SlideShare a Scribd company logo

Interact 2018 - GDPR for digital publishers, digital agencies and advertisers

IAB Europe
IAB Europe

Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.

Marketing
1 of 30
Download to read offline
GDPR for Digital Publishers, Digital Agencies, and Advertisers Matthias Matthiesen Director, Privacy & Public Policy Chris Hartsuiker Manager, Privacy & Public Policy May 23rd, INTERACT 2018 Milan
• You are a controller or processor in the EU: The GDPR applies to you. • You are a controller outside of the EU: GDPR applies if you if • you monitor the behavior of people in Europe, or • you offer goods and services to people in Europe. Territorial Applicability
Even if the GDPR technically doesn’t apply to YOU… • Partners might be in scope; they will have to know if it’s safe for them to send data to your company. • Countries outside of the EU of the GDPR are ‘third countries’ – transferring data to those companies is an ‘international data transfer’, which is only allowed if there is a transfer mechanism.
Everywhere is Europe
Personal Data ANONYMOUS IDENTIFIABLE NATURAL PERSON IDENTIFIED NATURAL PERSON PERSONAL DATA NON-PERSONAL DATA PSEUDONYMOUS DATA PERSONALLY IDENTIFIABLE INFORMATION (“PII”)
Personal Data If an individual can be singled out by data, that data is personal data (unique cookie ID or AAID/IDFA)
Personal Data IP 94.225.47.200 Internet Service Provider Matthias Matthiesen on Friday, 22 April 2016, 9:15 AM IP 94.225.47.200 Online Service Legal Means (Court Order) Internet Service Provider Matthias Matthiesen on Friday, 22 April 2016, 9:15 AM If data can be re-identified by the controller, or another entity, that data is personal data.
Personal Data • Information related to an identified or identifiable natural person. • Identifiers, such as a name, number, location, online ID, or one or more factors specific to a natural person. • IP address, cookie ID, RFID tag, especially when combined with profiles.
When in doubt: It’s Personal Data
This far-reaching effect is completely intentional. • The GDPR is the latest and potentially greatest example of what is known as the “Brussels effect”. Illustration by Sara Gironi Carnevale for POLITICO Europe
R RESTRICTED PERSONAL DATA REQUIRES LEGAL GROUND FOR PROCESSING
ePrivacy Directive • Storing information, such as cookies, or accessing information stored on a user device generally requires consent. • Unless “strictly” technically necessary for provision of the service requested by a user, e.g. shopping cart cookies. NB: The ePrivacy Directive is a law from 2009, not to be confused with its proposed update, the ePrivacy Regulation.
ePrivacy rules before GDPR ePrivacy Consent Requirement GET CONSENT AS DEFINED BY
ePrivacy rules after GDPR ePrivacy Consent Requirement GET CONSENT AS DEFINED BY GDPR
Hierarchy ePrivacy and GDPR Processing personal data Storing/accessing Personaldataondevice Consent GDPR Legal Basis ePrivacy GDPR Consent • Collection of data over the internet generally requires consent because of ePrivacy • Processing of personal data requires a GDPR legal basis e.g. consent, or legitimate interest. • Where both apply at the same time the more specific consent rule of the ePrivacy prevails. Storing/accessing data on device
Consent • Consent is a statement or clear affirmative action signifying agreement to the processing of personal data. It must be • freely given, specific, informed • Controllers must be able to demonstrate that the data subject has consented to the processing of their personal data. • Consent must be revocable at any time. Revoking consent must be as easy as granting consent.
Consent • Consent ≠ silence/inactivity • Consent ≠ freely given if inappropriately bundled. • Consent ≠ freely given if inappropriately a condition • Consent ≠ freely given in situations of “power imbalance” • Which affirmative actions can convey consent? • Choosing technical settings (which)? • Further browsing? • Clicking a link? • Highlighting text? • Informed = purpose & controller disclosed
Consent
Consent
Stay Informed www.advertisingconsent.eu
Stay Informed
Quick Recap: • GDPR applies based on territory (everywhere is Europe). • Personal data covers a huge amount of types of data (when in doubt: it’s personal data). • Processing personal data is only lawful with a legal basis (consent, legitimate interest).
Transparency & Data Subject Rights Transparency & Data Subject Rights
Data Subject Rights Data subject rights • The right to access • The right to rectification • The right to erasure • The right to restrict processing • The right to data portability • The right to object • Rights related to automated decisions, including profiling, with legal or significant effects
Profiling & Automated Decision Making • Profiling is automated processing, analyzing, or predicting a person’s preferences, interests, behavior, etc. • It must be justified through one of the legal justifications, e.g. consent or the legitimate interests of the controller. • Where an automated decision, including profiling, has legal effects or similarly significantly affects a user, it is regulated more strictly. • It can only be justified through the explicit consent of the user.
Profiling & Automated Decision Making Automated review of credit applications Automated recruitment practices, e.g. candidate selection through algorithm
So what can I do if I’m not ready for GDPR day on Friday?
So what can I do if I’m not ready for GDPR day on Friday? 1.Determine whether GDPR applies. 2.Take stock of all data processing activities. 3.Conduct impact assessments. 4.Create a compliance roadmap. 5.Appoint a DPO. 6.Get help, engage with industry, stay informed. 7.Help others.
Thank you! Matthias Matthiesen matthiesen@iabeurope.eu Chris Hartsuiker hartsuiker@iabeurope.eu Or come find us during Interact!

