SlideShare uma empresa Scribd logo

The New Data Protection Regulation and Cookie Compliance

Lewis Silkin
Lewis Silkin

This presentation is from Lewis Silkin’s The New Data Protection Regulation and Cookie Compliance breakfast briefing on the 23 February 2012. Simon Morrissey, Lewis Silkin, and Meriel Lenfestey, Foolproof, look at the new Data Protection Regulations and some of the options available when thinking about cookie compliance and the end user experience. You can visit http://www.lewissilkin.com for more information.

NegóciosTecnologia
1 de 32
Baixar para ler offline
The New Data Protection Regulation & Cookie Compliance C ki C li Simon M i Si Morrissey Head of Technology and Commercial Data Group simon.morrissey@lewissilkin.com Meriel Lenfestey Director at Foolproof meriel@flow-interactive.com i l@fl i t ti 23 February 2012
Agenda • Part 1 New Data Protection Regulation > The Context > Key Points • Part 2 The Coo e Law – Planning for Co p a ce e Cookie a a g o Compliance
The Context • A complete overhaul of existing European data protection legislation in place since 1995 and in the UK since 1998 • Key aim is to avoid fragmentation legacy by using a Regulation which will have direct effect in Member States • Provides more legal certainty but at the expense of being more prescriptive • Simplifies some aspects of existing compliance regime • Provides more rights to data subjects • Takes away cost of notification but increases burdens on business
Key Points All consent must now be explicit (Article 4(8)) – extension of the previous rule which applied to Sensitive Personal data • Impact This will remove t e opt o o form-based consent s e o e the option of o based co se t Data must be processed in a transparent manner (Article 5(a)) • Impact This will increase the level and quality of information data controllers will be required to provide data subjects
Key Points cont The data processed must be the minimum necessary for the purpose – compare with the old “not excessive” rule (Article 5(c)) 5( )) • Impact p Greater scrutiny of the type of personal data collected, eg date of birth Parental consent is required to collect data of children under 13 (currently no mandated age) ( ( y g ) (Article 8(1)) ( )) Wider definition of Personal Data (Article 4(1) & (2))
Key Points cont Article 3 - New law applies to the processing of personal data of data subjects residing in the EU where the processing relates to: the offering of goods or services to such data subjects; or Monitoring their behaviour ( g (Article 3) )
Key Points cont The right to be forgotten (Article 17) – includes obligations to inform third parties of a data subject’s wishes who the controller h authorised t publish personal d t t ll has th i d to bli h l data The data subject’s right to object (Article 19) The data subject’s right to object to automated profiling subject s (Article 20)
Key Points cont Notification regime to be replaced by accountability principle (Article 22) • Impact Co t o e s Controllers will be required to de o st ate how t ey co p y equ ed demonstrate o they comply with data protection law rather than just pay a notification fee Data protection by design and by default (Article 23) • Impact Controllers will be required to implement technical and organisational measures to ensure compliance
Key Points cont New rules relating to the engagement of data processors (Article 26) Processors may only enlist sub-processors with the prior permission of the controller Potential for data processors to become joint controllers • Impact Appointment of processors will be governed by more robust rules on controllers and processors
Key Points cont Data Security (Article 30) Processors now have statutory obligations to keep personal no ha e stat tor data secure. • Impact Under the old law, processors could only be liable contractually f data breaches. Now at risk of fi t t ll for d t b h N t i k f fines. Data breach notification now mandatory for controllers and y processors within 24 hours (Article 31) Also includes obligations on controllers to notify data subjects (Article 32)
Key Points cont Appointment of a Data Protection Officer now mandatory for controllers and processors who are employing over 250 people or where th processing requires regular and l h the i i l d systematic monitoring of data subjects (Article 35) International Transfers of Data (Articles 40-44) territories and processing sectors can now be designated as “adequate” or “inadequate” ICO can now validate terms of a data transfer agreement as adequate simplification of Binding Corporate Rules
Key Points cont Enforcement (Article 79) New written warning sanction for companies under 250 persons for whom processing is only an ancillary activity 0.5% fine of annual worldwide turnover for breaches of subject access requests 1% fine of annual worldwide turnover for certain breaches 2% fine of annual worldwide turnover for certain breaches
Questions?
Thank you
EU Cookies for Lewis Silkin Breakfast Briefing Meriel Lenfestey, Partner © Flow Interactive. All rights reserved.
Me ... Founder of and a Director and Partner at Interaction Designer with a strong focus on user centred methodologies Recently worked with 6 global & national FS brands to help specify cookies solutions
Cookies Landscape
