developing mobile trust in today's e-privacy landscape
TRANSCRIPT
DEVELOPING MOBILE TRUST IN TODAY'S E-PRIVACY LANDSCAPE
November 19th 2015
PRESENTERS: Todd Ruback Esq., CIPP-US/E, CIPTChief Privacy Officer & V.P. Legal Affairs
Jon SheppardDirector of Product Management, Privacy
2
Agenda
• Introductions• Update on Privacy Legal and Regulatory Landscape
• ePrivacy Directive
• Getting in Compliance & The Ghostery App Notice Solution
• Q&A
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
3
Introductions
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
Jon Sheppard Director of Product
Management, Privacy
Todd Ruback Chief Privacy Officer &
VP of Legal Affairs
AT&TJune 2015
Update on Privacy Legal and Regulatory Landscape
Todd Ruback Esq., CIPP-US/E, CIPTChief Privacy Officer & V.P. Legal Affairs
5
US Self-Regulatory Program for Online Behavioral Advertising (OBA)
• Mobile enforcement began September 1, 2015 – Accountability agents are actively monitoring and expect robust enforcement
• Extends DAA’s Principles to mobile websites and apps• Let’s Break It Down:
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
AdsIf based upon OBA data, then deploy AdChoices Icon, when opened goes to DAA’s AppChoices, the industry opt-out solution, listing third parties in ad with consumer choice
AppsShared obligation with third parties to provide notice of OBA activity and give control to consumer
6
Canada & EU Self-Regulatory Programs
CanadaDAAC; enforcement spike by ASC in recent months• Added complexity of national privacy law, PIPEDA, that also
applies to OBA• OPC Report – encouraged that Canada websites deploy
AdChoices notice, but expect more.• ASC fully supports PIPEDA; no daylight between the two.
EU EDAA; Will soon announce mobile enforcement date
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
7
What do the Self-Regulatory Programs Apply to?
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
• 3 different types of data that might be collected:
• Cross App Data (CAD) – OK, unless user opts-out
• Precision Location Data (PLD) – need affirmative consent
• Personal Directory Data (PDD)- need affirmative consent
• Control: • Settings upon download• Ghostery’s App Notice• DAA’s AppChoices
8
US State Specific Transparency Laws
States currently affected: • California (CalOPPA)• Delaware (DelOPPA) • New York proposed legislation
Legislation OverviewRequires websites, and Apps, to have comprehensive understanding of invisible digital activity and disclose it.
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
9
EU – Safe Harbor / Cross Border Data Transfers
• ECJ invalidated US Safe Harbor Program• Sky is not falling, although over 4,000 US companies rely on this legal
mechanism to transfer EU personal data to the US• Chances of Safe Harbor 2.0 – 50/50• Not clear what it may look like but third party Seal Program is at risk, and
we can expect robust monitoring and enforcement.• WP29 has given companies until Jan 31, 2016 to put Plan B in place• Many recommend Standard Contractual Clauses as short term solution
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
10
EU – General Data Protection Regulation
Last mile of negotiations• Will have new rights for individuals and obligations by companies• Will require companies to have demonstrable knowledge of digital activity
–annual audits of sites and apps
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
11
EU ePrivacy Directive – No Longer Just the Cookie Law
• Applies to websites (and Apps and connected devices)• Often confused with Self-Regulatory Programs for OBA• Will be reviewed in 2016 after GDPR is completed• Requirements – Notice & Consent • Enforcement – regulators have been signaled it applies equally to Apps
and IoT but have waited for market solution• Priority – for children’s Apps; sweeps have already happened• Solution – Ghostery’s App Notice
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
AT&TJune 2015
Getting in Compliance & The Ghostery App Notice Solution
Jon Sheppard, Director of Product Management, Privacy
13
Why is there a need for a different solution for Mobile Apps?
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
• Unlike the web: • Mobile Apps are installed and run
locally on the users device.• Changes to Apps can only be made
by updating the Apps code and releasing a new version to the App Store.
• Apps aren’t cookie based.
• Like the web:• Mobile Apps contain trackers
reporting, OBA, CAD, PLD and PDD • The list of available App trackers is
growing quickly.
14
Steps to Get into Compliance
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
1. Identify your companies mobile apps 2. Work with your mobile developer to identify the ad tech used by your apps, and data it collects
3. Implement Ghostery App Notice
UPDATE
• We can help you here if you’re lost!
AT&TJune 2015App Notice Demo
16
The Ghostery App Notice Solution Overview
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
• Worked closely with privacy leaders to design and build.
• Provided by a Software Development Kit (SDK) • Available in 2 versions depending on your App type:
• Android 4.1 and up • iOS 7 and up
• Both Explicit and Implied notice formats supported• Over 50 notice customizable options available to
match your apps requirements, including notice color and text and size etc.
17
What is an SDK?
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
• A mobile Software Development Kit (SDK) is a packet of code that allows developers to easily add new functionality to their apps.
• SDK’s are often used as shortcuts so that developers don’t have to write everything from scratch
• SDK’s frequently include sample code and supporting technical notes or documentation
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce hendrerit pellentesque tellus ut lacinia. Curabitur sed consectetur lorem, eu tincidunt urna. Ut lacinia ultrices porttitor. Phasellus vehicula blandit accumsan. Pellentesque
18
Installing your SDK
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
1. App Developers passed the SDK code via Github
GITHUB
2. SDK is installed in App by Developer: • Installation & Companion Guides are provided as well as
sample code.
YOUR APP
3. Customize the color and text of your Notice in your Site Notice Account.
4. Submit your updated App to the store for your users to download.
UPDATE
19
Ghostery is the Privacy Compliance Leader
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
• Ghostery globally is the Ad Choices Program leader• Dominant market share: Preferred Partner of every
major Ad Agency Holding• Integrated with all key buy and sell-side platforms• Close relationships with the entire privacy ecosystem• Technology vendor to DAA
SOME OF OUR INTERGRATION PARTNERS
• Over 290+ clients across desktop, mobile and video
• Over 3 billion AdChoices icons served daily
• Over 100 million site consent notices served daily
• 40 languages supported
GHOSTERY BY THE NUMBERS
20
Thank you
Private & Confidential | © 2015 Ghostery, Inc. All Rights Reserved
Jon Sheppard Director of Product
Management, Privacy
Todd Ruback Chief Privacy Officer &
VP of Legal Affairs
[email protected] [email protected]
EU SALES+44 020 7031 8232
NORTH AMERICA SALES917-791-5550
AT&TJune 2015 Q&A