privacy regulations and your digital setup
TRANSCRIPT
How Will the New Privacy Regulations Affect Your Digital Setup?Thursday, 11th of February 3pm CET ・ 2pm GMT ・ 9am EST
Aurélie Pols Mind Your Privacy
Ewa Balazinska Content Manager
piwik.pro/blog
@piwikPRO /PiwikPro /piwik-pro
Aurélie PolsHow Will the New Privacy Regulations Affect Your Digital Setup?
Data privacy expert, entrepreneur, lecturer, and leader of Mind Your Privacy consultancy. Recognized as The Most Influential Industry Contributor of 2015 by the Digital Analytics Association, Aurélie sits on the data ethics Advisory Board of the European Data Protection Supervisor (EDPS) and is a Training Advisory Board member of the the International Association of Privacy Professionals (IAPP).
About the speakers
How Will the New Privacy Regulations Affect Your Digital Setup?
Matthias BettagIntroduction: Continuing the Safe Harbor Debate
Country Manager of the Digital Analytics Association (DAA) Germany since 2010, DAA Certified Web Analyst™ and Consultant based in Berlin. Lecturer at the University of British Columbia (UBC), Organizer of the Digital Analytics Hub Conference (DA Hub).
Continuing the Safe Harbor discussion
How Will the New Privacy Regulations Affect Your Digital Setup?
• Webinar held in October 2015 by DAA Germany
• Also featured Aurélie Pols speaking
• on the meaning of the Safe Harbor renouncement.
• Since October 2015 new developments in the field:
• GDPR
• Privacy Shield
About DAA Germany
How Will the New Privacy Regulations Affect Your Digital Setup?
• Established as the first non-American regional DAA branch in April 2014
• Official status: non-profit organization (e.V)
• Close links with the Global DAA
• Education, building the digital analytics community publications, knowledge transfer and advice
• Organizing Events, such as :
• Digital Analytics Day
• DAALAs - DAA Late Afternooons - in various German cities
• Collaborating with industry leaders, co-organizing conferences and conferences
• Membership plans and opportunities
Jim Sterne, Founder of DAA, at the inauguration of DAA
Germany
http://daa-germany.org
Aurélie PolsHow Will the New Privacy
Regulations Affect Your Digital Setup?
Where did it come from?
• DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009, amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
• What you need to remember here: Telecoms package + ePrivacy Directive.
How Will the New Privacy Regulations Affect Your Digital Setup?
Directive, but Not a Regulation
1. Transposition varies per country
2. Enforcement? Not reallyMaximum fine: €3500
Source: Technology Law Dispatch
How Will the New Privacy Regulations Affect Your Digital Setup?
Conclusion for Digital Analytics
1. Tick box projects
2. Cookie notices everywhere
3. EU decides in 2012 to go one step further…
EU Commission Vice-President, Viviane Reding
Citizens do not always feel in full control of their personal data
Source: WFA Marketers
How Will the New Privacy Regulations Affect Your Digital Setup?
International Data Transfers
Obliterating the internal data processing framework known as SafeHarbor:
The European Court of Justice in Luxembourg declares SafeHarbor illegal in October 2015. Data of EU citizens can’t be processed by US entities on the basis of SF, more guarantees are needed.
February 2016: Announcement of PrivacyShield, new framework for transatlantic data flows between US and UE.
Source: European Commission
Edward Snowden
2013
Max Schrems
2015
How Will the New Privacy Regulations Affect Your Digital Setup?
SafeHarbor Renounced, What Happens Now?
• SalesForce amends it contracts to replace SH clauses the very next day - details
• Data Protection Agencies declare a moratorium until end of January to give the politicians time to find a solution: the clock is ticking!!!
• Be careful with using non-European tools
How Will the New Privacy Regulations Affect Your Digital Setup?
Why should digital analytics care today?
Coordinated Fines Regarding Consent Move Up to 4% of Global Turnover, Capped at €20M ➞ Increase of Direct Privacy Risk
Other risks:
• Increased coordination of EU Data Protection Agencies
• for investigations (GPEN) & fines;
• for consumer complaints
• Responsibility for all companies addressing EU citizens
• Increased responsibility for intermediaries: processors, joint controllers
• Increased hedging by citizens (AdBlocking)
How Will the New Privacy Regulations Affect Your Digital Setup?
What Does Digital Analytics Need?