consent by the data subject (must the more privacy intrusive your activity, Feature led consent: Provided you be) based upon an appreciation the more priority you will need to give to To be valid, consent must be informed. This make it clear to the user that by and understanding of the facts and getting meaningful consent ... It might implies that all the necessary information must choosing to take a particular action implications of an action be useful to think of this in terms of a be given at the moment the consent is then certain things will happen you For consent to be unambiguous, the sliding scale, with privacy neutral lidi l ih i l requested, and that this should address the may interpret this as their consent procedure to seek and to give consent cookies at one end of the scale and substantive aspects of the processing that the consent is intended to legitimise. must leave no doubt as to the data more intrusive uses of the technology at The way the information is given (in subject's intention to deliver consent. the other. You can then focus your plain text, without use of jargon, efforts on achieving compliance The crucial understandable, conspicuous) is The indication by which the data appropriately providing more the ambiguity of a passive response consideration is that crucial in assessing whether the subject signifies his agreement will make it difficult to fulfil the information and offering more detailed the individual must fully consent is “informed”. The way in must leave no room for ambiguity choices at the intrusive end of the scale. requirements of the Directive understand that by the y which this information should be given regarding his/her intent g g action in question they depends on the context: a Any attempt to gain consent that relies on will be giving consent regular/average user should be able UNAMBIGUOUS users’ ignorance about what they are to understand it. agreeing to is unlikely to be compliant. The minimum expression of an INFORMED CONSENT indication could be any kind of signal, Both the quality of information (plain text sufficiently clear to be capable of without jargon) and the indicating a data subject's wishes, and The words “indication” and “signifying” accessibility/visibility are important. to be understandable by the data point in the direction of an action indeed controller. It is essential that the data subject is being needed (as opposed to a situation where consent could be inferred from a INFORMED TYPE OF INFORMATION given the opportunity to make a lack of action) decision and to express it, for instance ...is provided with clear Where the feature is provided by a third party by ticking the box himself, in view of the purpose of the data processing CONSENT ACTION and comprehensive you may need to make users aware of this and point them to information on how the third party you could ... set a cookie and could include a handwritten signature CONSENT information about the might use cookies and similar technologies so that the user is able to make an informed infer consent from the fact that affixed at the bottom of a paper form, but purposes of the choice the user has seen a clear notice also oral statements to signify agreement, agreement and actively indicated that they or a behaviour from which consent can be The subscriber or storage of, or access t f To be valid, consent must be specific. In are comfortable with cookies by reasonably concluded. user... has given to, that information other words, blanket consent without clicking through and using the specifying the exact purpose of the his or her consent site The Opinion distinguishes the wording of the previous article 5(3) (“and is While Article 5(3) does not use the word prior, this is a clear and obvious The LAW processing is not acceptable. conclusion from the wording of the Text should be sufficiently full and offered the right to refuse such provision.” intelligible to allow individuals to clearly processing”) with the new wording (“only ll (“ l allowed on condition th t th d diti that the TIMING OF CONSENT understand the potential consequences of allowing storage and access to the subscriber or user concerned has given his or her consent”) Obtaining consent before the APPLICATION information collected by the device processing of data starts is an essential websites should be able to demonstrate condition to legitimise the processing of data The more complex or intrusive the that they are doing as much as possible Shall not apply…where activity the more information you will to reduce the amount of time before the PROOF OF CONSENT such storage or access have to provide. user receives information about cookies and is provided with options is strictly necessary for y y consent should b verifiable t h ld be ifi bl the provision of an JUST COOKIES? information society WITHDRAWING CONSENT Aimed at any electronic communications service requested by the Key Individuals who have consented should be able to withdraw their consent, preventing subscriber or user. network that is used to store or access information held on the terminal equipment of a user (i.e. a user’s device) Privacy and Electronic Communications further processing of their data (EC Directive)Regulations 2003 Regulations also apply to similar STRICTLY NECESSARY technologies to cookies e.g. Local Article 29 data protection working party INFORMATION SOCIETY SERVICE shared objects such as Flash cookies Definition of strictly necessary is a ICO guidance on Definition ‘information society service’: any service narrow one. It might apply to a http://www.ico.gov.uk/for_organisatio normally provided for remuneration, at a distance, by [shopping basket] ns/privacy_and_electronic_communi means of electronic equipment for the processing cations/the_guide/cookies.aspx Essential ( rather than reasonably (including digital compression) and storage of data, necessary) to provide the service and at the individual request of a recipient of a service Electronic Commerce (EC Directive) requested by the user. Note this excludes Regulations 2002 what might be essential for any other uses the service provider might wish to Lewis Silkin published opinion to industry Guidance make of that data Service must have been “explicitly requested”
