digital analytics & privacy: it's not the end of the world
Post on 27-Jan-2015
106 Views
Preview:
DESCRIPTION
TRANSCRIPT
Digital Analytics & Privacy: it’s not the end of the worldNovember 12th 2013
Aurélie PolsSomething (Digital) Analytics Europe
Chief Visionary Officer & Founder
@aureliepols
Expectations: no legislation, promised!
@aureliepols
@aureliepols
Datenschutz, Protección de datos, Protection des données
Privacy, a human right?
@aureliepols
Source: http://rt.com/news/germany-brazil-un-spying-resolution-394/Source: http://www.ohchr.org/EN/Pages/WelcomePage.aspx
Navi Pillay
The changing tide of public opinion
@aureliepols
Source: http://www.globalresearch.ca/25-verdades-sobre-el-caso-evo-moralesedward-snowden/5341660
Democracy in danger since the Patriot Act?
@aureliepols
Source: http://minnesota.publicradio.org/display/web/2013/01/22/daily-circuit-alexis-de-tocqueville-democracy-in-america
This is about keeping your job
@aureliepols
Source: http://toogoodtogodown.wordpress.com/2012/04/30/youre-fired-which-grimsby-town-players-will-be-offered-new-deals-and-which-will-be-released/
http://blog.kevinmaxwell.co.uk/2012/11/guess-what-youre-fired/
The confessions of a European analyst Grew up in the Netherlands, Dutch passport
French mother tongue
Most of my friends of bilingual at least!
Have Polish & Russian origins
Set-up my first start-up in Belgium in 2003
Sold it to a UK agency, Digitas LBi (Publicis), in 2008
Moved to Spain in 2009
Created Mind Your Group (Putting Your Data to Work) + sister company Mind Your Privacy in 2012 (yes, law firm)
@aureliepols
Bridging Analytics & Data Protection in Europe
European Convention of Human Rights, Article 8: Privacy is a fundamental right
you don’t have to agree ;-)
Spain = 80% of EU Data Protection fines; strict data protection legislation, breach notification & security protocols best practices
@aureliepols
The Rule of Law is the foundation of Democracy
“Democracy must be built through open societies that share information.
When there is information, there is enlightment.
When there is debate, there are solutions.
When there is no sharing of power, no rule of law, no accountability, there is abuse, corruption, subjugation and indignation.”
Atifete Jahjaga, President of Kosovo
@aureliepols
The Rule of Law is the foundation of Democracy
@aureliepols
APEC US & UK EU
Continental law influenced
Common Law Continental Law
Class actions Fines (by DPAs: Data protection Agencies)
Privacy Personal Data Protection
Business focused Citizen focused: data belongs to the visitor/prospect/consumer/citizen
Sector based legislations: HIPPA, COPPA, VPPA, …
Over-arching EU Directives & Regulations
PII varies per state but lists defined Introduction of pseudo-anonymized data within the new PDP Regulation, partially trying to avoid pinning down PII exactly imho
* Again, you don’t have to agree!
Privacy is a tough cookie to crack
So was probably the Declaration of Human Rights, ask Eleanor Roosevelt!
So called Cookie Directive, good or bad idea?
- Very techno specific
- Doesn’t help when legislation lags behind…
- Raised awareness?
- Clean house?
@aureliepols
Best cookies in the world: Maison Dandoy, Brussels, since 1829, http://www.maisondandoy.com/en/home/,
Rome wasn’t build in a day
Take away #1:
The EU & the US view Privacy & data protection very differently and that is fine!
Rome wasn’t built in one day, neither was the traffic regulation in NY or Madrid!
@aureliepols
Wicked French ;-)Most EU countries talk of zebra paths France: are still talking of passages cloûtés
@aureliepols
Image source: http://images.forum-auto.com/mesimages/770027/passage%20cloute.jpg
Take away #2 related to data:
Time:
- Techno evolves faster than legislation
- Privacy procedures are new to techno players => no Privacy culture!
Data is ad infinitum transferable, without decay => new Privacy challenges, la bande de GAFA (CNIL)
Privacy tri-partite
Joint effort by:
1. Governments &/or international Associations => regulations, guidelines..
2. Businesses
3. Citizens/consumers/voters
Each party wanting to defend its rights:
- Personal Data Protection & the Rule of Law through respect of Fundamental Rights
vs.
