SlideShare a Scribd company logo

Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw business

DDMA
DDMA

This document discusses how privacy regulation may impact businesses in 2012. It provides a brief history of US privacy law and discusses the rise of privacy legislation at both the federal and state levels. With legislative inaction at the federal level, the FTC has taken a more aggressive stance in privacy enforcement. The document analyzes several proposed privacy bills and regulations that may be enacted in 2012, including bills addressing data breach notification, do not track, geolocation privacy, and revisions to COPPA. Businesses are advised to prepare for increased privacy regulation by taking a "privacy by design" approach.

TechnologyNews & Politics
1 of 48
How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco
Legal Disclaimer This presentation is intended for general informational purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances, nor is it intended to address specific legal compliance issues that may arise in particular circumstances. Please consult counsel concerning your own situation and any specific legal questions you may have. The thoughts and opinions expressed in this presentation are those of the individual presenters and do not necessarily reflect the official or unofficial thoughts or opinions of their employers. For further information regarding this presentation, please contact the presenter(s) listed in the presentation. Unless otherwise noted, all original content in this presentation is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License available at: http://creativecommons.org/licenses/by-sa/3.0/us.
How Will Privacy Regulation Impact Your Business In 2012? I. Brief History of US Privacy Law II. A Flurry of Proposed US Privacy Legislation III. Legislative Vacuum = More Aggressive FTC IV. New COPPA Rules: What To Expect V. Privacy Litigation On The Rise VI. How To Prepare: Privacy By Design
The Right to Privacy: US • No Right of Privacy in US Constitution • Nevertheless, a right has been implied from the 4th Amendment and general protections for life, liberty, etc. (Penumbral Theory) • “The Right to Privacy,” Harvard Law Review, Brandeis (1890) – “The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.” • Olmstead v. United States, 277 U.S. 438, 478-9 (1928) (Brandeis, dissenting) – Defined the right of privacy as the “right to be left alone.”
The Right to Privacy: US • Historically, right to privacy = right to be free from intrusion in one’s home – Rowan v. United States Post Office Dep’t, 397 U.S. 728 (1970) (upholding Do Not Mail because ‘‘[t]o hold less would tend to license a form of trespass and would make hardly more sense than to say that a radio or television viewer may not twist the dial to cut off an offensive... communication... entering his home.’’) – Mainstream Mktg. Servs. v. FTC, 358 F. 3d 1228, 1238 (10th Cir. 2004) (upholding Do Not Call: “the State’s interest in protecting the well-being, tranquility, and privacy of the home is certainly of the highest order in a free and civilized society.”
Congress Begins to Recognize Right of Privacy in Information • Fair Credit Reporting Act of 1970 (granted limited right to access, dispute and correct credit information; limits on sharing of credit info) • Electronic Communications Privacy Act of 1986 (restricts intercepts of electronic communications, stored data) • Video Privacy Protection Act of 1988 (prohibits video service providers from disclosing rental or purchase info) • Drivers Privacy Protection Act of 1994 (prohibits DMV from sharing motor vehicle data with marketers w/o consent)
Targeted Approach: Health and Financial Data • HIPAA (1996) (requires express consent to share health data other than for treatment, payment or healthcare operations) (ARRA & HiTech) • Gramm-Leach-Bliley (1999) (applies to financial institutions; requires notice to share w/ affiliates; for 3rd parties, must allow opt-out) • Fair and Accurate Credit Transactions Act of 2003 (added Affiliate Marketing Rule to FCRA- requires notice and opt-out to share “eligibility information,” including “personal characteristics or mode of living”)
Regulation of Online Data Collection • Children’s Online Privacy Protection Act of 1998 (COPPA) – Marks new era of privacy regulation – For the first time, limits collection of online data for marketing purposes – Relatively non-controversial, but creates a slippery slope
Following COPPA, Period of Legislative Inactivity, Emphasis On Self-Regulation • Tremendous technological growth, legislative inactivity = marketing bad apples • Direct marketing industry creates strong self- regulatory model to stave off regulation • DMA Guidelines for Ethical Business Practice • IAB: Interactive Advertising Privacy Principles • NAI: Self-Regulatory Code of Conduct and Enforcement Procedure • Third Party Certification Programs E.g.,
EU Adopts Comprehensive Privacy Scheme • EU jumps in head first – EU Data Protection Directive (95/46/EC) – EU Privacy Directive (2002/58/EC) • Express recognition of right of privacy in personal data • Comprehensive, rather than piecemeal approach • But extremely burdensome restrictions on business, marketing industry – EU “Cookie Rules” (2009/136/EC) • Prior consent for cookies
2008 – 2010: Begins bi-partisan push toward privacy legislation • High profile privacy snafus (e.g. Facebook, Rapleaf) lead to calls for Congressional action • Handful of bills introduced, but garner little traction (Boucher/Stearns) • Self-regulatory efforts instrumental in keeping legislation at bay • But momentum builds in 2010
Meanwhile, Legislative Inactivity Leads to Aggressive Enforcement by FTC • High profile FTC enforcement actions – COPPA (Sony BMG; Mrs. Fields) – Data security/data disposal (CVS; TJ Maxx) – Deceptive data collection (Sears “My SHC”) – FTC Endorsement/Blogger Rules (Ann Taylor)