Our li t ’ Cookies O clients’ C ki Hardware & software Aggregator Targeted external content e.g. Ads (behaviour / Provider use of Service provider profile driven) analytics data (e.g. Google, Facebook) Accessibility Auto-save for return Targeted internal content (behaviour / Authentication visit profile driven) Analytics Settings & Remember me Cookies cookie preferences 3rd party content e.g. Twitter Save progress Core service e.g. Shopping basket Mortgage calculator
Cookie Categories C ki C t i Security Authentication Remember me Auto-tailor Cookies cookie Accessibility Targeted internal content (behaviour / profile driven) Targeted external content e.g. Hardware & software Ads (behaviour / profile driven) Manual tailor Settings & preferences 3rd party content e.g. Process Mortgage calculator Twitter Service provider Aggregator Save progress Core service e.g. Auto-save for return Shopping basket visit MI Analytics
Cookie Categories & L C ki C t i Levels of I t i l f Intrusiveness Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Security Authentication Remember me Auto-tailor Auto tailor Accessibility Hardware & software Targeted internal Targeted external Cookies cookie content (behaviour / content e.g. Ads profile driven) (behaviour / profile driven) Manual tailor Settings & preferences Process Core service e g e.g. Save progress Auto-save Auto save for return Aggregator Shopping basket Mortgage calculator visit Service provider 3rd party content e.g. Twitter MI Site only analytics Provider use of data (not profiling) analytics data (e.g. Google, Facebook)
Cookie Categories, L C ki C t Categories Levels of I t i i l f Intrusiveness & I iti ti Initiation Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Security Authentication Remember me Auto-tailor Auto tailor Accessibility Hardware & software Targeted internal Targeted external Cookies cookie content (behaviour / content e.g. Ads profile driven) (behaviour / profile driven) Manual tailor Settings & preferences Process Core service e g e.g. Save progress Auto-save Auto save for return Aggregator Shopping basket Mortgage calculator visit Service provider 3rd party content e.g. Twitter MI Site only analytics Provider use of data (not profiling) analytics data (e.g. Google, Facebook)
Legal requirements f C L l i t for Consent & Informed t I f d Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Provable, prior, explicit, informed Summary to support informed Description of category of use INFORMED consent with detail available
Guidance f C G id for Consent & Informed t I f d Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Provable, prior, explicit, Inferred, ASAP informed Summary to support informed Description of category of use INFORMED consent with detail available
Solutions S l ti Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) INFORMED Ignore Include information in context for user initiated !!! Prior to consent for cookies. user initiated cookies or and / or or Include on cookies page for sake of Include in single consent description at start of Contracts with your openness and session: partners / providers / completeness customers “Allowing cookies lets you shape the service to your needs, use the interactive services on our site and stand up and be counted.” it d t d db t d” “We use cookies to provide a useful & relevant service for every user and understand how peop e people use the service so t at we ca keep t e se ce that e can eep improving.”
Solutions S l ti Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Do nothing RISK Do nothing Do nothing Single inform Single inform Do nothing Single inform Prior  / Informed consent Do nothing Inferred / delayed consent Prior  / Informed consent IMPACT Do nothing Prior  / Informed consent
Simple Rules for Design Solutions Si l R l f D i S l ti Consent must be informed and provable Consent is needed for the purpose... not the data... or the object purpose Cookie purpose data purpose Consent must be the path of least resistance start consent use of service The chance of gaining consent is a product of ease, benefit and confidence ease benefit b fit trust t t x x = probability of consent difficulty cost anxiety
Level 1 & 2 single consent ( li htb ) L l i l t (as lightbox) Default to accept – but clearly label the button Allow continue without cookies consent (if possible) Commercial decisions: y y • Do you allow them to say no? • How many people will you lose? Or will not consent?
Notify N tif on Action for Level 1 & 2 A ti f L l Consent already given Consent not given so features which will use a cookie show cookies icon ... ... and display a description of how cookie is used on rollover
Level 3 gateway consent L l t t Default to accept – but clearly label the button Allow continue without cookies consent (if possible) Commercial decisions: y p y y p • Should you focus on this area to remain in the spirit of the law if you are not fully compliant  elsewhere?
Single inform (I f Si l i f (Inferred consent) d t) Commercial Questions: Commercial Questions: • Do you write any cookies on arrival at  this page? • Do you offer people the chance to opt  ff l h h out at this stage? Perhaps via an  information page. • Do you offer the chance to ‘close’ the  y banner by providing active consent? • Is this shown whenever the user  returns? Banner visible on entry to site but not highlighted. y g g We would recommend that when a link is rolled over the banner highlights  • Does cookies ‘status’ remain on every  page? As a message, as an icon. • How can you ‘prove’ people see  y p p p banner? E.g. Eye‐tracking research,  placing more prominently
This isn’t going away It’s the law isn t away. It s

