28 April 2010




BEHAVIORAL TARGETING

Recent legal developments




Nicole Wolters Ruckert
nicole.wolters.ruckert@kvdl.nl
Behavioral targeting
•   Three types:
    1. On-site behavioral targeting: Amazon.com
    2. Network behavioral targeting:...
Behavioral Targeting and consequences for ‘John
Doe’
                                              Hello!!




           ...
On-site behavioral targeting




        • Visits Amazon.com to order a book
        • Amazon places a cookie at the deskt...
Network behavioral targeting




      • John Doe is looking for a partner and registers on Lexa datingsite
      • Lexa i...
ISP behavioral targeting




       • John Doe is a subscriber of a telecoms provider
       • John’s use of the Internet ...
Behavioral targeting: all about the cookies
• Artikel 4.1. Dutch Decision Universal Service on cookies


   Storage of coo...
Current Dutch regulation: upfront information
•   Elements of the obligation to inform
    1. ‘Upfront information’: theor...
Behavioral targeting: new regulation
New article 5 sub 3 E-privacy Directive
  • Cookies are allowed if the subscriber or ...
Behavioral targeting: new regulation
•   Position EDPS 18 March 2010
    •   On network behavioral targeting
    •   Probl...
Behavioral targeting: Cookies: personal data?

 • Advice Article 29 Working Group (WP 148)
 • Any cookie with a unique use...
Behavioral targeting: Directive on Data Privacy
1995
Requirements for behavioral targeting?
• Purpose: upfront, specific a...
You want more information?

Nicole.Wolters.Ruckert@kvdl.nl
Upcoming SlideShare
Loading in...5
×

Legal Perspective: Privacy, compliance and legal implications of location based services

2,609

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,609
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Legal Perspective: Privacy, compliance and legal implications of location based services

  1. 1. 28 April 2010 BEHAVIORAL TARGETING Recent legal developments Nicole Wolters Ruckert nicole.wolters.ruckert@kvdl.nl
  2. 2. Behavioral targeting • Three types: 1. On-site behavioral targeting: Amazon.com 2. Network behavioral targeting: Yahoo, Doubleclick en AudienceScience 3. ISP behavioral targeting: Phorm
  3. 3. Behavioral Targeting and consequences for ‘John Doe’ Hello!! Male, age 25, single, lawyer Interested in travelling and literature Regular Internet user
  4. 4. On-site behavioral targeting • Visits Amazon.com to order a book • Amazon places a cookie at the desktop of John • The cookie helps to build a personal profile of John • Amazon analyses the info en decides (automatically) which content it will offer to John • With every return visit, John Doe (or its computer) will be recognized
  5. 5. Network behavioral targeting • John Doe is looking for a partner and registers on Lexa datingsite • Lexa is part of a large network of advertisers • When visiting the Lexa site, a third party cookie of the advertising network is placed on John’s desktop • The Internet use of John is stored in a profile that is build up and refined whenever John uses sites that are part of the advertising network
  6. 6. ISP behavioral targeting • John Doe is a subscriber of a telecoms provider • John’s use of the Internet is registered and analysed in order to send him targeted adds • For this purpose, online marketing companies (e.g. NebuAd en Phorm) are granted access to the technical infrastructure of the ISP
  7. 7. Behavioral targeting: all about the cookies • Artikel 4.1. Dutch Decision Universal Service on cookies Storage of cookies is only allowed if the user or subscriber is informed upfront and in clear and accurate manner on the purposes for which the cookie will be used and the subscriber or user has been provided the opportunity to refuse the placement of the cookie This obligation does not apply in the event that the cookie’s sole purpose is to enable or simplify the sending of messages via the Internet, or in the event the cookie is strictly necessary for the rendering of a services that the user or subscriber has ordered. NOTE: this exception does not apply for behavioral targeting!
  8. 8. Current Dutch regulation: upfront information • Elements of the obligation to inform 1. ‘Upfront information’: theory vs practice 2. Notification on certain minimum requirements for online collection of personal data in the EU, WP 43 of the Article 29 Working Group 3. Relation to article 10 Privacy Directive 1995
  9. 9. Behavioral targeting: new regulation New article 5 sub 3 E-privacy Directive • Cookies are allowed if the subscriber or the user has granted permission after being provided with clear and complete information on the purposes of the processing • Relevance of consideration 66 : some room for creative solution. Could permission be granted by the settings of the browser?
  10. 10. Behavioral targeting: new regulation • Position EDPS 18 March 2010 • On network behavioral targeting • Problem: the ‘naive’ user requires greater protection • Solution: default privacy settings (no third party cookies) + privacy wizard • Future: opinion Article 29 Working Party
  11. 11. Behavioral targeting: Cookies: personal data? • Advice Article 29 Working Group (WP 148) • Any cookie with a unique user identification code qualifies as personal data • Consequences for behavioral targeting? By means of a cookie it is easy to identify the use of the Internet from a unique computer and thus a user.
  12. 12. Behavioral targeting: Directive on Data Privacy 1995 Requirements for behavioral targeting? • Purpose: upfront, specific and justified purposes (art. 6) • Grounds for processing (art. 7) • Difference on site, netwerk and ISP behavioral targeting • Term for storage (art.6)
  13. 13. You want more information? Nicole.Wolters.Ruckert@kvdl.nl

×