Meanwhile, Legislative Inactivity Leads to Aggressive Enforcement by FTC • FTC Saber-Rattling (Leibowitz) – 2007: "The marketplace alone may not be able to solve all problems inherent in behavioral marketing.” – 2010: "I think opt-in generally protects consumers' privacy better than opt-out, under most circumstances. . . . I don't think it undermines a company's ability to get the information it needs to advertise back to consumers.” – 2010: Report on Online Behavioral Marketing • Endorsed Do-Not-Track • Opt-in for Sensitive Data • Precise geolocation data
Federal Inactivity Also Leads to Patchwork of State Data Security Laws • Dozens of states enact data breach legislation • California enacts OPPA, require privacy policy for any business collecting data from Californians • Mass., Minnesota, Nevada data security laws (encryption, WISP)
2011: Year of Federal Privacy Legislation? • Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (“BEST PRACTICES” Act) (H.R. 611) Rush (D-IL) (2/10/2011) • The Do Not Track Me Online Act of 2011 (H.R. 654) Speier (D-CA) (2/11/2011) • The Financial Information Privacy Act of 2011 (H.R. 653) Speier (D-CA) (2/11/2011) • Commercial Privacy Bill of Rights Act of 2011 (S. 799) John Kerry (D-MA) and John McCain (R-AZ) (4/12/2011) • Consumer Privacy Protection Act of 2011 (H.R. 1528) Stearns (R-FL) Matheson (D-UT) (4/13/2011) • Data Accountability and Trust Act (H.R. 1701) Bobby L. Rush (D-IL) (5/4/2011) • Do-Not-Track Online Act of 2011 (S. 913) Rockefeller (D-WV) (5/9/2011) • Data Accountability and Trust Act of 2011 (H.R. 1841) Stearns (R-FL) and (5/11/2011) • Do Not Track Kids Act of 2011 (H.R. 1895) Markey (D-MA) Barton (R-TX) (5/13/2011)
2011: Year of Data Privacy Legislation? • Electronic Communications Privacy Act Amendments Act of 2011 (S. 1011) Leahy (D-VT) (5/17/2011) • Personal Data Privacy and Security Act of 2011 (S.1151) Leahy (D-VT), Franken (D-Minn.) and Schumer (D-N.Y.) (5/17/2011) • Geolocation Privacy and Surveillance ("GPS") Act (S. 1212) and (H.R.2168) Wyden (D-OR) and Chaffetz (R-Utah) (6/15/2011) • Data Security and Breach Notification Act (S. 1207) Pryor (D-AR) and Rockefeller (D-WV) (6/15/2011) • Location Privacy Protection Act of 2011 (S. 1223) Franken (D-MN) and Blumenthal (D-CT) (6/16/2011) • Secure and Fortify (SAFE) Data Act (H.R. 2577) Bono Mack (R-CA) (7/8/2011) • Proposed amendment to Video Privacy Protection A ct (HR 2471) Goodlatte (7/8/2011) • Data Breach Notification Act of 2011 (S. 1408) Feinstein (D-CA) (7/22/2011) • Protecting Children From Internet Pornographers Act of 2011 (H.R. 1981) Smith (R-TX) (5/25/2011) • Personal Data Protection and Breach Accountability Act of 2011 (S.1535) Blumenthal (D-CT) (9/8/2011)
2011: Year of Data Privacy Legislation? • Nineteen Bills introduced • Partisan gridlock over budget • Zero bills enacted into law • What does this mean for marketers?
What’s a Marketer to Do?
2011: Year of Data Privacy Legislation? • Continued uncertainty • But some trends are clear
Legislation to Watch: Data Privacy • Consumer Privacy Protection Act of 2011 (H.R. 1528) Stearns (R-FL) Matheson (D-UT) – PII includes IP address plus traditional PII – Prior notice/opt-out required for use “unrelated to a transaction” or upon material change to policy – Allows FTC approved safe harbors – No private right of action/no state AG – Preempts state law
Legislation to Watch: Data Privacy • Commercial Privacy Bill of Rights Act of 2011 (S. 799) John Kerry (D-MA) and John McCain (R-AZ) – PII includes unique identifiers, biometric and precise geolocation – Notice and Opt-out/Opt-in for sensitive data/third party transfer if material change – 1st party marketing/site optimization not unauthorized use – FTC security rules – No private right of action – Federal preemption of state laws – Safe harbors
Legislation to Watch: Data Breach • Personal Data Privacy and Security Act of 2011 (S.1151) Leahy (D-VT), Franken (D-Minn.) and Schumer (D-N.Y.) – Data security/accuracy requirements for data brokers (PII on 10,000 persons, excludes FCRA/HIPAA/GLB regulated entities) – Breach notification w/ FTC safe harbor exemption – Preempts state law – No Private Right of Action – Scraping safe harbor (amends CFAA)
Legislation to Watch: Data Breach • Data Breach Notification Act of 2011 (S. 1408) Feinstein (D-CA) – Narrow focus on data breach notification – Safe harbor exemption from notification requirement if company conducts risk assessment and is able to demonstrate to the Federal Trade Commission that there is no significant risk of harm to individuals affected by a security breach – No private right of action
Legislation to Watch: Do Not Track • The Do Not Track Me Online Act of 2011 (H.R. 654) Speier – Requires FTC to create Do Not Track rules – Includes IP address and persistent identifiers – Doesn’t preempt tougher state laws • Do-Not-Track Online Act of 2011 (S. 913) Rockefeller – Requires FTC to create Do Not Track – Leaves to FTC to determine covered info – No state law preemption
Legislation to Watch: Geolocation • Geolocation Privacy and Surveillance ("GPS") Act (S. 1212) and (H.R.2168) Wyden (D-OR) and Chaffetz (R-Utah) – Prohibits interception of geolocation info without prior consent (parental exception) – Creates private right of action for damages/profits • Location Privacy Protection Act of 2011 (S. 1223) Franken (D-MN) and Blumenthal (D-CT) – Prohibits collection of geolocation info w/o express affirmative consent – Private right of action for damages/punitives
Legislation to Watch in 2012 • Do Not Track Kids Act of 2011 (H.R. 1895) Markey (D-MA) Barton (R-TX) – Expressly extends COPPA to mobile applications – Prohibits site, mobile app from “using, disclosing or compiling” data on children or minors (13 to 17 yrs) for targeted marketing purposes or geolocation w/o express affirmative consent – No collection of any data from minors without adopting Digital Marketing Bill of Rights for Teens • Fair Information Practices Principles established by this Act; • “balances the ability of minors to participate in the digital media culture with the governmental and industry obligation to ensure that such operators do not subject minors to unfair and deceptive surveillance, data collection, or behavioral profiling.”
Legislation to Watch: VPPA • Amendment to Video Privacy Protection Act (HR 2471) Goodlatte – Netflix/Facebook exemption from VPPA – Authorizes one-time durable consent to share data re videos