Recomendados

Simplified Business Event Processing
Simplified Business Event ProcessingSimplified Business Event Processing
Simplified Business Event ProcessingNigel Green
 
Integration, Information and Insights: A Contextual Perspective on Customer I...
Integration, Information and Insights: A Contextual Perspective on Customer I...Integration, Information and Insights: A Contextual Perspective on Customer I...
Integration, Information and Insights: A Contextual Perspective on Customer I...Igor Nesmyanovich
 
Thainetizennetwork slides day1
Thainetizennetwork slides day1Thainetizennetwork slides day1
Thainetizennetwork slides day1Eddan Katz
 
Taking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing ServicesTaking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing Serviceswhite paper
 
Information Explosion - Erik Moller
Information Explosion - Erik MollerInformation Explosion - Erik Moller
Information Explosion - Erik MollerHPDutchWorld
 
Intel Cloud Summit: Big Data
Intel Cloud Summit: Big DataIntel Cloud Summit: Big Data
Intel Cloud Summit: Big DataIntelAPAC
 
System error eu data protection
System error eu data protectionSystem error eu data protection
System error eu data protectionASML
 
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...IRJET Journal
 

Recomendados

Simplified Business Event Processing
Simplified Business Event ProcessingSimplified Business Event Processing
Simplified Business Event ProcessingNigel Green
 
Integration, Information and Insights: A Contextual Perspective on Customer I...
Integration, Information and Insights: A Contextual Perspective on Customer I...Integration, Information and Insights: A Contextual Perspective on Customer I...
Integration, Information and Insights: A Contextual Perspective on Customer I...Igor Nesmyanovich
 
Thainetizennetwork slides day1
Thainetizennetwork slides day1Thainetizennetwork slides day1
Thainetizennetwork slides day1Eddan Katz
 
Taking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing ServicesTaking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing Serviceswhite paper
 
Information Explosion - Erik Moller
Information Explosion - Erik MollerInformation Explosion - Erik Moller
Information Explosion - Erik MollerHPDutchWorld
 
Intel Cloud Summit: Big Data
Intel Cloud Summit: Big DataIntel Cloud Summit: Big Data
Intel Cloud Summit: Big DataIntelAPAC
 
System error eu data protection
System error eu data protectionSystem error eu data protection
System error eu data protectionASML
 
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...
IRJET - Security Model for Preserving the Privacy of Medical Big Data in ...IRJET Journal
 
Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you? Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you? Lewis Silkin
 
Discrimination law and family friendly rights
Discrimination law and family friendly rightsDiscrimination law and family friendly rights
Discrimination law and family friendly rightsLewis Silkin
 
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012Lewis Silkin
 
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012Lewis Silkin
 
Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies Lewis Silkin
 
The Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meetingThe Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meetingLewis Silkin
 
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar PresentationLewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar PresentationLewis Silkin
 
FM Forum - Termination & TUPE
FM Forum - Termination & TUPEFM Forum - Termination & TUPE
FM Forum - Termination & TUPELewis Silkin
 
Lewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 PresentationLewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 PresentationLewis Silkin
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Gender pay gap reporting
Gender pay gap reportingGender pay gap reporting
Gender pay gap reportingLewis Silkin
 
Whistleblowing and collective consultation changes
Whistleblowing and collective consultation changesWhistleblowing and collective consultation changes
Whistleblowing and collective consultation changesLewis Silkin
 
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentationsLewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentationsLewis Silkin
 
Unfair dismissal and employment tribunals
Unfair dismissal and employment tribunalsUnfair dismissal and employment tribunals
Unfair dismissal and employment tribunalsLewis Silkin
 
TUPE
TUPETUPE
TUPELewis Silkin
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersNicole Black
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortzitnewsafrica
 
Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010kapil_arora
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 

Mais conteúdo relacionado

Destaque

Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you? Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you? Lewis Silkin
 
Discrimination law and family friendly rights
Discrimination law and family friendly rightsDiscrimination law and family friendly rights
Discrimination law and family friendly rightsLewis Silkin
 
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012Lewis Silkin
 
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012Lewis Silkin
 
Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies Lewis Silkin
 
The Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meetingThe Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meetingLewis Silkin
 
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar PresentationLewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar PresentationLewis Silkin
 
FM Forum - Termination & TUPE
FM Forum - Termination & TUPEFM Forum - Termination & TUPE
FM Forum - Termination & TUPELewis Silkin
 
Lewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 PresentationLewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 PresentationLewis Silkin
 
Gender pay gap reporting
Gender pay gap reportingGender pay gap reporting
Gender pay gap reportingLewis Silkin
 
Whistleblowing and collective consultation changes
Whistleblowing and collective consultation changesWhistleblowing and collective consultation changes
Whistleblowing and collective consultation changesLewis Silkin
 
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentationsLewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentationsLewis Silkin
 
Unfair dismissal and employment tribunals
Unfair dismissal and employment tribunalsUnfair dismissal and employment tribunals
Unfair dismissal and employment tribunalsLewis Silkin
 

Destaque (15)

Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you? Changes to the EU procurement rules - how will it affect you?
Changes to the EU procurement rules - how will it affect you?
 