- Profits & hopefully Sustainability
@aureliepols
If data is the new oil, is Privacy the new Green?
@aureliepols
Comparing Facebook’s Privacy policy
Source: http://mattmckeon.com/facebook-privacy/
What’s in a word? DATA LIFECYCLE
@aureliepols
Source: https://vividcortex.com/blog/2013/10/30/slides-from-making-big-data-small-at-strata
Source:http://www.simpletraining.com/lifecycle-data-management-training.html
Overlap & pieces missing
@aureliepols
Source: http://libraries.mit.edu/guides/subjects/data-management/cycle.html
Take away #3
Data:
- ad infinitum transferable
Legislation:
- Breach notification
Common sense:
- Procedures!
The evolution of Breach notification
@aureliepols
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
LinkedIn Big Data feedback loop
@aureliepols
Consent? Anyone?
Example:
Netflix
VPPA
Source: https://www.facebook.com/photo.php?v=10151708759330687&set=vb.9445547199&type=2&theater
Some basic Privacy terms, bouh!
PURPOSE:
What are you using the data for?
CONSENT:
Reasonable expectation of the use of data => Transparency
@aureliepols
Trust => Social Media reputation
(See also Breach notification for Crisis Management)
Creepy => Ethics boundary
You: Data Controller – Tools: Data Processor, ok?
@aureliepols
Source: http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
Take away #4
Review those bloody contracts, will you?
Assure liability is clear and that you are covered!
Did Big Data kill the Privacy framework?No, it introduced a paradigm shift
Just like analytics is becoming permeable through the company
This is also the case for the legal consequences of the use of data:
Employee Training & internal debate related to what is acceptable & what is not should become part of business
@aureliepols
User consentUser consent
Fair & Legal processFair & Legal process
Information for approved useInformation for approved use
Data diving analysis / Big DataData diving analysis / Big Data
New business opportunity through data
New business opportunity through data
PurposePurpose
Security is only one solution to the problem
@aureliepols
SECURITY(TECHNOLOGY)
SECURITY(TECHNOLOGY)
DATA COLLECTIONDATA COLLECTION
The guy in the middle is a DPO: Data Protection Officer, required key personnel once the EU Personal Data Protection Regulation passes
The EU Personal Data Protection Regulation is coming
@aureliepols
#EUDataP
Source: www.iabeurope.eu/files/8813/7882/1681/IAB_Tuesday_Webinar_Data_Protection_FINAL.pdf
ICO is an outlier
Without the right support, the best security crumbles
@aureliepols
SECURITY
(TECHNOLOGY)SECURITY
(TECHNOLOGY)
DATA COLLECTIONDATA COLLECTION
Human error causes most data breaches
Source: http://www.cooldailyinfographics.com/post/data-and-security-breaches
Bridging the analytics to the legal world
@aureliepols
User consentUser consent
Fair & Legal processFair & Legal process
Information for approved useInformation for approved use
Data diving analysis / Big Data
Data diving analysis / Big Data
New business opportunity through
data
New business opportunity through
data
SECURITYTECHNOLOGY
SECURITYTECHNOLOGY
DATA COLLECTIONDATA COLLECTION
Security = Icing on the cake
Harmonising Security & Privacy
Effective Privacy management depends upon a Risk driven approach that surpasses compliance needs
- Prepare for legislative changes
- Recognise that just because something is legal, it doesn’t mean it is a good idea
- Consider how Privacy drives strategic advantage => USP?
Skill requirements & interfaces between professionals
- Identifying intersection and tackling conflict
- Finding a common language
- Developing a Privacy culture
@aureliepols
Source: http://www.rsaconference.com/writable/presentations/file_upload/grc-w07-when-worlds-collide-harmonising-governance-between-security-and-privacy.pdf
Always ask yourself these 3 questions & keep your job
What data am I collecting?
- PII vs. non-PII
- Persönlich ↔ Pseudonym ↔ Anonym
Who has access to this data?
- Both persons & tools
Where is the data stored?
- SafeHarbor vs. Binding Corporate Rules
@aureliepols
Or follow the IAB’s recommendations!
@aureliepols
Source: http://www.fanpop.com/clubs/the-good-wife/images/25049423/title/good-wife-special-alicia-season-3-photo
Thank you for your time!
Aurélie PolsSomething (Digital) Analytics Europe
Chief Visionary Officer & Founder
@aureliepols – www.mindyourprivacy.com/uk/
top related