SlideShare uma empresa Scribd logo

Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse

Transferir como PPT, PDF
agenda21
agenda21
TecnologiaNotícias e política
1 de 33
Data Protection and the New EU Cookie Regime David Naylor Partner, Field Fisher Waterhouse david.naylor@ffw.com 18 April 2012
What Privacy?
What Privacy?
What Privacy? “[a]n examination of 101 popular smartphone "apps" … showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders… Many apps don't offer even a basic form of consumer protection: written privacy policies. Forty-five of the 101 apps didn't provide privacy policies on their websites or inside the apps at the time of testing.” Source: Wall Street Journal http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html
What Privacy?
What Privacy?
Data Protection and the New EU Cookie Regime ICO fines Midlothian Council £140K for data breaches Monday 30 January 2012 09:58
Data Protection and the New EU Cookie Regime • Comprehensive European and individual Member State privacy regimes • Applies to all personal data, not just certain types of data • Applies to all businesses, not just consumer- facing businesses
Data Protection and the New EU Cookie Regime Meaning of ‘personal’ data • Data protection protects ‘personal’ data • Is an individual identifiable or ‘singled out’? • ‘Anonymised’ data types can be personal: • IP addresses • UDID data • Hashed data
Data Protection and the New EU Cookie Regime Meaning of ‘personal’ data • An example - QR codes • User scans code and is directly transferred to URL • Website collects IP address / system / date + time data • User scans code and is routed through QR reader servers • App publisher collects mobile UDID • Publisher may commercialise with third parties • Allows for mobile tracking • Takeaway: • Even ‘anonymised’ data can be ‘personal’… • If it’s personal, it’s protected
Data Protection and the New EU Cookie Regime Key Principles: • Fair and lawful processing • Limited purposes • Adequate, relevant and not excessive • Accurate • Kept no longer than necessary • Processing in accordance with the data subject's rights • Secure • No transfer to countries without adequate protection
Data Protection and the New EU Cookie Regime Consequences of compliance failures: • Certain breaches are criminal offences • Regulators may impose fines – now up to £500,000 in the UK and may be more in other EU jurisdictions • Unlimited civil liability a possibility • Disruption to business-critical data processing • Complaints from customers, employees, suppliers etc. • “Naming and shaming” – brand damage • Loss of business
Data Protection and the New EU Cookie Regime 4. Cookies Cookies – Revised E-Privacy Directive • Implementation deadline was 25th May 2011 • Some states have implemented (including UK), some have not • UK: • ICO has allowed “sunrise” period of 1 year before it takes any enforcement action • IAB self-regulatory approach praised by UK Government
Data Protection and the New EU Cookie Regime How ‘cookie’ requirements have changed Member States shall ensure that the [use of electronic communications networks to store] storing of information or [to gain] the gaining of access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned [is] has given his or her consent, having been provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. [and is offered the right to refuse such processing by the data controller.] This shall not prevent any technical storage or access for the sole purpose of carrying out [or facilitating] the transmission of a communication over an electronic communications network, or as strictly necessary in order [to provide] for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
Data Protection and the New EU Cookie Regime The new cookie consent requirement • Exemptions • ‘Strictly necessary’ to provide user-requested service • Carrying out transmission across a network • Practical consequences • Shopping basket, security and page load cookies are OK… • …but everything else needs some form of consent… • …and impacts more than just cookies (any ‘pulled’ data) • Browser and other application settings • Permitted “where technically possible and effective” • Regulatory view is that current browser settings are not enough
Questions?
Data Protection and the New EU Cookie Regime Some common misunderstandings • “This only affects website cookie data” • No, the requirement applies whenever storing or accessing “information” (e.g. device fingerprinting and mobile data collection) • “We need pop-ups to get consent” • No, the requirement is only to get consent. How to do this is up to you • “Individuals must expressly consent” • No, with sufficient notice and control, consent for some cookies can be implied from a user’s action or inaction.
Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 1: Assess use of cookies • Step 2: Identify necessity / intrusiveness • Step 3: Enhance disclosures • Step 4: Implement a consent strategy
Data Protection and the New EU Cookie Regime Step 1. Assess use of cookies
Data Protection and the New EU Cookie Regime Step 2. Assess intrusiveness Points to consider: 2. Cookie purpose Session 3. Cookie expiry 4. Website itself 1st party session cookie 3rd party session cookie 5. Flash cookies (e.g. language preference) (e.g. secure payment) 1st party 3rd party 1st party persistent cookie (e.g. website analytics) 3rd party persistent cookie (e.g. targeted advertising) Persistent
Data Protection and the New EU Cookie Regime Step 3. Enhance disclosures …the benefits of data minimisation!
Data Protection and the New EU Cookie Regime Step 4: Implement a consent strategy ICO Guidance on the rules on use of cookies and similar technologies December 2011 The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as: ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’. Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.
Data Protection and the New EU Cookie Regime Step 4: Implement a consent strategy • No certainty as to what will be required • Pop-up windows? Consent Banners? • Implied consent? • Limited intrusiveness • Enhanced notice • Real control
Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 5: Other practical measures • Always provide an opt out • Cookies • Anonymise and encrypt • Use session cookies vs. persistent cookies • Reduce cookie expiry periods • Remove redundant cookies • Identify quick wins • Website registration / other customer interaction points • Mobile app download / opening
Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 5: Other practical measures (cont): • Internal processes / procedures • Implement internal standards for authorising new cookie use • Identify who should authorise – legal, IT, marketing? • Consider a ‘one in, one out’ approach • Maintain a cookie log + require periodic review • Third party providers (ad networks / analytics etc.) • Due diligence – do your providers observe good data hygiene standards? • Apportion compliance responsibility • Ensure contract reflects agreed roles • Don’t accept bad behaviour • Role of self-regulatory compliance / market practice
Data Protection and the New EU Cookie Regime Cookie transparency 1. Highlight new information to visitors 2. Be more descriptive
Data Protection and the New EU Cookie Regime Cookies Express consent models
Data Protection and the New EU Cookie Regime Cookies Express consent models
Data Protection and the New EU Cookie Regime Cookies Implied consent models
Data Protection and the New EU Cookie Regime Cookies Practical example
Data Protection and the New EU Cookie Regime Cookies Practical example
Data Protection and the New EU Cookie Regime Cookies Practical example
Data Protection and the New EU Cookie Regime Cookies Practical example

