How Will the New Privacy Regulations Affect Your Digital Set-up? In less than 2 years from now, Europe’s new data privacy law will come into effect, changing the way organizations handle information of their users. General Data Protection Regulation will heavily impact usage of digital tools for customer insights and analytics.
This presentation was created by the Piwik PRO Team for a webinar session with Aurelie Pols. Webinar recording is available on: https://youtu.be/dPOvbbZ3vdo
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Privacy Regulations and Your Digital Setup
1. How Will the New Privacy
Regulations Affect Your Digital
Setup?
Thursday, 11th of February
3pm CET ・ 2pm GMT ・ 9am EST
Aurélie Pols
Mind Your Privacy
3. Aurélie Pols
How Will the New Privacy
Regulations Affect Your
Digital Setup?
Data privacy expert, entrepreneur, lecturer,
and leader of Mind Your Privacy consultancy.
Recognized as The Most Influential Industry
Contributor of 2015 by the Digital Analytics
Association, Aurélie sits on the data ethics
Advisory Board of the European Data
Protection Supervisor (EDPS) and is a
Training Advisory Board member of the the
International Association of Privacy
Professionals (IAPP).
About the speakers
How Will the New Privacy Regulations Affect Your Digital Setup?
Matthias Bettag
Introduction: Continuing
the Safe Harbor Debate
Country Manager of the Digital Analytics
Association (DAA) Germany since 2010, DAA
Certified Web Analyst™ and Consultant
based in Berlin. Lecturer at the University of
British Columbia (UBC), Organizer of the
Digital Analytics Hub Conference (DA Hub).
4. Continuing the Safe Harbor discussion
How Will the New Privacy Regulations Affect Your Digital Setup?
• Webinar held in October 2015 by
DAA Germany
• Also featured Aurélie Pols speaking
• on the meaning of the Safe Harbor
renouncement.
• Since October 2015 new
developments in the field:
• GDPR
• Privacy Shield
5. About DAA Germany
How Will the New Privacy Regulations Affect Your Digital Setup?
• Established as the first non-American
regional DAA branch in April 2014
• Official status: non-profit organization (e.V)
• Close links with the Global DAA
• Education, building the digital analytics
community publications, knowledge
transfer and advice
• Organizing Events, such as :
• Digital Analytics Day
• DAALAs - DAA Late Afternooons - in various
German cities
• Collaborating with industry leaders, co-
organizing conferences and conferences
• Membership plans and opportunities
Jim Sterne, Founder of DAA,
at the inauguration of DAA
Germany
http://daa-germany.org
7. Where did it come from?
• DIRECTIVE 2009/136/EC OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of 25
November 2009, amending Directive 2002/22/EC
on universal service and users’ rights relating to
electronic communications networks and services,
Directive 2002/58/EC concerning the processing of
personal data and the protection of privacy in the
electronic communications sector, and Regulation
(EC) No 2006/2004 on cooperation between
national authorities responsible for the enforcement
of consumer protection laws.
• What you need to remember here: Telecoms
package + ePrivacy Directive.
How Will the New Privacy Regulations Affect Your Digital Setup?
8. Directive, but Not a Regulation
1. Transposition varies per country
2. Enforcement? Not really
Maximum fine: €3500
Source: Technology Law Dispatch
How Will the New Privacy Regulations Affect Your Digital Setup?
9. Conclusion for Digital Analytics
1. Tick box projects
2. Cookie notices everywhere
3. EU decides in 2012 to go one step
further…
EU Commission Vice-President, Viviane Reding
Citizens do not always feel in
full control of their personal
data
Source: WFA Marketers
How Will the New Privacy Regulations Affect Your Digital Setup?
10. International Data Transfers
Obliterating the internal
data processing framework
known as SafeHarbor:
The European Court of
Justice in Luxembourg
declares SafeHarbor illegal
in October 2015. Data of EU
citizens can’t be processed
by US entities on the basis
of SF, more guarantees are
needed.
February 2016:
Announcement of
PrivacyShield, new
framework for
transatlantic data flows
between US and UE.
Source: European Commission
Edward
Snowden
2013
Max
Schrems
2015
How Will the New Privacy Regulations Affect Your Digital Setup?
11. SafeHarbor Renounced,
What Happens Now?
• SalesForce amends it contracts to
replace SH clauses the very next day -
details
• Data Protection Agencies declare a
moratorium until end of January to
give the politicians time to find a
solution: the clock is ticking!!!
• Be careful with using non-European
tools
How Will the New Privacy Regulations Affect Your Digital Setup?
12. Why should digital analytics care today?
Coordinated Fines Regarding Consent Move
Up to 4% of Global Turnover, Capped at €20M
➞ Increase of Direct Privacy Risk
Other risks:
• Increased coordination of EU Data Protection Agencies
• for investigations (GPEN) & fines;
• for consumer complaints
• Responsibility for all companies addressing EU citizens
• Increased responsibility for intermediaries: processors, joint
controllers
• Increased hedging by citizens (AdBlocking)
How Will the New Privacy Regulations Affect Your Digital Setup?
