this area.
The Google effort to reevaluate third-party developer access to data is called Project Strobe. Its work already led to the shutdown of Google+ last year after it detected data sharing issues with the social network’s API. Google recently announced additional changes for Chrome extension developers, which included additional data minimization and transparency requirements. After the changes go into effect, developers will be required to limit requests for data to only that which is necessary for their features. Their will also be expanded requirements for developers to post privacy policies.
As part of the announcement about the chrome extension changes, an employee of Google wrote, “To make [the third-party app and website] ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road.”
This will likely not be the last change by Google with respect to the conditions for access to its customer data for third-parties. We expect there will be many more from both Google and other companies.
The California Consumer Privacy Act (CCPA) places additional restrictions on covered businesses data sharing and sales to third-parties. Now is the time to put in place a review of your third-party data sharing before the CCPA effective date of January 1, 2020.
The Clarip Data Risk Intelligence Platform, among other things, helps organizations engage in data mapping to understand their data collection, usage and third-party sharing. If your organization needs to review its third-party data sharing, ask us for a demo through our online contact form or by calling 1-888-252-5653.