What to expect in 2012: Supercookies • Chairs of Bi-Partisan House Privacy Caucus request FTC investigation into “supercookies” (9/27/2011) – Barton (R-TX) and Markey (D-Mass) call for investigation, say violates § 5 of FTC Act – Barton: “I think supercookies should be outlawed because their existence eats away at consumer choice and privacy.”
What to expect in 2012: COPPA Rules • FTC announces proposed revisions to COPPA Rules (9/15/2011) – Definitions – Notice – Parental consent – Confidentiality and Security of Children’s Personal Information – Safe Harbor Programs • Data minimization requirement
What to expect in 2012: Revision to COPPA Rules • Definitions – Expands definition of “personal information” to include: • IP addresses • customer numbers held in cookies, and • geolocation information.
What to expect in 2012: Revision to COPPA Rules • Notice – Streamlines notice content requirement (moves away from more disclosure is better mantra) • 3 defined categories of information – Requires all operators of an online service or website to provide contact information • Ad networks • Analytics providers • Other content providers
What to expect in 2012: Revision to COPPA Rules • Parental Consent – Proposes eliminating the “email plus” method of obtaining parental consent. – Website operators could seek FTC approval of alternate consent mechanisms. – Goal: allow for new forms of consent as the technology evolves, and encourage innovation in obtaining verifiable consent (e.g. text message; scanned parental signature, credit card)
What to expect in 2012: Revision to COPPA Rules • Confidentiality and security of children’s personal information – Must ensure that service providers/third parties have reasonable procedures to maintain the confidentiality, security and integrity of such personal information.
What to expect in 2012: Revision to COPPA Rules • Safe harbor programs – Additional detail required for safe harbors – Would require approved safe harbor programs to report on oversight of operators – Annual audits of members
Common Threads • National data breach legislation likely • Privacy legislation less likely but possible – Likely to be just-in-time notice and opt-out – Opt-in/express affirmative consent for sensitive data – Likely self-regulatory safe harbors – May prohibit supercookies (flash cookies, HTML5) – Likely to adopt simplified disclosure regime – Unlikely to adopt Do Not Track
FTC Enforcement Actions: Mobile • FTC announces first privacy enforcement action involving mobile apps – Broken Thumbs developed iPhone apps targeted to “younger girls,” “nostalgic adults” (Emily’s Girls World, Emily’s Dress Up) – Apps encouraged girls to email “Emily” their comments, submit “shout outs” to friends and family, ask Emil’s advice, and share “embarrassing” “blush” stories – Allowed children to publicly post information on message boards – BT also collected thousands of email addresses from children
FTC Enforcement Actions: Mobile • FTC alleged violations of COPPA Rule (16 C.F.R. Part 312) despite App Store TOS – Sued both BT and President/56% owner – Failed to provide notice in app as to what info they collect, how they use it, disclosure practices – Failed to provide required “direct notice” to parents – Failed to obtain “verifiable parental consent” before collecting persona information from children
FTC Enforcement Actions: Mobile • Consent Judgment – $50,000 civil penalty – Deletion of all previously collected data – Injunction against further violations – Compliance reporting, record-keeping requirements
FTC Enforcement Actions: Google FTC v. Google, Inc. – FTC charged that by auto enrolling in Google Buzz, Google treated data inconsistently with prior promises, privacy policy – Also, failed to comply with EU safe harbor – Consent judgment: • Compliance program • Self-audits and reporting (20 years)
FTC Enforcement Actions: Text Messages • FTC v. Phil Flora (9/29/2011) – Defendant sent thousands of unsolicited text messages – FTC did not bring under TCPA (not using “automatic telephone dialing system?) – Instead, alleged that SMS messages are subject to CAN-SPAM – Consent judgment
Litigation Developments IMS Health v. Sorrell (6/23/2011): • Vermont law prohibited pharmacies from providing doctor prescribing data to pharmceutical companies for detailing • SCT held law unconstitutional • Law was a content-based and speaker-based restraint on free speech, requiring “heightened” constitutional scrutiny
IMS Health v. Sorrell: Deathknell for Do Not Track? Probably Not: – Vermont law concerned commercial speech (not patient privacy) – Permitted data sharing for purposes other than marketing (sought to limit disfavored opinions) – Speculative benefit • Do Not Track seeks to regulate personal privacy • Arguably content/opinion neutral • Precedent: COPPA, HIPAA, FCRA
What to Expect in 2012: EU Cookie Rules EU to begin Enforcing 2009 Cookie Rules – Require prior notice and consent – France: browser settings not enough. Consent without reference to specific use ineffective • Browser finger printing?
Privacy Litigation: Lots of it but little to show for it In re Google Buzz User Privacy Litigation, Case No. 5:10-CV-00672-JW (N.D. Cal.) (Sept. 03, 2010) – Google sets aside $8.5 million for privacy organizations – Google makes changes "to the Google Buzz user interface that clarify Google Buzz's operation and users' options regarding Google Buzz" – Google agrees to disseminate "wider public education about the privacy aspects of Google Buzz."
Privacy Litigation In re Apple iPhone litigation (9/20/2011) – Class alleged that Apple permitted apps developers to collect/disseiminate for marketing purposes data from users without notice/consent – Judge Koh held that class had not alleged injury- in-fact; i.e. actual damages (Article III standing)
How to Prepare for 2012 Don’t Wait and See: – Privacy by Design • Must analyze data inflows and use at outset of project • Secure personal data (encryption for mobile devices and in transmission – Say what you do and do what you say – Participate in safe harbor – Stay tuned
How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco
How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco

