2. Steve Mann Life (SML) sells life insurance policies to individuals across Europe. The organisation offers monthly discounts on insurance premiums for those that enroll in ActivSystem. The system rewards customers that lead active lifestyles with discounts on monthly premiums. The ActivSystem comprises of a web portal and smartwatch to monitor the activity of customers.
The organisation requires customers to wear a smartwatch and consent via the web portal to the company collecting time and location data as well as activity data, such as footsteps taken. The organisation states the data is not encrypted, stored for five years and will only be used to determine calories burned per day. The entire data collection and processing process has not been documented, but the company is considering performing a risk analysis and reviewing relevant policies. SML customers can observe activity data on the web portal with the company expected to add features such as correcting data, data export and data deletion in time.
Data analysts within SML have determined that time and location data from customer smartwatches can also be used to determine the venues they visit. Consequently, the company has decided that discounts will be reduced for those customers that visit fast food restaurants. The analysts have also determined that the data could be sold to various companies to offset the discounts offered to customers.
The company are yet to appoint a data protection officer and the management team are concerned about some of the design decisions from the perspective of data protection.
Critique the ActivSystem from the perspective of FOUR principles of the General Data Protection Regulations (GDPR).
[12]
The developers of ActivSystem are keen to consider and discuss potential threats to the web portal component with various company stakeholders. SML customers are expected to access the system using their web browser and login with their personal email address and password. SML customers can update address details and can also use the web portal to purchase more sophisticated smartwatches.
Evaluate the web portal using an appropriate framework for thinking, discussing and classifying common threats.
[8]