1. Minimum viable privacy features in tools for compliance.
2. Flexibility of those features to adapt to audience and customer segments.
Issue for consideration: How can digital analytics be compliant, or even ethical, if minimum viable compliance features do not exist?
How Will the New Privacy Regulations Affect Your Digital Setup?
Consumer Attitudes Towards Privacy
How Will the New Privacy Regulations Affect Your Digital Setup?
• Privacy as a differentiator and a growing business priority
• Certainly context driven as Pew Research showed
Consumer Attitudes Towards Privacy
How Will the New Privacy Regulations Affect Your Digital Setup?
• Privacy as a differentiator and a growing business priority
• Certainly context driven as Pew Research showed
What Should the Digital Industry Be Aiming For?
How Will the New Privacy Regulations Affect Your Digital Setup?
What Should the Digital Industry Be Aiming For?
How Will the New Privacy Regulations Affect Your Digital Setup?
Data Trust Through the Entire Digital Ecosystem
• As taught by social media! • For full introduction to data ecosystem
please see the FREE whitepaper on Web Analytics for Data-Sensitive Industries.
If your customers trust you, they love you
and they will be passionate about your love…
…but if you breach their trust, you will not just create Dislike
You will create hate. People don’t go from Love to Dislike
TRUSTPRIVACY
$+$-LikeDislike
How Will the New Privacy Regulations Affect Your Digital Setup?
Inspired by IAPP
Data Trust Through the Entire Digital Ecosystem
GAPP OECD Guidelines FTC FIPPS EU Directive ISO 27002 APEC
ManagementOperations
ManagementPreventing Harm
CollectionCollection Limitation
ProportionalityInformation Acquisition
Collection Limitations
Quality Data QualityIntegrity of
Personal Info
NoticeSpecification of
PurposeNotice/
AwerenessTransparency Notice
Use, Retention, Disposal
Use LimitationLegitimate
PurposeAsset
ManagementUses of Personal
Info
Security for Privacy
Security Safeguards
Integrity/Security SecuritySecurity
Safeguards
Access OpennessAccess/
ParticipationAccess Control
Access and Correction
Choice/ConsentIndividual
ParticipationChoice/Consent
Asset Management
Choice
Monitoring and Enforcement
AccountabilityEnforcement/
RedressSupervisory
authorityCompliance Accountability
Disclousure to Third Parties
Persona Data Transfer to 3rd
Parties
GAPP: Generally Accepted Privacy Principles by American Institute of Certified Public Accountants (AICPA)
OECD: Organization for Economic Cooperation and Development
FIPPS: Fair Information Practice Principles by the Federal Trade Commission
ISO Certification appeared for Google Analytics in April 2015
APEC: Asia-Pacific Economic Cooperation
Source: Privacy Engineer’s Manifesto by Michelle Finneran Dennedy, Jonathan Fox and Thomas R Finneran
How Will the New Privacy Regulations Affect Your Digital Setup?
Basic Principles
1. Collection Limitation
2. Data Quality
3. Individual Participation
4. Purpose Specification
5. Use Limitation
6. Openness
7. Security Safeguards
8. Accountability
How Will the New Privacy Regulations Affect Your Digital Setup?
• Risk: Fines up to 4% of global turnover • Timing for all EU Countries and addressing all EU
citizens: 2018 • Obligations:
• Cyber-security and breach notification
• Cross-border data transfers => SafeHarbor
• Mandatory Data Protection Officer (DPO)
• Written documentation
• Data Processors
• Consent
How Will the New Privacy Regulations Affect Your Digital Setup?
About the General Data Protection Regulation
From Directive to Regulation: • From implicit and opt-out to “a statement or a clear
affirmative action”
• Recognizing “special categories of data”:
Revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person, or data concerning health or sex life and sexual orientation
• Children: Consent required up to 16 years of age!
• Right to be Forgotten: Data erasure when consent is withdrawn
How Will the New Privacy Regulations Affect Your Digital Setup?
Focusing on Consent
The Open-Source Opportunity
• Flexibility • Openness of code • Continuous improvement • Customizable and extensible • No data limits • Not limited to one vendor
How Will the New Privacy Regulations Affect Your Digital Setup?
Tuning in on Consumers’ Rights: DNT
• Universal Web Tracking Opt Out • Does your software respect the DNT
setting?
How Will the New Privacy Regulations Affect Your Digital Setup?
Source: DoNotTrack
Q&A
Thank You