exploring the legal dos and don'ts of digital marketing...bird & bird digital marketing app...

Information Classification: General

Exploring the legal dos and don'ts of digital marketing

Geneva, 9 May 2019

Vitafoods Education Programme

Nicolas Carbonnelle

Counsel, Bird & Bird LLP


Exploring the legal dos and don'ts of digital marketing

• Engaging with customers online : B2C e-commerce

• Evaluating the use of use personal data

• Delving into influencers and social media from a legal perspective

What we will discuss today

Slide 2


B2C e-commerce

Slide 3


Slide 4

• Internet domain

• Trademarks

• e-store business model: independent/ outsourced (e.g. dropshipping) / …

• Relations with the host provider

• Relations with entities providing payment services

• Logistics - warehouse, delivery

• Software contracts

• Distribution agreements, delivery of goods

• Complaints service

B2C e-commerceMain areas of legal risk of launching an online store


Slide 5

• Site and purchase regulations

• Information for the consumer

• Way of presenting prices and goods / services

• Specific regulations regarding the sale of certain goods and services

• Complaints and consumer claims

• Sale

• Competitions

• Promotion in social media and by influencers

• Personal data & privacy

B2C e-commerceConsumer-related legal issues and points of attention


Bird & Bird Digital Marketing App

• Quick guide to

- Online advertising

- Prize promotions

- Social media and influencers

- Comparative advertising

- Data protection and privacy

• Covers 17 jurisdictions

Slide 6


Evaluating the use of personal data

Slide 7


Privacy & Data ProtectionKey concept of "personal data"

Two key definitions:

'personal data'

any information relating to an identified or identifiable natural person (‘data subject’)

'identifiable natural person'

A person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Vitafoods 2019 | Digital Marketing | © Bird & Bird 2019Slide 8


Privacy & Data ProtectionContext

This presentation was partly supported by the EU-funded projects TOREADOR (contract n. H2020-688797), THREAT-ARREST (contract n. H2020-786890), DEFeND (contract n. H2020-787068), and LeMO (contract n. 770038)

Data Protection Directive

Data Protection

Regulation

(GDPR)

● 28 different implementations and applications across EU

● Entry into application on 25 May 2018

● Equivalent level of protection of personal data throughout EU

● But Member States still have some room for manoeuvre



Right of individuals

Access

Information

Restriction

Portability

Rectification Objection

Erasure Automated decision-making / profiling

Information and access Rectification and

erasure

Right to object and automated individual

decision-making



Principles

7 principles

Lawfulness,

fairness &

transparency

Purpose

limitation

Data

minimisation

AccountabilityStorage

limitation

Integrity

&

Confidentiality

Accuracy



Privacy notices/policies

It's all about transparency!

•Identity and contact details of the controller (and representatives)

•Contact details of the DPO (if applicable)•Recipients (or categories of recipients)

Who?

•Purpose(s) of the processing•Legal basis for processing (e.g. legitimate interest)

Why?

•Categories of personal data*•Source of the data*•What is mandatory and the consequences of not providing data**

What?

•Cross-border data transfers and how such transfers are safeguarded

How?

•Retention period (or the criteria for determining retention)

•Timing of notice

When?

•Data Protection Rights•Including the right to withdraw consent

•Right to lodge a complaint•Automated decision making

Other

*If the data was not collected directly from the individual** If the data was collected directly from the individual

Slide 12


Privacy notices

• At the time of collection

Data collected directly from

individual

• Within a reasonable time• When first communicating with the individual• Before disclosing the data to anyone else

Data not collected directly from

individual

Timing: when to let the individual know

Slide 13


Understanding personal data

• Personal data means any information relating to an identified or identifiable individual

• Singling out someone or treating someone differently online = personal data

• Even with no obvious identifiers (e.g. name or address)…

Information Commissioner (UK)

- Information used with the intention of distinguishing one individual from another one individual from another

- Information used to take a particular action in respect of an individual

Article 29 Working Party (EU)

- Information used to identifying the behaviour of a machine is identifying that of its user

- Information used to piece together an individual's personality to attribute certain decisions to him or her

User tracking

Slide 14


Getting it wrong can be costly!Main sanctions

+ reputational damage



Besides GDPR…the e-Privacy Directive

• Directive 2002/58/EC (e-privacy Directive) -Directive of 1997, updated in 2002 and 2009

• Part of a broader European telecommunications regulatory framework (4 Directives)

• Main current instrument of protection of privacy in electronic communications

- Limits

- Lex specialis

• Regulates the processing of personal data and the protection of privacy in the electronic communications sector

• Regulates various topics:

- Confidentiality of communications over public networks

- Confidentiality of terminal equipment (including cookies)

- Traffic and location data

- Security of networks and services

- Notifications of violation of personal data

- Spam and direct marketing

• In theory: the GDPR does not affect the e-Privacy directive

• New legislation in relation to e-Privacy in preparation



Influencers

Tips & tricks for social media

Slide 17


Influencers & social media

• A form of online advertising

• Support of "opinion leaders" on various online media – platforms, social media, blogs, fora

• Variety of formats : product reviews, articles, videos

• Not subject to a specific legal framework, but falls within the scope of application of several legal instruments

Slide 18


Influencers & social media

EU legislation

- E-commerce directive

- UCP directive

- Misleading and Comparative Advertising Directive

Codes of conduct and self-regulation

- e.g. EASA Best Pratice Recommendation on influencer marketing, ICC Framework for Responsible Food and Beverage Marketing Communication

Private regulation

- platforms' terms of use

Legal context overview

Slide 19

National legislation


Practical Do's & Dont's – Social Media

Do! Don't!

• Be honest and clear about sponsoring

• Use #spon, #adv, #sample, #collaboration, etc.

• Discuss beforehand how the message is to be conveyed

• Impose that influencerscommunicate clearly about sponsorship

• Agree on a license for the use of the pictures and videos of the influencers

• Conduct misleading advertising

• Use fake accounts

• Filter secretly only positive user-generated content

• Engage youngsters into advertising activity

• Use pictures or videos on other channels without prior consent/agreement

Slide 20


Do's & Dont's – Brand Ambassadors/Influencers

Do! Don't!

• Prepare tailor-made agreements and conclude them in writing

• Do not forget

• confidentiality clauses

• termination clauses

• Exclude unwanted competition

• Provide for penalties

• Anticipate post-collaboration

• Base the collaboration on oral agreements

• Leave important issues unaddressed

• Sign the other party's contract template without a careful review

• Think short term

• Address too little rights

Slide 21


Concluding remarks

Slide 22


twobirds.comAbu Dhabi & Amsterdam & Beijing & Bratislava & Brussels & Budapest & Copenhagen & Dubai & Dusseldorf & Frankfurt & The Hague & Hamburg & Helsinki & Hong Kong & London & Luxembourg & Lyon & Madrid & Milan & Munich & Paris & Prague & Rome & San Francisco & Shanghai & Singapore & Stockholm & Sydney & Warsaw

The information given in this document concerning technical legal or professional subject matter is for guidance only and does not constitute legal or professional advice. Always consult a suitably qualified lawyer on any specific legal problem or matter. Bird & Bird assumes no responsibility for such information contained in this document and disclaims all liability in respect of such information.

This document is confidential. Bird & Bird is, unless otherwise stated, the owner of copyright of this document and its contents. No part of this document may be published, distributed, extracted, re-utilised, or reproduced in any material form.

Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.

Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 12 New Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.

exploring the legal dos and don'ts of digital marketing...bird & bird digital marketing app...

Documents