privacy regulations and your digital setup

26
How Will the New Privacy Regulations Aect Your Digital Setup? Thursday, 11th of February 3pm CET 2pm GMT 9am EST Aurélie Pols Mind Your Privacy

Upload: piwik-pro

Post on 20-Jan-2017

2.037 views

Category:

Technology


2 download

TRANSCRIPT

Page 1: Privacy Regulations and Your Digital Setup

How Will the New Privacy Regulations Affect Your Digital Setup?Thursday, 11th of February 3pm CET ・ 2pm GMT ・ 9am EST

Aurélie Pols Mind Your Privacy

Page 3: Privacy Regulations and Your Digital Setup

Aurélie PolsHow Will the New Privacy Regulations Affect Your Digital Setup?

Data privacy expert, entrepreneur, lecturer, and leader of Mind Your Privacy consultancy. Recognized as The Most Influential Industry Contributor of 2015 by the Digital Analytics Association, Aurélie sits on the data ethics Advisory Board of the European Data Protection Supervisor (EDPS) and is a Training Advisory Board member of the the International Association of Privacy Professionals (IAPP).

About the speakers

How Will the New Privacy Regulations Affect Your Digital Setup?

Matthias BettagIntroduction: Continuing the Safe Harbor Debate

Country Manager of the Digital Analytics Association (DAA) Germany since 2010, DAA Certified Web Analyst™ and Consultant based in Berlin. Lecturer at the University of British Columbia (UBC), Organizer of the Digital Analytics Hub Conference (DA Hub).

Page 4: Privacy Regulations and Your Digital Setup

Continuing the Safe Harbor discussion

How Will the New Privacy Regulations Affect Your Digital Setup?

• Webinar held in October 2015 by DAA Germany

• Also featured Aurélie Pols speaking

• on the meaning of the Safe Harbor renouncement.

• Since October 2015 new developments in the field:

• GDPR

• Privacy Shield

Page 5: Privacy Regulations and Your Digital Setup

About DAA Germany

How Will the New Privacy Regulations Affect Your Digital Setup?

• Established as the first non-American regional DAA branch in April 2014

• Official status: non-profit organization (e.V)

• Close links with the Global DAA

• Education, building the digital analytics community publications, knowledge transfer and advice

• Organizing Events, such as :

• Digital Analytics Day

• DAALAs - DAA Late Afternooons - in various German cities

• Collaborating with industry leaders, co-organizing conferences and conferences

• Membership plans and opportunities

Jim Sterne, Founder of DAA, at the inauguration of DAA

Germany

http://daa-germany.org

Page 6: Privacy Regulations and Your Digital Setup

Aurélie PolsHow Will the New Privacy

Regulations Affect Your Digital Setup?

Page 7: Privacy Regulations and Your Digital Setup

Where did it come from?

• DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009, amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

• What you need to remember here: Telecoms package + ePrivacy Directive.

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 8: Privacy Regulations and Your Digital Setup

Directive, but Not a Regulation

1. Transposition varies per country

2. Enforcement? Not reallyMaximum fine: €3500

Source: Technology Law Dispatch

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 9: Privacy Regulations and Your Digital Setup

Conclusion for Digital Analytics

1. Tick box projects

2. Cookie notices everywhere

3. EU decides in 2012 to go one step further…

EU Commission Vice-President, Viviane Reding

Citizens do not always feel in full control of their personal data

Source: WFA Marketers

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 10: Privacy Regulations and Your Digital Setup

International Data Transfers

Obliterating the internal data processing framework known as SafeHarbor:

The European Court of Justice in Luxembourg declares SafeHarbor illegal in October 2015. Data of EU citizens can’t be processed by US entities on the basis of SF, more guarantees are needed.

February 2016: Announcement of PrivacyShield, new framework for transatlantic data flows between US and UE.

Source: European Commission

Edward Snowden

2013

Max Schrems

2015

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 11: Privacy Regulations and Your Digital Setup

SafeHarbor Renounced, What Happens Now?

• SalesForce amends it contracts to replace SH clauses the very next day - details

• Data Protection Agencies declare a moratorium until end of January to give the politicians time to find a solution: the clock is ticking!!!

• Be careful with using non-European tools

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 12: Privacy Regulations and Your Digital Setup

Why should digital analytics care today?

Coordinated Fines Regarding Consent Move Up to 4% of Global Turnover, Capped at €20M ➞ Increase of Direct Privacy Risk

Other risks:

• Increased coordination of EU Data Protection Agencies

• for investigations (GPEN) & fines;

• for consumer complaints

• Responsibility for all companies addressing EU citizens

• Increased responsibility for intermediaries: processors, joint controllers

• Increased hedging by citizens (AdBlocking)

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 13: Privacy Regulations and Your Digital Setup

What Does Digital Analytics Need?