Recomendados

Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclaystheidm_quals
 
Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Bart Van Den Brande
 
Legal Perspective: Privacy, compliance and legal implications of location bas...
Legal Perspective: Privacy, compliance and legal implications of location bas...Legal Perspective: Privacy, compliance and legal implications of location bas...
Legal Perspective: Privacy, compliance and legal implications of location bas...HitReach
 
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardseBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardsJon Egley
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookiesPeter McClymont
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal updateRachel Aldighieri
 
Cookies guidance v3
Cookies guidance v3Cookies guidance v3
Cookies guidance v3Andy Ryu
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 

Recomendados

Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclaystheidm_quals
 
Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Bart Van Den Brande
 
Legal Perspective: Privacy, compliance and legal implications of location bas...
Legal Perspective: Privacy, compliance and legal implications of location bas...Legal Perspective: Privacy, compliance and legal implications of location bas...
Legal Perspective: Privacy, compliance and legal implications of location bas...HitReach
 
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardseBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardsJon Egley
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookiesPeter McClymont
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal updateRachel Aldighieri
 
Cookies guidance v3
Cookies guidance v3Cookies guidance v3
Cookies guidance v3Andy Ryu
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
EU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandEU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandKrishna De
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...BCC - Solutions for IBM Collaboration Software
 
The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013blue2purple
 
Rtia'05 an introduction
Rtia'05 an introductionRtia'05 an introduction
Rtia'05 an introductionBhim Thatal
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...Pietro Calorio
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy ChallengesJonathan Ezor
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008duanehutson
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessionssalissal
 
Php file upload, cookies & session
Php file upload, cookies & sessionPhp file upload, cookies & session
Php file upload, cookies & sessionJamshid Hashimi
 
2014 troop cookie manager training power point
2014 troop cookie manager training power point2014 troop cookie manager training power point
2014 troop cookie manager training power pointTeresa Stephens
 
The Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth CaliforniaThe Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth CaliforniaChatsworth Historical Society
 
The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012Rachel Aldighieri
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 

Mais conteúdo relacionado

Mais procurados

IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
EU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandEU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandKrishna De
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013blue2purple
 
Rtia'05 an introduction
Rtia'05 an introductionRtia'05 an introduction
Rtia'05 an introductionBhim Thatal
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...Pietro Calorio
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy ChallengesJonathan Ezor
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 

Mais procurados (14)

IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulation
 
EU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandEU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And Ireland
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013The Cookie Law in Belgium - April 2013
The Cookie Law in Belgium - April 2013
 