13. What Does Digital Analytics Need?
1. Minimum viable privacy features in
tools for compliance.
2. Flexibility of those features to adapt to
audience and customer segments.
Issue for consideration: How can digital analytics be
compliant, or even ethical, if minimum viable
compliance features do not exist?
How Will the New Privacy Regulations Affect Your Digital Setup?
14. Consumer Attitudes Towards Privacy
How Will the New Privacy Regulations Affect Your Digital Setup?
• Privacy as a
differentiator and
a growing business
priority
• Certainly context
driven as Pew
Research showed
15. Consumer Attitudes Towards Privacy
How Will the New Privacy Regulations Affect Your Digital Setup?
• Privacy as a
differentiator and
a growing business
priority
• Certainly context
driven as Pew
Research showed
16. What Should the Digital Industry
Be Aiming For?
How Will the New Privacy Regulations Affect Your Digital Setup?
17. What Should the Digital Industry
Be Aiming For?
How Will the New Privacy Regulations Affect Your Digital Setup?
18. Data Trust Through the Entire
Digital Ecosystem
• As taught by social media!
• For full introduction to data ecosystem
please see the FREE whitepaper on
Web Analytics for Data-Sensitive
Industries.
If your customers trust you,
they love you
and they will be passionate
about your love…
…but if you breach their trust,
you will not just create Dislike
You will create hate.
People don’t go from Love to Dislike
TRUSTPRIVACY
$+$-
LikeDislike
How Will the New Privacy Regulations Affect Your Digital Setup?
Inspired by IAPP
19. Data Trust Through the Entire
Digital Ecosystem
GAPP OECD Guidelines FTC FIPPS EU Directive ISO 27002 APEC
Management
Operations
Management
Preventing Harm
Collection
Collection
Limitation
Proportionality
Information
Acquisition
Collection
Limitations
Quality Data Quality
Integrity of
Personal Info
Notice
Specification of
Purpose
Notice/
Awereness
Transparency Notice
Use, Retention,
Disposal
Use Limitation
Legitimate
Purpose
Asset
Management
Uses of Personal
Info
Security for
Privacy
Security
Safeguards
Integrity/Security Security
Security
Safeguards
Access Openness
Access/
Participation
Access Control
Access and
Correction
Choice/Consent
Individual
Participation
Choice/Consent
Asset
Management
Choice
Monitoring and
Enforcement
Accountability
Enforcement/
Redress
Supervisory
authority
Compliance Accountability
Disclousure to
Third Parties
Persona Data
Transfer to 3rd
Parties
GAPP: Generally Accepted
Privacy Principles by American
Institute of Certified Public
Accountants (AICPA)
OECD: Organization for
Economic Cooperation and
Development
FIPPS: Fair Information
Practice Principles by the
Federal Trade Commission
ISO Certification appeared for
Google Analytics in April 2015
APEC: Asia-Pacific Economic
Cooperation
Source: Privacy Engineer’s Manifesto by Michelle Finneran Dennedy, Jonathan Fox and Thomas R Finneran
How Will the New Privacy Regulations Affect Your Digital Setup?
20. Basic Principles
1. Collection Limitation
2. Data Quality
3. Individual Participation
4. Purpose Specification
5. Use Limitation
6. Openness
7. Security Safeguards
8. Accountability
How Will the New Privacy Regulations Affect Your Digital Setup?
21. • Risk: Fines up to 4% of global turnover
• Timing for all EU Countries and addressing all EU
citizens: 2018
• Obligations:
• Cyber-security and breach notification
• Cross-border data transfers => SafeHarbor
• Mandatory Data Protection Officer (DPO)
• Written documentation
• Data Processors
• Consent
How Will the New Privacy Regulations Affect Your Digital Setup?
About the General Data
Protection Regulation
22. From Directive to Regulation:
• From implicit and opt-out to “a statement or a clear
affirmative action”
• Recognizing “special categories of data”:
Revealing racial or ethnic origin, political opinions, religious
or philosophical beliefs, trade-union membership, and the
processing of genetic data, biometric data in order to
uniquely identify a person, or data concerning health or sex
life and sexual orientation
• Children: Consent required up to 16 years of age!
• Right to be Forgotten: Data erasure when consent is
withdrawn
How Will the New Privacy Regulations Affect Your Digital Setup?
Focusing on Consent
23. The Open-Source Opportunity
• Flexibility
• Openness of code
• Continuous improvement
• Customizable and extensible
• No data limits
• Not limited to one vendor
How Will the New Privacy Regulations Affect Your Digital Setup?
24. Tuning in on Consumers’ Rights: DNT
• Universal Web Tracking Opt Out
• Does your software respect the DNT
setting?
How Will the New Privacy Regulations Affect Your Digital Setup?
Source: DoNotTrack