Recommended

How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012
Vivastream
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
Zarrar Siddiqui
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
Joel A. Gómez Treviño
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005
Internet Law Center
 
Amazon Tax Wars
Amazon Tax WarsAmazon Tax Wars
Amazon Tax Wars
Internet Law Center
 
Ecommerce legal exchange beijing
Ecommerce legal exchange beijingEcommerce legal exchange beijing
Ecommerce legal exchange beijing
Internet Law Center
 

Recommended

How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012
Vivastream
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
Zarrar Siddiqui
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
Joel A. Gómez Treviño
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005
Internet Law Center
 
Amazon Tax Wars
Amazon Tax WarsAmazon Tax Wars
Amazon Tax Wars
Internet Law Center
 
Ecommerce legal exchange beijing
Ecommerce legal exchange beijingEcommerce legal exchange beijing
Ecommerce legal exchange beijing
Internet Law Center
 
C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315
Colin Zick
 
Cloud primer
Cloud primerCloud primer
Cloud primer
Zeno Idzerda
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_Overview
Brian Berger
 
Analyzinglegislation
AnalyzinglegislationAnalyzinglegislation
Analyzinglegislation
Dr. TJ Wolfe
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
lilianedwards
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
FLUZO
 
SOPA
SOPASOPA
SOPA
Divam Goyal
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
Lance Hoffman
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
E-commerce Course of Boğaziçi University
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
duffeeandeitzen
 
Uga Social Media Privacy June2011
Uga Social Media Privacy June2011Uga Social Media Privacy June2011
Uga Social Media Privacy June2011
Deborah Gonzalez, Esq.
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud Computing
AIIM International
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
Lamont Lum
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
Now Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
Now Dentons
 
Legislative Update - TIP Monthly Call
Legislative Update - TIP Monthly CallLegislative Update - TIP Monthly Call
Legislative Update - TIP Monthly Call
Internet Law Center
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
Klemchuk LLP
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
RobbieA
 
DM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeldDM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeld
DDMA
 
Geoscape hispanic florida growth v2
Geoscape hispanic florida growth v2Geoscape hispanic florida growth v2
Geoscape hispanic florida growth v2
Dan Austin
 

More Related Content

What's hot

C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315
Colin Zick
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_Overview
Brian Berger
 
Analyzinglegislation
AnalyzinglegislationAnalyzinglegislation
Analyzinglegislation
Dr. TJ Wolfe
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
RobbieA
 

What's hot (20)

C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_Overview
 
Analyzinglegislation
AnalyzinglegislationAnalyzinglegislation
Analyzinglegislation
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
 
SOPA
SOPASOPA
SOPA
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Uga Social Media Privacy June2011
Uga Social Media Privacy June2011Uga Social Media Privacy June2011
Uga Social Media Privacy June2011
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud Computing
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
Legislative Update - TIP Monthly Call
Legislative Update - TIP Monthly CallLegislative Update - TIP Monthly Call
Legislative Update - TIP Monthly Call
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
 

Viewers also liked

DM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeldDM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeld
DDMA
 
DDMA Nationale E-mail Benchmark 2014
DDMA Nationale E-mail Benchmark 2014DDMA Nationale E-mail Benchmark 2014
DDMA Nationale E-mail Benchmark 2014
DDMA
 
Nationale E-mail Benchmark 2013
Nationale E-mail Benchmark 2013Nationale E-mail Benchmark 2013
Nationale E-mail Benchmark 2013
DDMA
 
DDMA Usability onderzoek e-mailnieuwsbrieven
DDMA Usability onderzoek e-mailnieuwsbrievenDDMA Usability onderzoek e-mailnieuwsbrieven
DDMA Usability onderzoek e-mailnieuwsbrieven
DDMA
 

Viewers also liked (7)

DM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeldDM Barometer Special - Mobile mysteries ontrafeld
DM Barometer Special - Mobile mysteries ontrafeld
 
Geoscape hispanic florida growth v2
Geoscape hispanic florida growth v2Geoscape hispanic florida growth v2
Geoscape hispanic florida growth v2
 
DDMA Nationale E-mail Benchmark 2014
DDMA Nationale E-mail Benchmark 2014DDMA Nationale E-mail Benchmark 2014
DDMA Nationale E-mail Benchmark 2014
 
Nationale E-mail Benchmark 2013
Nationale E-mail Benchmark 2013Nationale E-mail Benchmark 2013
Nationale E-mail Benchmark 2013
 
DDMA Usability onderzoek e-mailnieuwsbrieven
DDMA Usability onderzoek e-mailnieuwsbrievenDDMA Usability onderzoek e-mailnieuwsbrieven
DDMA Usability onderzoek e-mailnieuwsbrieven
 
DM Barometer - De marketeer in 2015
DM Barometer - De marketeer in 2015DM Barometer - De marketeer in 2015
DM Barometer - De marketeer in 2015
 
DM Barometer - Social marketing, puberaal of volwassen?
DM Barometer - Social marketing, puberaal of volwassen?DM Barometer - Social marketing, puberaal of volwassen?
DM Barometer - Social marketing, puberaal of volwassen?
 

Similar to Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw business

[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10
Welly Tjoe
 

Similar to Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw business (20)

Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Chap 4 (1)
Chap 4 (1)Chap 4 (1)
Chap 4 (1)
 
Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6 Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6
 
Privacy 101
Privacy 101Privacy 101
Privacy 101
 
Pls780 week 2
Pls780 week 2Pls780 week 2
Pls780 week 2
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
Consumer Privacy Online | JMC 8416
Consumer Privacy Online | JMC 8416Consumer Privacy Online | JMC 8416
Consumer Privacy Online | JMC 8416
 
Tech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataTech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social Data
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Data Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick BellData Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick Bell
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10
 

More from DDMA

DM Barometer Special - Is data een kritische succesfactor
DM Barometer Special - Is data een kritische succesfactorDM Barometer Special - Is data een kritische succesfactor
DM Barometer Special - Is data een kritische succesfactor
DDMA
 
DM Barometer Special - De stand van loyalty
DM Barometer Special - De stand van loyaltyDM Barometer Special - De stand van loyalty
DM Barometer Special - De stand van loyalty
DDMA
 
DM Barometer Special - De marketeer in 2014
DM Barometer Special - De marketeer in 2014DM Barometer Special - De marketeer in 2014
DM Barometer Special - De marketeer in 2014
DDMA
 
DM Barometer - Search marketing
DM Barometer - Search marketingDM Barometer - Search marketing
DM Barometer - Search marketing
DDMA
 
DM Barometer - Special: De marketeer in 2013
DM Barometer - Special: De marketeer in 2013DM Barometer - Special: De marketeer in 2013
DM Barometer - Special: De marketeer in 2013
DDMA
 
