exploring the legal dos and don'ts of digital marketing...bird & bird digital marketing app...
TRANSCRIPT
Information Classification: General
Exploring the legal dos and don'ts of digital marketing
Geneva, 9 May 2019
Vitafoods Education Programme
Nicolas Carbonnelle
Counsel, Bird & Bird LLP
Information Classification: General
Exploring the legal dos and don'ts of digital marketing
• Engaging with customers online : B2C e-commerce
• Evaluating the use of use personal data
• Delving into influencers and social media from a legal perspective
What we will discuss today
Slide 2
Information Classification: General
B2C e-commerce
Slide 3
Information Classification: General
Slide 4
• Internet domain
• Trademarks
• e-store business model: independent/ outsourced (e.g. dropshipping) / …
• Relations with the host provider
• Relations with entities providing payment services
• Logistics - warehouse, delivery
• Software contracts
• Distribution agreements, delivery of goods
• Complaints service
B2C e-commerceMain areas of legal risk of launching an online store
Information Classification: General
Slide 5
• Site and purchase regulations
• Information for the consumer
• Way of presenting prices and goods / services
• Specific regulations regarding the sale of certain goods and services
• Complaints and consumer claims
• Sale
• Competitions
• Promotion in social media and by influencers
• Personal data & privacy
B2C e-commerceConsumer-related legal issues and points of attention
Information Classification: General
Bird & Bird Digital Marketing App
• Quick guide to
- Online advertising
- Prize promotions
- Social media and influencers
- Comparative advertising
- Data protection and privacy
• Covers 17 jurisdictions
Slide 6
Information Classification: General
Evaluating the use of personal data
Slide 7
Information Classification: General
Privacy & Data ProtectionKey concept of "personal data"
Two key definitions:
'personal data'
any information relating to an identified or identifiable natural person (‘data subject’)
'identifiable natural person'
A person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 8
Information Classification: General
Privacy & Data ProtectionContext
This presentation was partly supported by the EU-funded projects TOREADOR (contract n. H2020-688797), THREAT-ARREST (contract n. H2020-786890), DEFeND (contract n. H2020-787068), and LeMO (contract n. 770038)
Data Protection Directive
Data Protection
Regulation
(GDPR)
● 28 different implementations and applications across EU
● Entry into application on 25 May 2018
● Equivalent level of protection of personal data throughout EU
● But Member States still have some room for manoeuvre
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 9
Information Classification: General
Right of individuals
Access
Information
Restriction
Portability
Rectification Objection
Erasure Automated decision-making / profiling
Information and access Rectification and
erasure
Right to object and automated individual
decision-making
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 10
Information Classification: General
Principles
7 principles
Lawfulness,
fairness &
transparency
Purpose
limitation
Data
minimisation
AccountabilityStorage
limitation
Integrity
&
Confidentiality
Accuracy
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 11
Information Classification: General
Privacy notices/policies
It's all about transparency!
•Identity and contact details of the controller (and representatives)
•Contact details of the DPO (if applicable)•Recipients (or categories of recipients)
Who?
•Purpose(s) of the processing•Legal basis for processing (e.g. legitimate interest)
Why?
•Categories of personal data*•Source of the data*•What is mandatory and the consequences of not providing data**
What?
•Cross-border data transfers and how such transfers are safeguarded
How?
•Retention period (or the criteria for determining retention)
•Timing of notice
When?