Discrimination law and family friendly rights
Discrimination law and family friendly rightsDiscrimination law and family friendly rights
Discrimination law and family friendly rights
 
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
 
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
 
Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies Developing branded products - A toolkit for agencies
Developing branded products - A toolkit for agencies
 
The Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meetingThe Community-Infrastructure-Levy - round table meeting
The Community-Infrastructure-Levy - round table meeting
 
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar PresentationLewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
 
FM Forum - Termination & TUPE
FM Forum - Termination & TUPEFM Forum - Termination & TUPE
FM Forum - Termination & TUPE
 
Lewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 PresentationLewis Silkin Brand Academy 2011 Presentation
Lewis Silkin Brand Academy 2011 Presentation
 
Data protection
Data protectionData protection
Data protection
 
Gender pay gap reporting
Gender pay gap reportingGender pay gap reporting
Gender pay gap reporting
 
Whistleblowing and collective consultation changes
Whistleblowing and collective consultation changesWhistleblowing and collective consultation changes
Whistleblowing and collective consultation changes
 
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentationsLewis silkin Brand Academy 2013 - Building valuable brands presentations
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
 
Unfair dismissal and employment tribunals
Unfair dismissal and employment tribunalsUnfair dismissal and employment tribunals
Unfair dismissal and employment tribunals
 
TUPE
TUPETUPE
TUPE
 

Semelhante a The New Data Protection Regulation and Cookie Compliance

DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersNicole Black
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortzitnewsafrica
 
Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010kapil_arora
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudIOSR Journals
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDaviesParker
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Updatekantarainitiative
 
Takshashila Blue Paper: Charting a New Framework for Data Protection in India
Takshashila Blue Paper: Charting a New Framework for Data Protection in IndiaTakshashila Blue Paper: Charting a New Framework for Data Protection in India
Takshashila Blue Paper: Charting a New Framework for Data Protection in IndiaThe Takshashila Institution
 
Cloud Computing_CS_Oct2012
Cloud Computing_CS_Oct2012Cloud Computing_CS_Oct2012
Cloud Computing_CS_Oct2012Paras Kumar Jain
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
Misa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalMisa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalLou Milrad
 
Legal Challenges in Contracting for Cloud Services
Legal Challenges in Contracting for Cloud ServicesLegal Challenges in Contracting for Cloud Services
Legal Challenges in Contracting for Cloud ServicesLou Milrad
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 

Semelhante a The New Data Protection Regulation and Cookie Compliance (20)

DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay Agile
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
 
Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010Sector Focus; Information Technology; Issue 1 February 2010
Sector Focus; Information Technology; Issue 1 February 2010
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in Cloud
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and Employees
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Update
 
Takshashila Blue Paper: Charting a New Framework for Data Protection in India
Takshashila Blue Paper: Charting a New Framework for Data Protection in IndiaTakshashila Blue Paper: Charting a New Framework for Data Protection in India
Takshashila Blue Paper: Charting a New Framework for Data Protection in India
 
Cloud Computing_CS_Oct2012
Cloud Computing_CS_Oct2012Cloud Computing_CS_Oct2012
Cloud Computing_CS_Oct2012
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
 
Misa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalMisa cloud computing workshop lhm final
Misa cloud computing workshop lhm final
 
Legal Challenges in Contracting for Cloud Services
Legal Challenges in Contracting for Cloud ServicesLegal Challenges in Contracting for Cloud Services
Legal Challenges in Contracting for Cloud Services
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 

Último

FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 

Último (20)

FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 

The New Data Protection Regulation and Cookie Compliance

  • 1. The New Data Protection Regulation & Cookie Compliance C ki C li Simon M i Si Morrissey Head of Technology and Commercial Data Group simon.morrissey@lewissilkin.com Meriel Lenfestey Director at Foolproof meriel@flow-interactive.com i l@fl i t ti 23 February 2012
  • 2. Agenda • Part 1 New Data Protection Regulation > The Context > Key Points • Part 2 The Coo e Law – Planning for Co p a ce e Cookie a a g o Compliance
  • 3. The Context • A complete overhaul of existing European data protection legislation in place since 1995 and in the UK since 1998 • Key aim is to avoid fragmentation legacy by using a Regulation which will have direct effect in Member States • Provides more legal certainty but at the expense of being more prescriptive • Simplifies some aspects of existing compliance regime • Provides more rights to data subjects • Takes away cost of notification but increases burdens on business
  • 4. Key Points All consent must now be explicit (Article 4(8)) – extension of the previous rule which applied to Sensitive Personal data • Impact This will remove t e opt o o form-based consent s e o e the option of o based co se t Data must be processed in a transparent manner (Article 5(a)) • Impact This will increase the level and quality of information data controllers will be required to provide data subjects
  • 5. Key Points cont The data processed must be the minimum necessary for the purpose – compare with the old “not excessive” rule (Article 5(c)) 5( )) • Impact p Greater scrutiny of the type of personal data collected, eg date of birth Parental consent is required to collect data of children under 13 (currently no mandated age) ( ( y g ) (Article 8(1)) ( )) Wider definition of Personal Data (Article 4(1) & (2))
  • 6. Key Points cont Article 3 - New law applies to the processing of personal data of data subjects residing in the EU where the processing relates to: the offering of goods or services to such data subjects; or Monitoring their behaviour ( g (Article 3) )
  • 7. Key Points cont The right to be forgotten (Article 17) – includes obligations to inform third parties of a data subject’s wishes who the controller h authorised t publish personal d t t ll has th i d to bli h l data The data subject’s right to object (Article 19) The data subject’s right to object to automated profiling subject s (Article 20)
  • 8. Key Points cont Notification regime to be replaced by accountability principle (Article 22) • Impact Co t o e s Controllers will be required to de o st ate how t ey co p y equ ed demonstrate o they comply with data protection law rather than just pay a notification fee Data protection by design and by default (Article 23) • Impact Controllers will be required to implement technical and organisational measures to ensure compliance
  • 9. Key Points cont New rules relating to the engagement of data processors (Article 26) Processors may only enlist sub-processors with the prior permission of the controller Potential for data processors to become joint controllers • Impact Appointment of processors will be governed by more robust rules on controllers and processors
  • 10. Key Points cont Data Security (Article 30) Processors now have statutory obligations to keep personal no ha e stat tor data secure. • Impact Under the old law, processors could only be liable contractually f data breaches. Now at risk of fi t t ll for d t b h N t i k f fines. Data breach notification now mandatory for controllers and y processors within 24 hours (Article 31) Also includes obligations on controllers to notify data subjects (Article 32)
  • 11. Key Points cont Appointment of a Data Protection Officer now mandatory for controllers and processors who are employing over 250 people or where th processing requires regular and l h the i i l d systematic monitoring of data subjects (Article 35) International Transfers of Data (Articles 40-44) territories and processing sectors can now be designated as “adequate” or “inadequate” ICO can now validate terms of a data transfer agreement as adequate simplification of Binding Corporate Rules
  • 12. Key Points cont Enforcement (Article 79) New written warning sanction for companies under 250 persons for whom processing is only an ancillary activity 0.5% fine of annual worldwide turnover for breaches of subject access requests 1% fine of annual worldwide turnover for certain breaches 2% fine of annual worldwide turnover for certain breaches
  • 15. EU Cookies for Lewis Silkin Breakfast Briefing Meriel Lenfestey, Partner © Flow Interactive. All rights reserved.
  • 16. Me ... Founder of and a Director and Partner at Interaction Designer with a strong focus on user centred methodologies Recently worked with 6 global & national FS brands to help specify cookies solutions
  • 18. consent by the data subject (must the more privacy intrusive your activity, Feature led consent: Provided you be) based upon an appreciation the more priority you will need to give to To be valid, consent must be informed. This make it clear to the user that by and understanding of the facts and getting meaningful consent ... It might implies that all the necessary information must choosing to take a particular action implications of an action be useful to think of this in terms of a be given at the moment the consent is then certain things will happen you For consent to be unambiguous, the sliding scale, with privacy neutral lidi l ih i l requested, and that this should address the may interpret this as their consent procedure to seek and to give consent cookies at one end of the scale and substantive aspects of the processing that the consent is intended to legitimise. must leave no doubt as to the data more intrusive uses of the technology at The way the information is