Rtia'05 an introduction
Rtia'05 an introductionRtia'05 an introduction
Rtia'05 an introduction
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
 
Legal update
Legal updateLegal update
Legal update
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
GDPR ed Explainable AI - Intelligenza Artificiale e Regolamento Europeo sulla...
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
 

Destaque

[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008duanehutson
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessionssalissal
 
Php file upload, cookies & session
Php file upload, cookies & sessionPhp file upload, cookies & session
Php file upload, cookies & sessionJamshid Hashimi
 
2014 troop cookie manager training power point
2014 troop cookie manager training power point2014 troop cookie manager training power point
2014 troop cookie manager training power pointTeresa Stephens
 
The Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth CaliforniaThe Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth CaliforniaChatsworth Historical Society
 

Destaque (6)

[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008[Utsoa] Enews 4.11.2008
[Utsoa] Enews 4.11.2008
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
 
Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessions
 
Php file upload, cookies & session
Php file upload, cookies & sessionPhp file upload, cookies & session
Php file upload, cookies & session
 
2014 troop cookie manager training power point
2014 troop cookie manager training power point2014 troop cookie manager training power point
2014 troop cookie manager training power point
 
The Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth CaliforniaThe Cookie Jar Theatre and Milton Parsons Chatsworth California
The Cookie Jar Theatre and Milton Parsons Chatsworth California
 

Semelhante a Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse

Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal updateRachel Aldighieri
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)RobertMachin
 
Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011Antoine Gay
 
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfA-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfAdzappier
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceTrustArc
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
Marketing Meets Privacy_ What You Need to Know in 2023.pdf
Marketing Meets Privacy_ What You Need to Know in 2023.pdfMarketing Meets Privacy_ What You Need to Know in 2023.pdf
Marketing Meets Privacy_ What You Need to Know in 2023.pdfJohn Doyle
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookiesdbaillieu
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Agenda21 eu cookie seminar - dominic trigg - rocket fuel
Agenda21 eu cookie seminar - dominic trigg - rocket fuelAgenda21 eu cookie seminar - dominic trigg - rocket fuel
Agenda21 eu cookie seminar - dominic trigg - rocket fuelagenda21
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youKWD Webranking
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Anna Long
 

Semelhante a Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse (20)

The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdf
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies update
 
DMA North: Legal Update
DMA North: Legal UpdateDMA North: Legal Update
DMA North: Legal Update
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal update
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)
 
Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011
 
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfA-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain Compliance
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
Cookies and European Union Law
Cookies and European Union LawCookies and European Union Law
Cookies and European Union Law
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
Marketing Meets Privacy_ What You Need to Know in 2023.pdf
Marketing Meets Privacy_ What You Need to Know in 2023.pdfMarketing Meets Privacy_ What You Need to Know in 2023.pdf
Marketing Meets Privacy_ What You Need to Know in 2023.pdf
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookies
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Agenda21 eu cookie seminar - dominic trigg - rocket fuel
Agenda21 eu cookie seminar - dominic trigg - rocket fuelAgenda21 eu cookie seminar - dominic trigg - rocket fuel
Agenda21 eu cookie seminar - dominic trigg - rocket fuel
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you
 
Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?
 

Mais de agenda21

Audience and Google RLSA Overview from agenda21
Audience and Google RLSA Overview from agenda21Audience and Google RLSA Overview from agenda21
Audience and Google RLSA Overview from agenda21agenda21
 
Useful data presentation from DataShaka
Useful data presentation from DataShakaUseful data presentation from DataShaka
Useful data presentation from DataShakaagenda21
 
Agenda21 - Optimising Paid Search campaigns
Agenda21 - Optimising Paid Search campaignsAgenda21 - Optimising Paid Search campaigns
Agenda21 - Optimising Paid Search campaignsagenda21
 
Optimising online video agenda21 event - Be On's Recommendation
Optimising online video agenda21 event - Be On's RecommendationOptimising online video agenda21 event - Be On's Recommendation
Optimising online video agenda21 event - Be On's Recommendationagenda21
 
Optimising online video agenda21 event - Youtube's Perspective
Optimising online video agenda21 event - Youtube's PerspectiveOptimising online video agenda21 event - Youtube's Perspective
Optimising online video agenda21 event - Youtube's Perspectiveagenda21
 
