Long-term accountability in digital trust

Who is Responsible for Excessive Data Processing? A recent ruling by the OLG Dresden/Germany (Az.: 4 U 940/24) has implications particularly regarding the responsibilities of data controllers and processors under the GDPR framework. Case Overview: The case involved a music streaming service that utilized a processor based in Israel until December 1, 2019. On November 30, 2019, the processor informed the streaming service that it would delete the processed data following the termination of their contract the next day. According to their agreement, the processor was required to confirm the deletion of data within 21 days post-contract termination. However, this confirmation was not received until 2023, and only after the streaming service inquired about it. Compounding the issue, a data leak occurred due to a hacker attack on the processor during this period. A user, who had been registered with the streaming service since 2016, claimed that his data was among those compromised and sought damages of at least €1,000 under Article 82 of the GDPR. The streaming service argued that it was not responsible for the storage of data by the Israeli processor after the contract ended. 🔍 Key Legal Insights from the Ruling: The court clarified that data controllers are liable not only for their own actions but also for the actions of their processors. Active Monitoring Required: The court underscored that simply trusting processors is insufficient. Controllers must actively monitor compliance with data deletion protocols. In this case, the streaming service failed to obtain timely written confirmation of data deletion, which the court deemed a significant oversight. The ruling highlighted that a mere notification from the processor about the intention to delete data is inadequate. Controllers should ensure they obtain concrete evidence of compliance, such as detailed written confirmations listing the deleted data. Long-Term Accountability: The decision illustrates that the consequences of inadequate oversight can linger long after the initial incident. Organizations must recognize that insufficient monitoring can lead to prolonged legal challenges and reputational damage. Image source: EDPB

𝗖𝗼𝗿𝗽𝗼𝗿𝗮𝘁𝗲 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 (𝗖𝗗𝗥): 𝗘𝘁𝗵𝗶𝗰𝘀 𝗮𝘀 𝘁𝗵𝗲 𝗖𝗼𝗺𝗽𝗮𝘀𝘀 𝗼𝗳 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗧𝗿𝗮𝗻𝘀𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 Digitization has transformed how we live, work, and do business. But with these opportunities come ethical dilemmas, privacy concerns, and fairness risks. For companies, the challenge is no longer just how fast they can digitize, but how responsibly. 𝗪𝗵𝘆 𝗖𝗗𝗥 𝗺𝗮𝘁𝘁𝗲𝗿𝘀 𝘁𝗼𝗱𝗮𝘆 Trust has become the true currency of digitization. No matter how advanced the technology, adoption only follows if people believe it is safe, fair, and ethical. Stakeholders i.e. customers, employees, regulators, and investors, want proof that businesses are not only legally compliant, but also addressing conflicts of interest and unintended harm. Companies that ignore this risk reputational damage, regulatory backlash, and erosion of customer loyalty. 𝗪𝗵𝗮𝘁 𝗖𝗗𝗥 𝗿𝗲𝗮𝗹𝗹𝘆 𝗺𝗲𝗮𝗻𝘀 Corporate Digital Responsibility goes beyond compliance. It is about embedding values into how data and technology are created, operated, refined, and retained. It asks questions like: • Are we protecting customer privacy and wellbeing? • Do our algorithms treat people fairly, or do they reinforce bias? • Are our digital products designed with sustainability in mind? • How do we balance short-term profit with long-term trust? 𝗧𝗵𝗲 𝗖𝗗𝗥 𝗖𝗮𝗹𝗰𝘂𝗹𝘂𝘀: 𝗡𝗮𝘃𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗧𝗿𝗮𝗱𝗲-𝗢𝗳𝗳𝘀 Recent research introduces the idea of a CDR calculus: Value of good CDR = Mitigation of risks + Brand equity & trust − (Opportunity costs + Cost of robust CDR). This makes the trade-offs explicit: Monetizing more customer data may increase short-term revenue but risks long-term trust. Launching features quickly may save costs but could expose bias or privacy gaps. Investing in governance and culture feels expensive—but it reduces regulatory risk and builds brand equity that competitors can’t easily replicate. 𝗧𝗵𝗿𝗲𝗲 𝗶𝗺𝗽𝗲𝗿𝗮𝘁𝗶𝘃𝗲𝘀 𝗳𝗼𝗿 𝗹𝗲𝗮𝗱𝗲𝗿𝘀 𝗧𝗿𝘂𝘀𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗮𝗱𝗼𝗽𝘁𝗶𝗼𝗻 𝗲𝗻𝗴𝗶𝗻𝗲. Embed CDR into culture, roles, and governance. Measure explainability, track privacy incidents, and make digital ethics part of leadership KPIs. 𝗗𝗲𝗰𝗶𝗱𝗲 𝘄𝗶𝘁𝗵 𝗲𝘆𝗲𝘀 𝗼𝗽𝗲𝗻. Use the CDR calculus to balance revenue, risk, and trust. Make clear choices about what you will—and won’t—do with customer data. 𝗚𝗼𝘃𝗲𝗿𝗻 𝘁𝗵𝗲 𝘄𝗵𝗼𝗹𝗲 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺. CDR issues often arise at the boundaries—with partners, platforms, and third parties. Shared governance, due diligence, and aligned values are non-negotiable. 𝗧𝗵𝗲 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆: Good CDR pays twice. It reduces risks and creates competitive advantage by strengthening trust, loyalty, and long-term resilience. The winners of digital transformation will be those who innovate with integrity. Ref: Wirtz et al., Journal of Service Research, 2023