Recommended

Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...BCC - Solutions for IBM Collaboration Software
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 

Recommended

Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...BCC - Solutions for IBM Collaboration Software
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key ChangesCraig Clark ITIL, CIS LI,EU GDPR P
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - LeedsRachel Aldighieri
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015Rachel Aldighieri
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 

More Related Content

What's hot

The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015Rachel Aldighieri
 

What's hot (20)

The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEA
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
 
Data protection
Data protectionData protection
Data protection
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
 

Similar to Interact 2018 - GDPR for digital publishers, digital agencies and advertisers

Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?MediaPost
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesTech Trust
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?MediaPost
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingPromptCloud
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
GDPR: What It Is and How (and Which) US Companies Are Affected
GDPR: What It Is and How (and Which) US Companies Are AffectedGDPR: What It Is and How (and Which) US Companies Are Affected
GDPR: What It Is and How (and Which) US Companies Are AffectedJames C. Roberts III
 

Similar to Interact 2018 - GDPR for digital publishers, digital agencies and advertisers (20)

Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
GDPR for US Companies: A Primer
GDPR for US Companies: A PrimerGDPR for US Companies: A Primer
GDPR for US Companies: A Primer
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and Processing
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
 
GDPR: What It Is and How (and Which) US Companies Are Affected
GDPR: What It Is and How (and Which) US Companies Are AffectedGDPR: What It Is and How (and Which) US Companies Are Affected
GDPR: What It Is and How (and Which) US Companies Are Affected
 

More from IAB Europe

IAB Europe Membership Brochure 2019
IAB Europe Membership Brochure 2019IAB Europe Membership Brochure 2019
IAB Europe Membership Brochure 2019IAB Europe
 
FWCE Cracking the Programmatic Conundrum White Paper
FWCE Cracking the Programmatic Conundrum White PaperFWCE Cracking the Programmatic Conundrum White Paper
FWCE Cracking the Programmatic Conundrum White PaperIAB Europe
 
IAB Europe Virtual Programmatic Day H2 2018 Slides
IAB Europe Virtual Programmatic Day H2 2018 SlidesIAB Europe Virtual Programmatic Day H2 2018 Slides
IAB Europe Virtual Programmatic Day H2 2018 SlidesIAB Europe
 
IAB Spain Digital Ad Spend 2017 Report
IAB Spain Digital Ad Spend 2017 ReportIAB Spain Digital Ad Spend 2017 Report
IAB Spain Digital Ad Spend 2017 ReportIAB Europe
 
AppNexus + Tomorrow TTH Case Study
AppNexus + Tomorrow TTH Case StudyAppNexus + Tomorrow TTH Case Study
AppNexus + Tomorrow TTH Case StudyIAB Europe
 
AppNexus + MiQ Case Study
AppNexus + MiQ Case StudyAppNexus + MiQ Case Study
AppNexus + MiQ Case StudyIAB Europe
 
AppNexus + Axel Springer Case Study
AppNexus + Axel Springer Case Study AppNexus + Axel Springer Case Study
AppNexus + Axel Springer Case StudyIAB Europe
 
AppNexus + Schibsted Case study
AppNexus + Schibsted Case study AppNexus + Schibsted Case study
AppNexus + Schibsted Case studyIAB Europe
 