•Data Protection Rights•Including the right to withdraw consent
•Right to lodge a complaint•Automated decision making
Other
*If the data was not collected directly from the individual** If the data was collected directly from the individual
Slide 12
Information Classification: General
Privacy notices
• At the time of collection
Data collected directly from
individual
• Within a reasonable time• When first communicating with the individual• Before disclosing the data to anyone else
Data not collected directly from
individual
Timing: when to let the individual know
Slide 13
Information Classification: General
Understanding personal data
• Personal data means any information relating to an identified or identifiable individual
• Singling out someone or treating someone differently online = personal data
• Even with no obvious identifiers (e.g. name or address)…
Information Commissioner (UK)
- Information used with the intention of distinguishing one individual from another one individual from another
- Information used to take a particular action in respect of an individual
Article 29 Working Party (EU)
- Information used to identifying the behaviour of a machine is identifying that of its user
- Information used to piece together an individual's personality to attribute certain decisions to him or her
User tracking
Slide 14
Information Classification: General
Getting it wrong can be costly!Main sanctions
+ reputational damage
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 15
Information Classification: General
Besides GDPR…the e-Privacy Directive
• Directive 2002/58/EC (e-privacy Directive) -Directive of 1997, updated in 2002 and 2009
• Part of a broader European telecommunications regulatory framework (4 Directives)
• Main current instrument of protection of privacy in electronic communications
- Limits
- Lex specialis
• Regulates the processing of personal data and the protection of privacy in the electronic communications sector
• Regulates various topics:
- Confidentiality of communications over public networks
- Confidentiality of terminal equipment (including cookies)
- Traffic and location data
- Security of networks and services
- Notifications of violation of personal data
- Spam and direct marketing
• In theory: the GDPR does not affect the e-Privacy directive
• New legislation in relation to e-Privacy in preparation
Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 16
Information Classification: General
Influencers
Tips & tricks for social media
Slide 17
Information Classification: General
Influencers & social media
• A form of online advertising
• Support of "opinion leaders" on various online media – platforms, social media, blogs, fora
• Variety of formats : product reviews, articles, videos
• Not subject to a specific legal framework, but falls within the scope of application of several legal instruments
Slide 18
Information Classification: General
Influencers & social media
EU legislation
- E-commerce directive
- UCP directive
- Misleading and Comparative Advertising Directive
Codes of conduct and self-regulation
- e.g. EASA Best Pratice Recommendation on influencer marketing, ICC Framework for Responsible Food and Beverage Marketing Communication
Private regulation
- platforms' terms of use
Legal context overview
Slide 19
National legislation
Information Classification: General
Practical Do's & Dont's – Social Media
Do! Don't!
• Be honest and clear about sponsoring
• Use #spon, #adv, #sample, #collaboration, etc.
• Discuss beforehand how the message is to be conveyed
• Impose that influencerscommunicate clearly about sponsorship
• Agree on a license for the use of the pictures and videos of the influencers
• Conduct misleading advertising
• Use fake accounts
• Filter secretly only positive user-generated content
• Engage youngsters into advertising activity
• Use pictures or videos on other channels without prior consent/agreement
Slide 20
Information Classification: General
Do's & Dont's – Brand Ambassadors/Influencers
Do! Don't!
• Prepare tailor-made agreements and conclude them in writing
• Do not forget
• confidentiality clauses
• termination clauses
• Exclude unwanted competition
• Provide for penalties
• Anticipate post-collaboration
• Base the collaboration on oral agreements
• Leave important issues unaddressed
• Sign the other party's contract template without a careful review
• Think short term
• Address too little rights
Slide 21
Information Classification: General
Concluding remarks
Slide 22
Information Classification: General
twobirds.comAbu Dhabi & Amsterdam & Beijing & Bratislava & Brussels & Budapest & Copenhagen & Dubai & Dusseldorf & Frankfurt & The Hague & Hamburg & Helsinki & Hong Kong & London & Luxembourg & Lyon & Madrid & Milan & Munich & Paris & Prague & Rome & San Francisco & Shanghai & Singapore & Stockholm & Sydney & Warsaw
The information given in this document concerning technical legal or professional subject matter is for guidance only and does not constitute legal or professional advice. Always consult a suitably qualified lawyer on any specific legal problem or matter. Bird & Bird assumes no responsibility for such information contained in this document and disclaims all liability in respect of such information.
This document is confidential. Bird & Bird is, unless otherwise stated, the owner of copyright of this document and its contents. No part of this document may be published, distributed, extracted, re-utilised, or reproduced in any material form.
Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 12 New Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.