For over two decades, digital marketers have leaned on third-party cookies to track users, target ads, and build campaigns around behavioral data. It has worked well for performance, but it has also encouraged a mindset of easy access over earned trust. That era is coming to a close. Apple's iOS updates, particularly App Tracking Transparency (ATT), have already reshaped the advertising landscape. Combined with regulations like GDPR and CCPA, growing consumer awareness, and tighter browser restrictions, the way we collect and use data is undergoing a permanent shift. According to Statista, more than 30% of marketers are still fully dependent on third-party cookies, and many are unprepared for what comes next. This is not just a challenge to update tools. It is a moment to re-evaluate priorities. As marketers, we should be asking hard questions: - Are we prioritizing short-term targeting over long-term relationships? - Are we building strategies based on user consent and value? - Do we truly know our customers, or are we simply watching them? The most forward-thinking brands are not looking for technical workarounds. They are investing in first-party data, transparent communication, and trust-based engagement. They are building the kinds of experiences people actually opt into, not opt out of. This is a defining moment for marketing leadership. It is a chance to move away from extractive models and toward ones that are more respectful, human, and sustainable. How is your team navigating this transition? Are you ready for a world where trust is the most valuable currency? #CookielessFuture #MarketingLeadership #DigitalTrust #FirstPartyData #CustomerExperience

In today’s decentralized financial landscape, trust is no longer a static requirement—it is a real-time, technology-enabled assurance that VASPs are operating with integrity and accountability. At VARA, we view Digital Assurance Frameworks as essential to delivering continuous supervision, grounded in data, driven by risk, and designed to adapt to emerging technologies. Key Elements of a Robust Digital Assurance Model for VASPs: • Real-Time, On-Chain Transaction Monitoring: As outlined in the VARA Compliance & Risk Management Rulebook, VASPs are required to implement robust mechanisms for on-chain monitoring to detect illicit activity, manage counterparty risk, and maintain transparency in real-time. • Risk-Based Reporting: Assurance activities should be aligned with a VASP’s service complexity, business model, and exposure to market risks. • Automated Controls Validation: Leveraging RegTech and blockchain analytics to enable dynamic, automated testing of compliance and technical controls. • Data Integrity & Auditability: Securing verifiable transaction records, client asset flows, and financial data across platforms. • Governance & Accountability: Digital assurance frameworks must be embedded within the VASP’s risk governance structure with clear lines of oversight and responsibility. The VARA supervisory model is built for Web3—digital-first, intelligence-led VASP’s and always on. By aligning with real-time assurance expectations, VASPs can foster lasting trust with regulators, users, and the broader ecosystem. As we move from periodic reviews to continuous compliance, let’s collectively shape a framework that makes innovation both safe and scalable. #DigitalAssurance #OnChainMonitoring #VASPs #VirtualAssets #VARA #CryptoCompliance #RiskBasedSupervision #BlockchainAnalytics #RegTech #Web3Governance #compliance #blockchain #fintech #financialcrime #crypto #bitcoin #digitalassets

"IT Governance is not a Destination but an Ongoing Journey." The relentless march of technology offers extraordinary opportunities for growth, innovation, and societal advancement. However, this transformation also brings complex risks from disruptive cyberattacks to the ethical dilemmas surrounding data and artificial intelligence. Effective IT governance now stands as a cornerstone of organizational resilience, responsible growth, and establishing digital trust. Far more than a technical or compliance exercise, IT governance is about making strategic choices that unlock innovation, protect assets and intellectual property, safeguard customer data, and ensure long-term sustainability. It's about fostering a culture of digital responsibility, where trust is woven into the fabric of how an organization utilizes technology. The "IT Governance Guidelines for Directors 2024" provides a detailed yet accessible blueprint for boards of directors and senior executives. It aims to demystify the essential elements of IT governance and empower those in leadership roles to ask the right questions, align technology investments with broader business objectives, and build the oversight mechanisms required for the digital age. This document, born from the collaboration between ISACA Sri Lanka and Institute of Chartered Accountants of Sri Lanka, stands as a testament to the interdisciplinary nature of effective IT governance. It recognizes that boards have a fiduciary duty to oversee and guide their organization's technological trajectory, ensuring that technology serves the business rather than dictating its direction. This document is a valuable tool to revisit regularly as technology and risk landscapes evolve. By embracing the principles outlined in this document, you position your organization to navigate the digital world with confidence, proactively managing vulnerabilities, harnessing innovation, and building trust with your stakeholders, ensuring IT governance takes its rightful place at the heart of your organization's strategic decision-making. Heshana Kuruppu Tishan Subasinghe (FCA, CISA, LL.B(Hons), MBA(Fin.)(Col.) Ashane Jayasekara FCA, CFE, CIA, CISA Asanka Suraweera Jayantha Peiris ISACA #ITGovernance #DigitalTrust #Cybersecurity #BoardLeadership #RiskManagement #TechStrategy #DigitalTransformation #GovernanceFrameworks #LeadershipTools #BoardDirectors #Innovation