DM Barometer - Special: Zoekmachine marketing
DM Barometer - Special: Zoekmachine marketingDM Barometer - Special: Zoekmachine marketing
DM Barometer - Special: Zoekmachine marketing
DDMA
 
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
DDMA
 
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
DDMA
 
DDMA Nationale E-mail Benchmark 2011
DDMA Nationale E-mail Benchmark 2011DDMA Nationale E-mail Benchmark 2011
DDMA Nationale E-mail Benchmark 2011
DDMA
 
Ppt jaarplan 2012 commissie onderzoek & educatie
Ppt jaarplan 2012 commissie onderzoek & educatiePpt jaarplan 2012 commissie onderzoek & educatie
Ppt jaarplan 2012 commissie onderzoek & educatie
DDMA
 
Ppt jaarplan 2012 cie. events & awards
Ppt jaarplan 2012 cie. events & awardsPpt jaarplan 2012 cie. events & awards
Ppt jaarplan 2012 cie. events & awards
DDMA
 
Ppt jaarplan 2012 commissie kennis & redactie
Ppt jaarplan 2012 commissie kennis & redactiePpt jaarplan 2012 commissie kennis & redactie
Ppt jaarplan 2012 commissie kennis & redactie
DDMA
 
Jaarplan 2012 commissie esp's
Jaarplan 2012 commissie esp'sJaarplan 2012 commissie esp's
Jaarplan 2012 commissie esp's
DDMA
 
DM Barometer - Special: Telemarketing
DM Barometer - Special: TelemarketingDM Barometer - Special: Telemarketing
DM Barometer - Special: Telemarketing
DDMA
 
DDMA 21 juni 2011 - sexy email event - RPost
DDMA 21 juni 2011 - sexy email event - RPostDDMA 21 juni 2011 - sexy email event - RPost
DDMA 21 juni 2011 - sexy email event - RPost
DDMA
 

More from DDMA (20)

DM Barometer Special - Is data een kritische succesfactor
DM Barometer Special - Is data een kritische succesfactorDM Barometer Special - Is data een kritische succesfactor
DM Barometer Special - Is data een kritische succesfactor
 
DM Barometer Special - De stand van loyalty
DM Barometer Special - De stand van loyaltyDM Barometer Special - De stand van loyalty
DM Barometer Special - De stand van loyalty
 
DM Barometer Special - De marketeer in 2014
DM Barometer Special - De marketeer in 2014DM Barometer Special - De marketeer in 2014
DM Barometer Special - De marketeer in 2014
 
DM Barometer - Search marketing
DM Barometer - Search marketingDM Barometer - Search marketing
DM Barometer - Search marketing
 
DM Barometer - Special: De marketeer in 2013
DM Barometer - Special: De marketeer in 2013DM Barometer - Special: De marketeer in 2013
DM Barometer - Special: De marketeer in 2013
 
DM Barometer - Special: Zoekmachine marketing
DM Barometer - Special: Zoekmachine marketingDM Barometer - Special: Zoekmachine marketing
DM Barometer - Special: Zoekmachine marketing
 
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
DM Barometer - Special: Geen fabels maar feiten over e-mail (editie 2012)
 
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
Trendonderzoek dialoogmedia - editie 2012 (Samenvatting)
 
DDMA Nationale E-mail Benchmark 2011
DDMA Nationale E-mail Benchmark 2011DDMA Nationale E-mail Benchmark 2011
DDMA Nationale E-mail Benchmark 2011
 
DDMA vooorlichting Code Social Media marketing code juni 2012
DDMA vooorlichting Code Social Media marketing code juni 2012DDMA vooorlichting Code Social Media marketing code juni 2012
DDMA vooorlichting Code Social Media marketing code juni 2012
 
Ppt jaarplan 2012 commissie onderzoek & educatie
Ppt jaarplan 2012 commissie onderzoek & educatiePpt jaarplan 2012 commissie onderzoek & educatie
Ppt jaarplan 2012 commissie onderzoek & educatie
 
Ppt jaarplan 2012 cie. events & awards
Ppt jaarplan 2012 cie. events & awardsPpt jaarplan 2012 cie. events & awards
Ppt jaarplan 2012 cie. events & awards
 
Ppt jaarplan 2012 commissie kennis & redactie
Ppt jaarplan 2012 commissie kennis & redactiePpt jaarplan 2012 commissie kennis & redactie
Ppt jaarplan 2012 commissie kennis & redactie
 
Jaarplan 2012 commissie esp's
Jaarplan 2012 commissie esp'sJaarplan 2012 commissie esp's
Jaarplan 2012 commissie esp's
 
DDMA Dialogue Challenge 2012 - Presentatie Privacy & Wetgeving - Jitty van Do...
DDMA Dialogue Challenge 2012 - Presentatie Privacy & Wetgeving - Jitty van Do...DDMA Dialogue Challenge 2012 - Presentatie Privacy & Wetgeving - Jitty van Do...
DDMA Dialogue Challenge 2012 - Presentatie Privacy & Wetgeving - Jitty van Do...
 
DDMA Dialogue Challenge 2012 - Presentatie Social - Michiel van Galen Finchline
DDMA Dialogue Challenge 2012 - Presentatie Social - Michiel van Galen FinchlineDDMA Dialogue Challenge 2012 - Presentatie Social - Michiel van Galen Finchline
DDMA Dialogue Challenge 2012 - Presentatie Social - Michiel van Galen Finchline
 
DDMA Dialogue Challenge - Presentatie Telemarketing - Roy Milder Annie Connect
DDMA Dialogue Challenge - Presentatie Telemarketing - Roy Milder Annie ConnectDDMA Dialogue Challenge - Presentatie Telemarketing - Roy Milder Annie Connect
DDMA Dialogue Challenge - Presentatie Telemarketing - Roy Milder Annie Connect
 
DDMA Dialogue Challenge 2012 - Prestentatie Search - Wouter Theijsmeijer Emat...
DDMA Dialogue Challenge 2012 - Prestentatie Search - Wouter Theijsmeijer Emat...DDMA Dialogue Challenge 2012 - Prestentatie Search - Wouter Theijsmeijer Emat...
DDMA Dialogue Challenge 2012 - Prestentatie Search - Wouter Theijsmeijer Emat...
 