given (in subject's intention to deliver consent. the other. You can then focus your plain text, without use of jargon, efforts on achieving compliance The crucial understandable, conspicuous) is The indication by which the data appropriately providing more the ambiguity of a passive response consideration is that crucial in assessing whether the subject signifies his agreement will make it difficult to fulfil the information and offering more detailed the individual must fully consent is “informed”. The way in must leave no room for ambiguity choices at the intrusive end of the scale. requirements of the Directive understand that by the y which this information should be given regarding his/her intent g g action in question they depends on the context: a Any attempt to gain consent that relies on will be giving consent regular/average user should be able UNAMBIGUOUS users’ ignorance about what they are to understand it. agreeing to is unlikely to be compliant. The minimum expression of an INFORMED CONSENT indication could be any kind of signal, Both the quality of information (plain text sufficiently clear to be capable of without jargon) and the indicating a data subject's wishes, and The words “indication” and “signifying” accessibility/visibility are important. to be understandable by the data point in the direction of an action indeed controller. It is essential that the data subject is being needed (as opposed to a situation where consent could be inferred from a INFORMED TYPE OF INFORMATION given the opportunity to make a lack of action) decision and to express it, for instance ...is provided with clear Where the feature is provided by a third party by ticking the box himself, in view of the purpose of the data processing CONSENT ACTION and comprehensive you may need to make users aware of this and point them to information on how the third party you could ... set a cookie and could include a handwritten signature CONSENT information about the might use cookies and similar technologies so that the user is able to make an informed infer consent from the fact that affixed at the bottom of a paper form, but purposes of the choice the user has seen a clear notice also oral statements to signify agreement, agreement and actively indicated that they or a behaviour from which consent can be The subscriber or storage of, or access t f To be valid, consent must be specific. In are comfortable with cookies by reasonably concluded. user... has given to, that information other words, blanket consent without clicking through and using the specifying the exact purpose of the his or her consent site The Opinion distinguishes the wording of the previous article 5(3) (“and is While Article 5(3) does not use the word prior, this is a clear and obvious The LAW processing is not acceptable. conclusion from the wording of the Text should be sufficiently full and offered the right to refuse such provision.” intelligible to allow individuals to clearly processing”) with the new wording (“only ll (“ l allowed on condition th t th d diti that the TIMING OF CONSENT understand the potential consequences of allowing storage and access to the subscriber or user concerned has given his or her consent”) Obtaining consent before the APPLICATION information collected by the device processing of data starts is an essential websites should be able to demonstrate condition to legitimise the processing of data The more complex or intrusive the that they are doing as much as possible Shall not apply…where activity the more information you will to reduce the amount of time before the PROOF OF CONSENT such storage or access have to provide. user receives information about cookies and is provided with options is strictly necessary for y y consent should b verifiable t h ld be ifi bl the provision of an JUST COOKIES? information society WITHDRAWING CONSENT Aimed at any electronic communications service requested by the Key Individuals who have consented should be able to withdraw their consent, preventing subscriber or user. network that is used to store or access information held on the terminal equipment of a user (i.e. a user’s device) Privacy and Electronic Communications further processing of their data (EC Directive)Regulations 2003 Regulations also apply to similar STRICTLY NECESSARY technologies to cookies e.g. Local Article 29 data protection working party INFORMATION SOCIETY SERVICE shared objects such as Flash cookies Definition of strictly necessary is a ICO guidance on Definition ‘information society service’: any service narrow one. It might apply to a http://www.ico.gov.uk/for_organisatio normally provided for remuneration, at a distance, by [shopping basket] ns/privacy_and_electronic_communi means of electronic equipment for the processing cations/the_guide/cookies.aspx Essential ( rather than reasonably (including digital compression) and storage of data, necessary) to provide the service and at the individual request of a recipient of a service Electronic Commerce (EC Directive) requested by the user. Note this excludes Regulations 2002 what might be essential for any other uses the service provider might wish to Lewis Silkin published opinion to industry Guidance make of that data Service must have been “explicitly requested”
  • 19. Our li t ’ Cookies O clients’ C ki Hardware & software Aggregator Targeted external content e.g. Ads (behaviour / Provider use of Service provider profile driven) analytics data (e.g. Google, Facebook) Accessibility Auto-save for return Targeted internal content (behaviour / Authentication visit profile driven) Analytics Settings & Remember me Cookies cookie preferences 3rd party content e.g. Twitter Save progress Core service e.g. Shopping basket Mortgage calculator