1. Minimum viable privacy features in tools for compliance.

2. Flexibility of those features to adapt to audience and customer segments.

Issue for consideration: How can digital analytics be compliant, or even ethical, if minimum viable compliance features do not exist?

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 14: Privacy Regulations and Your Digital Setup

Consumer Attitudes Towards Privacy

How Will the New Privacy Regulations Affect Your Digital Setup?

• Privacy as a differentiator and a growing business priority

• Certainly context driven as Pew Research showed

Page 15: Privacy Regulations and Your Digital Setup

Consumer Attitudes Towards Privacy

How Will the New Privacy Regulations Affect Your Digital Setup?

• Privacy as a differentiator and a growing business priority

• Certainly context driven as Pew Research showed

Page 16: Privacy Regulations and Your Digital Setup

What Should the Digital Industry Be Aiming For?

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 17: Privacy Regulations and Your Digital Setup

What Should the Digital Industry Be Aiming For?

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 18: Privacy Regulations and Your Digital Setup

Data Trust Through the Entire Digital Ecosystem

• As taught by social media! • For full introduction to data ecosystem

please see the FREE whitepaper on Web Analytics for Data-Sensitive Industries.

If your customers trust you, they love you

and they will be passionate about your love…

…but if you breach their trust, you will not just create Dislike

You will create hate. People don’t go from Love to Dislike

TRUSTPRIVACY

$+$-LikeDislike

How Will the New Privacy Regulations Affect Your Digital Setup?

Inspired by IAPP

Page 19: Privacy Regulations and Your Digital Setup

Data Trust Through the Entire Digital Ecosystem

GAPP OECD Guidelines FTC FIPPS EU Directive ISO 27002 APEC

ManagementOperations

ManagementPreventing Harm

CollectionCollection Limitation

ProportionalityInformation Acquisition

Collection Limitations

Quality Data QualityIntegrity of

Personal Info

NoticeSpecification of

PurposeNotice/

AwerenessTransparency Notice

Use, Retention, Disposal

Use LimitationLegitimate

PurposeAsset

ManagementUses of Personal

Info

Security for Privacy

Security Safeguards

Integrity/Security SecuritySecurity

Safeguards

Access OpennessAccess/

ParticipationAccess Control

Access and Correction

Choice/ConsentIndividual

ParticipationChoice/Consent

Asset Management

Choice

Monitoring and Enforcement

AccountabilityEnforcement/

RedressSupervisory

authorityCompliance Accountability

Disclousure to Third Parties

Persona Data Transfer to 3rd

Parties

GAPP: Generally Accepted Privacy Principles by American Institute of Certified Public Accountants (AICPA)

OECD: Organization for Economic Cooperation and Development

FIPPS: Fair Information Practice Principles by the Federal Trade Commission

ISO Certification appeared for Google Analytics in April 2015

APEC: Asia-Pacific Economic Cooperation

Source: Privacy Engineer’s Manifesto by Michelle Finneran Dennedy, Jonathan Fox and Thomas R Finneran

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 20: Privacy Regulations and Your Digital Setup

Basic Principles

1. Collection Limitation

2. Data Quality

3. Individual Participation

4. Purpose Specification

5. Use Limitation

6. Openness

7. Security Safeguards

8. Accountability

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 21: Privacy Regulations and Your Digital Setup

• Risk: Fines up to 4% of global turnover • Timing for all EU Countries and addressing all EU

citizens: 2018 • Obligations:

• Cyber-security and breach notification

• Cross-border data transfers => SafeHarbor

• Mandatory Data Protection Officer (DPO)

• Written documentation

• Data Processors

• Consent

How Will the New Privacy Regulations Affect Your Digital Setup?

About the General Data Protection Regulation

Page 22: Privacy Regulations and Your Digital Setup

From Directive to Regulation: • From implicit and opt-out to “a statement or a clear

affirmative action”

• Recognizing “special categories of data”:

Revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person, or data concerning health or sex life and sexual orientation

• Children: Consent required up to 16 years of age!

• Right to be Forgotten: Data erasure when consent is withdrawn

How Will the New Privacy Regulations Affect Your Digital Setup?

Focusing on Consent

Page 23: Privacy Regulations and Your Digital Setup

The Open-Source Opportunity

• Flexibility • Openness of code • Continuous improvement • Customizable and extensible • No data limits • Not limited to one vendor

How Will the New Privacy Regulations Affect Your Digital Setup?

Page 24: Privacy Regulations and Your Digital Setup

Tuning in on Consumers’ Rights: DNT

• Universal Web Tracking Opt Out • Does your software respect the DNT

setting?

How Will the New Privacy Regulations Affect Your Digital Setup?

Source: DoNotTrack

Page 25: Privacy Regulations and Your Digital Setup

Q&A

Page 26: Privacy Regulations and Your Digital Setup

Thank You