DM Barometer - Special: Telemarketing
DM Barometer - Special: TelemarketingDM Barometer - Special: Telemarketing
DM Barometer - Special: Telemarketing
 
DDMA 21 juni 2011 - sexy email event - RPost
DDMA 21 juni 2011 - sexy email event - RPostDDMA 21 juni 2011 - sexy email event - RPost
DDMA 21 juni 2011 - sexy email event - RPost
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw business

  • 1. How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco
  • 2. Legal Disclaimer This presentation is intended for general informational purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances, nor is it intended to address specific legal compliance issues that may arise in particular circumstances. Please consult counsel concerning your own situation and any specific legal questions you may have. The thoughts and opinions expressed in this presentation are those of the individual presenters and do not necessarily reflect the official or unofficial thoughts or opinions of their employers. For further information regarding this presentation, please contact the presenter(s) listed in the presentation. Unless otherwise noted, all original content in this presentation is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License available at: http://creativecommons.org/licenses/by-sa/3.0/us.
  • 3. How Will Privacy Regulation Impact Your Business In 2012? I. Brief History of US Privacy Law II. A Flurry of Proposed US Privacy Legislation III. Legislative Vacuum = More Aggressive FTC IV. New COPPA Rules: What To Expect V. Privacy Litigation On The Rise VI. How To Prepare: Privacy By Design
  • 4. The Right to Privacy: US • No Right of Privacy in US Constitution • Nevertheless, a right has been implied from the 4th Amendment and general protections for life, liberty, etc. (Penumbral Theory) • “The Right to Privacy,” Harvard Law Review, Brandeis (1890) – “The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.” • Olmstead v. United States, 277 U.S. 438, 478-9 (1928) (Brandeis, dissenting) – Defined the right of privacy as the “right to be left alone.”
  • 5. The Right to Privacy: US • Historically, right to privacy = right to be free from intrusion in one’s home – Rowan v. United States Post Office Dep’t, 397 U.S. 728 (1970) (upholding Do Not Mail because ‘‘[t]o hold less would tend to license a form of trespass and would make hardly more sense than to say that a radio or television viewer may not twist the dial to cut off an offensive... communication... entering his home.’’) – Mainstream Mktg. Servs. v. FTC, 358 F. 3d 1228, 1238 (10th Cir. 2004) (upholding Do Not Call: “the State’s interest in protecting the well-being, tranquility, and privacy of the home is certainly of the highest order in a free and civilized society.”
  • 6. Congress Begins to Recognize Right of Privacy in Information • Fair Credit Reporting Act of 1970 (granted limited right to access, dispute and correct credit information; limits on sharing of credit info) • Electronic Communications Privacy Act of 1986 (restricts intercepts of electronic communications, stored data) • Video Privacy Protection Act of 1988 (prohibits video service providers from disclosing rental or purchase info) • Drivers Privacy Protection Act of 1994 (prohibits DMV from sharing motor vehicle data with marketers w/o consent)
  • 7. Targeted Approach: Health and Financial Data • HIPAA (1996) (requires express consent to share health data other than for treatment, payment or healthcare operations) (ARRA & HiTech) • Gramm-Leach-Bliley (1999) (applies to financial institutions; requires notice to share w/ affiliates; for 3rd parties, must allow opt-out) • Fair and Accurate Credit Transactions Act of 2003 (added Affiliate Marketing Rule to FCRA- requires notice and opt-out to share “eligibility information,” including “personal characteristics or mode of living”)
  • 8. Regulation of Online Data Collection • Children’s Online Privacy Protection Act of 1998 (COPPA) – Marks new era of privacy regulation – For the first time, limits collection of online data for marketing purposes – Relatively non-controversial, but creates a slippery slope
  • 9. Following COPPA, Period of Legislative Inactivity, Emphasis On Self-Regulation • Tremendous technological growth, legislative inactivity = marketing bad apples • Direct marketing industry creates strong self- regulatory model to stave off regulation • DMA Guidelines for Ethical Business Practice • IAB: Interactive Advertising Privacy Principles • NAI: Self-Regulatory Code of Conduct and Enforcement Procedure • Third Party Certification Programs E.g.,
  • 10. EU Adopts Comprehensive Privacy Scheme • EU jumps in head first – EU Data Protection Directive (95/46/EC) – EU Privacy Directive (2002/58/EC) • Express recognition of right of privacy in personal data • Comprehensive, rather than piecemeal approach • But extremely burdensome restrictions on business, marketing industry – EU “Cookie Rules” (2009/136/EC) • Prior consent for cookies
  • 11. 2008 – 2010: Begins bi-partisan push toward privacy legislation • High profile privacy snafus (e.g. Facebook, Rapleaf) lead to calls for Congressional action • Handful of bills introduced, but garner little traction (Boucher/Stearns) • Self-regulatory efforts instrumental in keeping legislation at bay • But momentum builds in 2010
  • 12. Meanwhile, Legislative Inactivity Leads to Aggressive Enforcement by FTC • High profile FTC enforcement actions – COPPA (Sony BMG; Mrs. Fields) – Data security/data disposal (CVS; TJ Maxx) – Deceptive data collection (Sears “My SHC”) – FTC Endorsement/Blogger Rules (Ann Taylor)
  • 13. Meanwhile, Legislative Inactivity Leads to Aggressive Enforcement by FTC • FTC Saber-Rattling (Leibowitz) – 2007: "The marketplace alone may not be able to solve all problems inherent in behavioral marketing.” – 2010: "I think opt-in generally protects consumers' privacy better than opt-out, under most circumstances. . . . I don't think it undermines a company's ability to get the information it needs to advertise back to consumers.” – 2010: Report on Online Behavioral Marketing • Endorsed Do-Not-Track • Opt-in for Sensitive Data • Precise geolocation data