  • 20. Cookie Categories C ki C t i Security Authentication Remember me Auto-tailor Cookies cookie Accessibility Targeted internal content (behaviour / profile driven) Targeted external content e.g. Hardware & software Ads (behaviour / profile driven) Manual tailor Settings & preferences 3rd party content e.g. Process Mortgage calculator Twitter Service provider Aggregator Save progress Core service e.g. Auto-save for return Shopping basket visit MI Analytics
  • 21. Cookie Categories & L C ki C t i Levels of I t i l f Intrusiveness Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Security Authentication Remember me Auto-tailor Auto tailor Accessibility Hardware & software Targeted internal Targeted external Cookies cookie content (behaviour / content e.g. Ads profile driven) (behaviour / profile driven) Manual tailor Settings & preferences Process Core service e g e.g. Save progress Auto-save Auto save for return Aggregator Shopping basket Mortgage calculator visit Service provider 3rd party content e.g. Twitter MI Site only analytics Provider use of data (not profiling) analytics data (e.g. Google, Facebook)
  • 22. Cookie Categories, L C ki C t Categories Levels of I t i i l f Intrusiveness & I iti ti Initiation Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Security Authentication Remember me Auto-tailor Auto tailor Accessibility Hardware & software Targeted internal Targeted external Cookies cookie content (behaviour / content e.g. Ads profile driven) (behaviour / profile driven) Manual tailor Settings & preferences Process Core service e g e.g. Save progress Auto-save Auto save for return Aggregator Shopping basket Mortgage calculator visit Service provider 3rd party content e.g. Twitter MI Site only analytics Provider use of data (not profiling) analytics data (e.g. Google, Facebook)
  • 23. Legal requirements f C L l i t for Consent & Informed t I f d Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Provable, prior, explicit, informed Summary to support informed Description of category of use INFORMED consent with detail available
  • 24. Guidance f C G id for Consent & Informed t I f d Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Provable, prior, explicit, Inferred, ASAP informed Summary to support informed Description of category of use INFORMED consent with detail available
  • 25. Solutions S l ti Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) INFORMED Ignore Include information in context for user initiated !!! Prior to consent for cookies. user initiated cookies or and / or or Include on cookies page for sake of Include in single consent description at start of Contracts with your openness and session: partners / providers / completeness customers “Allowing cookies lets you shape the service to your needs, use the interactive services on our site and stand up and be counted.” it d t d db t d” “We use cookies to provide a useful & relevant service for every user and understand how peop e people use the service so t at we ca keep t e se ce that e can eep improving.”
  • 26. Solutions S l ti Level 0 Level 1 Level 2 Level 3 Strictly necessary for Mostly client* only Either not user initiated 3rd party access to the core service and and low or includes profiling. data explicitly requested intrusiveness as no Internal use only by the user profiling. Internal use only Authentication Remember me Targeted internal Targeted external content e ge.g. Accessibility Hardware & software content (behaviour / Ads (behaviour / profile driven) Shopping basket Cookies cookie profile driven) Aggregator Settings & preferences Auto-save for return Service provider Save progress visit 3rd party content e.g. Twitter Mortgage calculator g g Provider use of analytics data y Site only analytics data (e.g. Google, Facebook) (not profiling) CONSENT Do nothing RISK Do nothing Do nothing Single inform Single inform Do nothing Single inform Prior  / Informed consent Do nothing Inferred / delayed consent Prior  / Informed consent IMPACT Do nothing Prior  / Informed consent
  • 27. Simple Rules for Design Solutions Si l R l f D i S l ti Consent must be informed and provable Consent is needed for the purpose... not the data... or the object purpose Cookie purpose data purpose Consent must be the path of least resistance start consent use of service The chance of gaining consent is a product of ease, benefit and confidence ease benefit b fit trust t t x x = probability of consent difficulty cost anxiety
  • 28. Level 1 & 2 single consent ( li htb ) L l i l t (as lightbox) Default to accept – but clearly label the button Allow continue without cookies consent (if possible) Commercial decisions: y y • Do you allow them to say no? • How many people will you lose? Or will not consent?
  • 29. Notify N tif on Action for Level 1 & 2 A ti f L l Consent already given Consent not given so features which will use a cookie show cookies icon ... ... and display a description of how cookie is used on rollover
  • 30. Level 3 gateway consent L l t t Default to accept – but clearly label the button Allow continue without cookies consent (if possible) Commercial decisions: y p y y p • Should you focus on this area to remain in the spirit of the law if you are not fully compliant  elsewhere?
  • 31. Single inform (I f Si l i f (Inferred consent) d t) Commercial Questions: Commercial Questions: • Do you write any cookies on arrival at  this page? • Do you offer people the chance to opt  ff l h h out at this stage? Perhaps via an  information page. • Do you offer the chance to ‘close’ the  y banner by providing active consent? • Is this shown whenever the user  returns? Banner visible on entry to site but not highlighted. y g g We would recommend that when a link is rolled over the banner highlights  • Does cookies ‘status’ remain on every  page? As a message, as an icon. • How can you ‘prove’ people see  y p p p banner? E.g. Eye‐tracking research,  placing more prominently
  • 32. This isn’t going away It’s the law isn t away. It s