Optimising online video agenda21 event - videology
Optimising online video agenda21 event - videologyOptimising online video agenda21 event - videology
Optimising online video agenda21 event - videologyagenda21
 
agenda21 The Future of Search - @mattjbush talks about the Moments that matter
agenda21 The Future of Search - @mattjbush talks about the Moments that matteragenda21 The Future of Search - @mattjbush talks about the Moments that matter
agenda21 The Future of Search - @mattjbush talks about the Moments that matteragenda21
 
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward agenda21
 
Addictive Mobile Presentation
Addictive Mobile PresentationAddictive Mobile Presentation
Addictive Mobile Presentationagenda21
 

Mais de agenda21 (9)

Audience and Google RLSA Overview from agenda21
Audience and Google RLSA Overview from agenda21Audience and Google RLSA Overview from agenda21
Audience and Google RLSA Overview from agenda21
 
Useful data presentation from DataShaka
Useful data presentation from DataShakaUseful data presentation from DataShaka
Useful data presentation from DataShaka
 
Agenda21 - Optimising Paid Search campaigns
Agenda21 - Optimising Paid Search campaignsAgenda21 - Optimising Paid Search campaigns
Agenda21 - Optimising Paid Search campaigns
 
Optimising online video agenda21 event - Be On's Recommendation
Optimising online video agenda21 event - Be On's RecommendationOptimising online video agenda21 event - Be On's Recommendation
Optimising online video agenda21 event - Be On's Recommendation
 
Optimising online video agenda21 event - Youtube's Perspective
Optimising online video agenda21 event - Youtube's PerspectiveOptimising online video agenda21 event - Youtube's Perspective
Optimising online video agenda21 event - Youtube's Perspective
 
Optimising online video agenda21 event - videology
Optimising online video agenda21 event - videologyOptimising online video agenda21 event - videology
Optimising online video agenda21 event - videology
 
agenda21 The Future of Search - @mattjbush talks about the Moments that matter
agenda21 The Future of Search - @mattjbush talks about the Moments that matteragenda21 The Future of Search - @mattjbush talks about the Moments that matter
agenda21 The Future of Search - @mattjbush talks about the Moments that matter
 
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward
agenda21 The Future of Search - dcoplin from Microsoft talks Future Forward
 
Addictive Mobile Presentation
Addictive Mobile PresentationAddictive Mobile Presentation
Addictive Mobile Presentation
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse

  • 1. Data Protection and the New EU Cookie Regime David Naylor Partner, Field Fisher Waterhouse david.naylor@ffw.com 18 April 2012
  • 4. What Privacy? “[a]n examination of 101 popular smartphone "apps" … showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders… Many apps don't offer even a basic form of consumer protection: written privacy policies. Forty-five of the 101 apps didn't provide privacy policies on their websites or inside the apps at the time of testing.” Source: Wall Street Journal http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html
  • 7. Data Protection and the New EU Cookie Regime ICO fines Midlothian Council £140K for data breaches Monday 30 January 2012 09:58
  • 8. Data Protection and the New EU Cookie Regime • Comprehensive European and individual Member State privacy regimes • Applies to all personal data, not just certain types of data • Applies to all businesses, not just consumer- facing businesses
  • 9. Data Protection and the New EU Cookie Regime Meaning of ‘personal’ data • Data protection protects ‘personal’ data • Is an individual identifiable or ‘singled out’? • ‘Anonymised’ data types can be personal: • IP addresses • UDID data • Hashed data
  • 10. Data Protection and the New EU Cookie Regime Meaning of ‘personal’ data • An example - QR codes • User scans code and is directly transferred to URL • Website collects IP address / system / date + time data • User scans code and is routed through QR reader servers • App publisher collects mobile UDID • Publisher may commercialise with third parties • Allows for mobile tracking • Takeaway: • Even ‘anonymised’ data can be ‘personal’… • If it’s personal, it’s protected
  • 11. Data Protection and the New EU Cookie Regime Key Principles: • Fair and lawful processing • Limited purposes • Adequate, relevant and not excessive • Accurate • Kept no longer than necessary • Processing in accordance with the data subject's rights • Secure • No transfer to countries without adequate protection
  • 12. Data Protection and the New EU Cookie Regime Consequences of compliance failures: • Certain breaches are criminal offences • Regulators may impose fines – now up to £500,000 in the UK and may be more in other EU jurisdictions • Unlimited civil liability a possibility • Disruption to business-critical data processing • Complaints from customers, employees, suppliers etc. • “Naming and shaming” – brand damage • Loss of business
  • 13. Data Protection and the New EU Cookie Regime 4. Cookies Cookies – Revised E-Privacy Directive • Implementation deadline was 25th May 2011 • Some states have implemented (including UK), some have not • UK: • ICO has allowed “sunrise” period of 1 year before it takes any enforcement action • IAB self-regulatory approach praised by UK Government
  • 14. Data Protection and the New EU Cookie Regime How ‘cookie’ requirements have changed Member States shall ensure that the [use of electronic communications networks to store] storing of information or [to gain] the gaining of access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned [is] has given his or her consent, having been provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. [and is offered the right to refuse such processing by the data controller.] This shall not prevent any technical storage or access for the sole purpose of carrying out [or facilitating] the transmission of a communication over an electronic communications network, or as strictly necessary in order [to provide] for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
  • 15. Data Protection and the New EU Cookie Regime The new cookie consent requirement • Exemptions • ‘Strictly necessary’ to provide user-requested service • Carrying out transmission across a network • Practical consequences • Shopping basket, security and page load cookies are OK… • …but everything else needs some form of consent… • …and impacts more than just cookies (any ‘pulled’ data) • Browser and other application settings • Permitted “where technically possible and effective” • Regulatory view is that current browser settings are not enough
  • 17. Data Protection and the New EU Cookie Regime Some common misunderstandings • “This only affects website cookie data” • No, the requirement applies whenever storing or accessing “information” (e.g. device fingerprinting and mobile data collection) • “We need pop-ups to get consent” • No, the requirement is only to get consent. How to do this is up to you • “Individuals must expressly consent” • No, with sufficient notice and control, consent for some cookies can be implied from a user’s action or inaction.
  • 18. Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 1: Assess use of cookies • Step 2: Identify necessity / intrusiveness • Step 3: Enhance disclosures • Step 4: Implement a consent strategy
  • 19. Data Protection and the New EU Cookie Regime Step 1. Assess use of cookies
  • 20. Data Protection and the New EU Cookie Regime Step 2. Assess intrusiveness Points to consider: 2. Cookie purpose Session 3. Cookie expiry 4. Website itself 1st party session cookie 3rd party session cookie 5. Flash cookies (e.g. language preference) (e.g. secure payment) 1st party 3rd party 1st party persistent cookie (e.g. website analytics) 3rd party persistent cookie (e.g. targeted advertising) Persistent
  • 21. Data Protection and the New EU Cookie Regime Step 3. Enhance disclosures …the benefits of data minimisation!
  • 22. Data Protection and the New EU Cookie Regime Step 4: Implement a consent strategy ICO Guidance on the rules on use of cookies and similar technologies December 2011 The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as: ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’. Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.
  • 23. Data Protection and the New EU Cookie Regime Step 4: Implement a consent strategy • No certainty as to what will be required • Pop-up windows? Consent Banners? • Implied consent? • Limited intrusiveness • Enhanced notice • Real control
  • 24. Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 5: Other practical measures • Always provide an opt out • Cookies • Anonymise and encrypt • Use session cookies vs. persistent cookies • Reduce cookie expiry periods • Remove redundant cookies • Identify quick wins • Website registration / other customer interaction points • Mobile app download / opening
  • 25. Data Protection and the New EU Cookie Regime Complying with cookie legislation • Step 5: Other practical measures (cont): • Internal processes / procedures • Implement internal standards for authorising new cookie use • Identify who should authorise – legal, IT, marketing? • Consider a ‘one in, one out’ approach • Maintain a cookie log + require periodic review • Third party providers (ad networks / analytics etc.) • Due diligence – do your providers observe good data hygiene standards? • Apportion compliance responsibility • Ensure contract reflects agreed roles • Don’t accept bad behaviour • Role of self-regulatory compliance / market practice
  • 26. Data Protection and the New EU Cookie Regime Cookie transparency 1. Highlight new information to visitors 2. Be more descriptive
  • 27. Data Protection and the New EU Cookie Regime Cookies Express consent models
  • 28. Data Protection and the New EU Cookie Regime Cookies Express consent models
  • 29. Data Protection and the New EU Cookie Regime Cookies Implied consent models
  • 30. Data Protection and the New EU Cookie Regime Cookies Practical example
  • 31. Data Protection and the New EU Cookie Regime Cookies Practical example
  • 32. Data Protection and the New EU Cookie Regime Cookies Practical example
  • 33. Data Protection and the New EU Cookie Regime Cookies Practical example