  • 14. Federal Inactivity Also Leads to Patchwork of State Data Security Laws • Dozens of states enact data breach legislation • California enacts OPPA, require privacy policy for any business collecting data from Californians • Mass., Minnesota, Nevada data security laws (encryption, WISP)
  • 15. 2011: Year of Federal Privacy Legislation? • Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (“BEST PRACTICES” Act) (H.R. 611) Rush (D-IL) (2/10/2011) • The Do Not Track Me Online Act of 2011 (H.R. 654) Speier (D-CA) (2/11/2011) • The Financial Information Privacy Act of 2011 (H.R. 653) Speier (D-CA) (2/11/2011) • Commercial Privacy Bill of Rights Act of 2011 (S. 799) John Kerry (D-MA) and John McCain (R-AZ) (4/12/2011) • Consumer Privacy Protection Act of 2011 (H.R. 1528) Stearns (R-FL) Matheson (D-UT) (4/13/2011) • Data Accountability and Trust Act (H.R. 1701) Bobby L. Rush (D-IL) (5/4/2011) • Do-Not-Track Online Act of 2011 (S. 913) Rockefeller (D-WV) (5/9/2011) • Data Accountability and Trust Act of 2011 (H.R. 1841) Stearns (R-FL) and (5/11/2011) • Do Not Track Kids Act of 2011 (H.R. 1895) Markey (D-MA) Barton (R-TX) (5/13/2011)
  • 16. 2011: Year of Data Privacy Legislation? • Electronic Communications Privacy Act Amendments Act of 2011 (S. 1011) Leahy (D-VT) (5/17/2011) • Personal Data Privacy and Security Act of 2011 (S.1151) Leahy (D-VT), Franken (D-Minn.) and Schumer (D-N.Y.) (5/17/2011) • Geolocation Privacy and Surveillance ("GPS") Act (S. 1212) and (H.R.2168) Wyden (D-OR) and Chaffetz (R-Utah) (6/15/2011) • Data Security and Breach Notification Act (S. 1207) Pryor (D-AR) and Rockefeller (D-WV) (6/15/2011) • Location Privacy Protection Act of 2011 (S. 1223) Franken (D-MN) and Blumenthal (D-CT) (6/16/2011) • Secure and Fortify (SAFE) Data Act (H.R. 2577) Bono Mack (R-CA) (7/8/2011) • Proposed amendment to Video Privacy Protection A ct (HR 2471) Goodlatte (7/8/2011) • Data Breach Notification Act of 2011 (S. 1408) Feinstein (D-CA) (7/22/2011) • Protecting Children From Internet Pornographers Act of 2011 (H.R. 1981) Smith (R-TX) (5/25/2011) • Personal Data Protection and Breach Accountability Act of 2011 (S.1535) Blumenthal (D-CT) (9/8/2011)
  • 17. 2011: Year of Data Privacy Legislation? • Nineteen Bills introduced • Partisan gridlock over budget • Zero bills enacted into law • What does this mean for marketers?
  • 19. 2011: Year of Data Privacy Legislation? • Continued uncertainty • But some trends are clear
  • 20. Legislation to Watch: Data Privacy • Consumer Privacy Protection Act of 2011 (H.R. 1528) Stearns (R-FL) Matheson (D-UT) – PII includes IP address plus traditional PII – Prior notice/opt-out required for use “unrelated to a transaction” or upon material change to policy – Allows FTC approved safe harbors – No private right of action/no state AG – Preempts state law
  • 21. Legislation to Watch: Data Privacy • Commercial Privacy Bill of Rights Act of 2011 (S. 799) John Kerry (D-MA) and John McCain (R-AZ) – PII includes unique identifiers, biometric and precise geolocation – Notice and Opt-out/Opt-in for sensitive data/third party transfer if material change – 1st party marketing/site optimization not unauthorized use – FTC security rules – No private right of action – Federal preemption of state laws – Safe harbors
  • 22. Legislation to Watch: Data Breach • Personal Data Privacy and Security Act of 2011 (S.1151) Leahy (D-VT), Franken (D-Minn.) and Schumer (D-N.Y.) – Data security/accuracy requirements for data brokers (PII on 10,000 persons, excludes FCRA/HIPAA/GLB regulated entities) – Breach notification w/ FTC safe harbor exemption – Preempts state law – No Private Right of Action – Scraping safe harbor (amends CFAA)
  • 23. Legislation to Watch: Data Breach • Data Breach Notification Act of 2011 (S. 1408) Feinstein (D-CA) – Narrow focus on data breach notification – Safe harbor exemption from notification requirement if company conducts risk assessment and is able to demonstrate to the Federal Trade Commission that there is no significant risk of harm to individuals affected by a security breach – No private right of action
  • 24. Legislation to Watch: Do Not Track • The Do Not Track Me Online Act of 2011 (H.R. 654) Speier – Requires FTC to create Do Not Track rules – Includes IP address and persistent identifiers – Doesn’t preempt tougher state laws • Do-Not-Track Online Act of 2011 (S. 913) Rockefeller – Requires FTC to create Do Not Track – Leaves to FTC to determine covered info – No state law preemption
  • 25. Legislation to Watch: Geolocation • Geolocation Privacy and Surveillance ("GPS") Act (S. 1212) and (H.R.2168) Wyden (D-OR) and Chaffetz (R-Utah) – Prohibits interception of geolocation info without prior consent (parental exception) – Creates private right of action for damages/profits • Location Privacy Protection Act of 2011 (S. 1223) Franken (D-MN) and Blumenthal (D-CT) – Prohibits collection of geolocation info w/o express affirmative consent – Private right of action for damages/punitives
  • 26. Legislation to Watch in 2012 • Do Not Track Kids Act of 2011 (H.R. 1895) Markey (D-MA) Barton (R-TX) – Expressly extends COPPA to mobile applications – Prohibits site, mobile app from “using, disclosing or compiling” data on children or minors (13 to 17 yrs) for targeted marketing purposes or geolocation w/o express affirmative consent – No collection of any data from minors without adopting Digital Marketing Bill of Rights for Teens • Fair Information Practices Principles established by this Act; • “balances the ability of minors to participate in the digital media culture with the governmental and industry obligation to ensure that such operators do not subject minors to unfair and deceptive surveillance, data collection, or behavioral profiling.”
  • 27. Legislation to Watch: VPPA • Amendment to Video Privacy Protection Act (HR 2471) Goodlatte – Netflix/Facebook exemption from VPPA – Authorizes one-time durable consent to share data re videos
  • 28. What to expect in 2012: Supercookies • Chairs of Bi-Partisan House Privacy Caucus request FTC investigation into “supercookies” (9/27/2011) – Barton (R-TX) and Markey (D-Mass) call for investigation, say violates § 5 of FTC Act – Barton: “I think supercookies should be outlawed because their existence eats away at consumer choice and privacy.”
