developing mobile trust in today's e-privacy landscape

DEVELOPING MOBILE TRUST IN TODAY'S E-PRIVACY LANDSCAPE

November 19th 2015

PRESENTERS: Todd Ruback Esq., CIPP-US/E, CIPTChief Privacy Officer & V.P. Legal Affairs

Jon SheppardDirector of Product Management, Privacy

2

Agenda

• Introductions• Update on Privacy Legal and Regulatory Landscape

• ePrivacy Directive

• Getting in Compliance & The Ghostery App Notice Solution

• Q&A

Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved

3

Introductions


Jon Sheppard Director of Product

Management, Privacy

Todd Ruback Chief Privacy Officer &

VP of Legal Affairs

AT&TJune 2015

Update on Privacy Legal and Regulatory Landscape

Todd Ruback Esq., CIPP-US/E, CIPTChief Privacy Officer & V.P. Legal Affairs

5

US Self-Regulatory Program for Online Behavioral Advertising (OBA)

• Mobile enforcement began September 1, 2015 – Accountability agents are actively monitoring and expect robust enforcement

• Extends DAA’s Principles to mobile websites and apps• Let’s Break It Down:


AdsIf based upon OBA data, then deploy AdChoices Icon, when opened goes to DAA’s AppChoices, the industry opt-out solution, listing third parties in ad with consumer choice

AppsShared obligation with third parties to provide notice of OBA activity and give control to consumer

6

Canada & EU Self-Regulatory Programs

CanadaDAAC; enforcement spike by ASC in recent months• Added complexity of national privacy law, PIPEDA, that also

applies to OBA• OPC Report – encouraged that Canada websites deploy

AdChoices notice, but expect more.• ASC fully supports PIPEDA; no daylight between the two.

EU EDAA; Will soon announce mobile enforcement date


7

What do the Self-Regulatory Programs Apply to?


• 3 different types of data that might be collected:

• Cross App Data (CAD) – OK, unless user opts-out

• Precision Location Data (PLD) – need affirmative consent

• Personal Directory Data (PDD)- need affirmative consent

• Control: • Settings upon download• Ghostery’s App Notice• DAA’s AppChoices

8

US State Specific Transparency Laws

States currently affected: • California (CalOPPA)• Delaware (DelOPPA) • New York proposed legislation

Legislation OverviewRequires websites, and Apps, to have comprehensive understanding of invisible digital activity and disclose it.


9

EU – Safe Harbor / Cross Border Data Transfers

• ECJ invalidated US Safe Harbor Program• Sky is not falling, although over 4,000 US companies rely on this legal

mechanism to transfer EU personal data to the US• Chances of Safe Harbor 2.0 – 50/50• Not clear what it may look like but third party Seal Program is at risk, and

we can expect robust monitoring and enforcement.• WP29 has given companies until Jan 31, 2016 to put Plan B in place• Many recommend Standard Contractual Clauses as short term solution


10

EU – General Data Protection Regulation

Last mile of negotiations• Will have new rights for individuals and obligations by companies• Will require companies to have demonstrable knowledge of digital activity

–annual audits of sites and apps


11

EU ePrivacy Directive – No Longer Just the Cookie Law

• Applies to websites (and Apps and connected devices)• Often confused with Self-Regulatory Programs for OBA• Will be reviewed in 2016 after GDPR is completed• Requirements – Notice & Consent • Enforcement – regulators have been signaled it applies equally to Apps

and IoT but have waited for market solution• Priority – for children’s Apps; sweeps have already happened• Solution – Ghostery’s App Notice


AT&TJune 2015

Getting in Compliance & The Ghostery App Notice Solution

Jon Sheppard, Director of Product Management, Privacy

13

Why is there a need for a different solution for Mobile Apps?


• Unlike the web: • Mobile Apps are installed and run

locally on the users device.• Changes to Apps can only be made

by updating the Apps code and releasing a new version to the App Store.

• Apps aren’t cookie based.

• Like the web:• Mobile Apps contain trackers

reporting, OBA, CAD, PLD and PDD • The list of available App trackers is

growing quickly.

14

Steps to Get into Compliance


1. Identify your companies mobile apps 2. Work with your mobile developer to identify the ad tech used by your apps, and data it collects

3. Implement Ghostery App Notice

UPDATE

• We can help you here if you’re lost!

AT&TJune 2015App Notice Demo

16

The Ghostery App Notice Solution Overview


• Worked closely with privacy leaders to design and build.

• Provided by a Software Development Kit (SDK) • Available in 2 versions depending on your App type:

• Android 4.1 and up • iOS 7 and up

• Both Explicit and Implied notice formats supported• Over 50 notice customizable options available to

match your apps requirements, including notice color and text and size etc.

17

What is an SDK?


• A mobile Software Development Kit (SDK) is a packet of code that allows developers to easily add new functionality to their apps.

• SDK’s are often used as shortcuts so that developers don’t have to write everything from scratch

• SDK’s frequently include sample code and supporting technical notes or documentation

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce hendrerit pellentesque tellus ut lacinia. Curabitur sed consectetur lorem, eu tincidunt urna. Ut lacinia ultrices porttitor. Phasellus vehicula blandit accumsan. Pellentesque

18

Installing your SDK


1. App Developers passed the SDK code via Github

GITHUB

2. SDK is installed in App by Developer: • Installation & Companion Guides are provided as well as

sample code.

YOUR APP

3. Customize the color and text of your Notice in your Site Notice Account.

4. Submit your updated App to the store for your users to download.

UPDATE

19

Ghostery is the Privacy Compliance Leader


• Ghostery globally is the Ad Choices Program leader• Dominant market share: Preferred Partner of every

major Ad Agency Holding• Integrated with all key buy and sell-side platforms• Close relationships with the entire privacy ecosystem• Technology vendor to DAA

SOME OF OUR INTERGRATION PARTNERS

• Over 290+ clients across desktop, mobile and video

• Over 3 billion AdChoices icons served daily

• Over 100 million site consent notices served daily

• 40 languages supported

GHOSTERY BY THE NUMBERS

20

Thank you


Jon Sheppard Director of Product

Management, Privacy

Todd Ruback Chief Privacy Officer &

VP of Legal Affairs

[email protected] [email protected]

EU SALES+44 020 7031 8232

NORTH AMERICA SALES917-791-5550

[email protected] [email protected]

AT&TJune 2015 Q&A