  • 29. What to expect in 2012: COPPA Rules • FTC announces proposed revisions to COPPA Rules (9/15/2011) – Definitions – Notice – Parental consent – Confidentiality and Security of Children’s Personal Information – Safe Harbor Programs • Data minimization requirement
  • 30. What to expect in 2012: Revision to COPPA Rules • Definitions – Expands definition of “personal information” to include: • IP addresses • customer numbers held in cookies, and • geolocation information.
  • 31. What to expect in 2012: Revision to COPPA Rules • Notice – Streamlines notice content requirement (moves away from more disclosure is better mantra) • 3 defined categories of information – Requires all operators of an online service or website to provide contact information • Ad networks • Analytics providers • Other content providers
  • 32. What to expect in 2012: Revision to COPPA Rules • Parental Consent – Proposes eliminating the “email plus” method of obtaining parental consent. – Website operators could seek FTC approval of alternate consent mechanisms. – Goal: allow for new forms of consent as the technology evolves, and encourage innovation in obtaining verifiable consent (e.g. text message; scanned parental signature, credit card)
  • 33. What to expect in 2012: Revision to COPPA Rules • Confidentiality and security of children’s personal information – Must ensure that service providers/third parties have reasonable procedures to maintain the confidentiality, security and integrity of such personal information.
  • 34. What to expect in 2012: Revision to COPPA Rules • Safe harbor programs – Additional detail required for safe harbors – Would require approved safe harbor programs to report on oversight of operators – Annual audits of members
  • 35. Common Threads • National data breach legislation likely • Privacy legislation less likely but possible – Likely to be just-in-time notice and opt-out – Opt-in/express affirmative consent for sensitive data – Likely self-regulatory safe harbors – May prohibit supercookies (flash cookies, HTML5) – Likely to adopt simplified disclosure regime – Unlikely to adopt Do Not Track
  • 36. FTC Enforcement Actions: Mobile • FTC announces first privacy enforcement action involving mobile apps – Broken Thumbs developed iPhone apps targeted to “younger girls,” “nostalgic adults” (Emily’s Girls World, Emily’s Dress Up) – Apps encouraged girls to email “Emily” their comments, submit “shout outs” to friends and family, ask Emil’s advice, and share “embarrassing” “blush” stories – Allowed children to publicly post information on message boards – BT also collected thousands of email addresses from children
  • 37. FTC Enforcement Actions: Mobile • FTC alleged violations of COPPA Rule (16 C.F.R. Part 312) despite App Store TOS – Sued both BT and President/56% owner – Failed to provide notice in app as to what info they collect, how they use it, disclosure practices – Failed to provide required “direct notice” to parents – Failed to obtain “verifiable parental consent” before collecting persona information from children
  • 38. FTC Enforcement Actions: Mobile • Consent Judgment – $50,000 civil penalty – Deletion of all previously collected data – Injunction against further violations – Compliance reporting, record-keeping requirements
  • 39. FTC Enforcement Actions: Google FTC v. Google, Inc. – FTC charged that by auto enrolling in Google Buzz, Google treated data inconsistently with prior promises, privacy policy – Also, failed to comply with EU safe harbor – Consent judgment: • Compliance program • Self-audits and reporting (20 years)
  • 40. FTC Enforcement Actions: Text Messages • FTC v. Phil Flora (9/29/2011) – Defendant sent thousands of unsolicited text messages – FTC did not bring under TCPA (not using “automatic telephone dialing system?) – Instead, alleged that SMS messages are subject to CAN-SPAM – Consent judgment
  • 41. Litigation Developments IMS Health v. Sorrell (6/23/2011): • Vermont law prohibited pharmacies from providing doctor prescribing data to pharmceutical companies for detailing • SCT held law unconstitutional • Law was a content-based and speaker-based restraint on free speech, requiring “heightened” constitutional scrutiny
  • 42. IMS Health v. Sorrell: Deathknell for Do Not Track? Probably Not: – Vermont law concerned commercial speech (not patient privacy) – Permitted data sharing for purposes other than marketing (sought to limit disfavored opinions) – Speculative benefit • Do Not Track seeks to regulate personal privacy • Arguably content/opinion neutral • Precedent: COPPA, HIPAA, FCRA
  • 43. What to Expect in 2012: EU Cookie Rules EU to begin Enforcing 2009 Cookie Rules – Require prior notice and consent – France: browser settings not enough. Consent without reference to specific use ineffective • Browser finger printing?
  • 44. Privacy Litigation: Lots of it but little to show for it In re Google Buzz User Privacy Litigation, Case No. 5:10-CV-00672-JW (N.D. Cal.) (Sept. 03, 2010) – Google sets aside $8.5 million for privacy organizations – Google makes changes "to the Google Buzz user interface that clarify Google Buzz's operation and users' options regarding Google Buzz" – Google agrees to disseminate "wider public education about the privacy aspects of Google Buzz."
  • 45. Privacy Litigation In re Apple iPhone litigation (9/20/2011) – Class alleged that Apple permitted apps developers to collect/disseiminate for marketing purposes data from users without notice/consent – Judge Koh held that class had not alleged injury- in-fact; i.e. actual damages (Article III standing)
  • 46. How to Prepare for 2012 Don’t Wait and See: – Privacy by Design • Must analyze data inflows and use at outset of project • Secure personal data (encryption for mobile devices and in transmission – Say what you do and do what you say – Participate in safe harbor – Stay tuned
  • 47. How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco
  • 48. How Will Privacy Regulation Impact Your Business In 2012? Daniel T. Rockey, Esq., CIPP Holme, Roberts & Owen LLP San Francisco