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...IAB Europe
 
IAB Netherlands - Deloitte Programmatic Advertising 2018 Report
IAB Netherlands - Deloitte Programmatic Advertising 2018 ReportIAB Netherlands - Deloitte Programmatic Advertising 2018 Report
IAB Netherlands - Deloitte Programmatic Advertising 2018 ReportIAB Europe
 
IAB Europe Webinar Deck: Digital Brand Advertising and Measurement
IAB Europe Webinar Deck: Digital Brand Advertising and MeasurementIAB Europe Webinar Deck: Digital Brand Advertising and Measurement
IAB Europe Webinar Deck: Digital Brand Advertising and MeasurementIAB Europe
 
DOOH Presentation by OMD for DOOH and DA Webinar
DOOH Presentation by OMD for DOOH and DA WebinarDOOH Presentation by OMD for DOOH and DA Webinar
DOOH Presentation by OMD for DOOH and DA WebinarIAB Europe
 
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload) IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)IAB Europe
 
Interact 2018 - Advertising that works for everyone
Interact 2018 - Advertising that works for everyoneInteract 2018 - Advertising that works for everyone
Interact 2018 - Advertising that works for everyoneIAB Europe
 
Interact 2018 - Embracing an ever-changing future for digital advertising
Interact 2018 - Embracing an ever-changing future for digital advertisingInteract 2018 - Embracing an ever-changing future for digital advertising
Interact 2018 - Embracing an ever-changing future for digital advertisingIAB Europe
 
Interact 2018 - IAB Europe’s GDPR Transparency & Consent Framework
Interact 2018 - IAB Europe’s GDPR Transparency & Consent FrameworkInteract 2018 - IAB Europe’s GDPR Transparency & Consent Framework
Interact 2018 - IAB Europe’s GDPR Transparency & Consent FrameworkIAB Europe
 
Interact 2018 - DOOH growth and barriers
Interact 2018 - DOOH growth and barriersInteract 2018 - DOOH growth and barriers
Interact 2018 - DOOH growth and barriersIAB Europe
 
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...IAB Europe
 
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...IAB Europe
 
Interact 2018 - What Builds Brand Love
Interact 2018 - What Builds Brand LoveInteract 2018 - What Builds Brand Love
Interact 2018 - What Builds Brand LoveIAB Europe
 

More from IAB Europe (20)

IAB Europe Membership Brochure 2019
IAB Europe Membership Brochure 2019IAB Europe Membership Brochure 2019
IAB Europe Membership Brochure 2019
 
FWCE Cracking the Programmatic Conundrum White Paper
FWCE Cracking the Programmatic Conundrum White PaperFWCE Cracking the Programmatic Conundrum White Paper
FWCE Cracking the Programmatic Conundrum White Paper
 
IAB Europe Virtual Programmatic Day H2 2018 Slides
IAB Europe Virtual Programmatic Day H2 2018 SlidesIAB Europe Virtual Programmatic Day H2 2018 Slides
IAB Europe Virtual Programmatic Day H2 2018 Slides
 
IAB Spain Digital Ad Spend 2017 Report
IAB Spain Digital Ad Spend 2017 ReportIAB Spain Digital Ad Spend 2017 Report
IAB Spain Digital Ad Spend 2017 Report
 
AppNexus + Tomorrow TTH Case Study
AppNexus + Tomorrow TTH Case StudyAppNexus + Tomorrow TTH Case Study
AppNexus + Tomorrow TTH Case Study
 
AppNexus + MiQ Case Study
AppNexus + MiQ Case StudyAppNexus + MiQ Case Study
AppNexus + MiQ Case Study
 
AppNexus + Axel Springer Case Study
AppNexus + Axel Springer Case Study AppNexus + Axel Springer Case Study
AppNexus + Axel Springer Case Study
 
AppNexus + Schibsted Case study
AppNexus + Schibsted Case study AppNexus + Schibsted Case study
AppNexus + Schibsted Case study
 
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...
IAB Europe Webinar Deck: Research Awards Winners - Consumer Behaviour and Med...
 
IAB Netherlands - Deloitte Programmatic Advertising 2018 Report
IAB Netherlands - Deloitte Programmatic Advertising 2018 ReportIAB Netherlands - Deloitte Programmatic Advertising 2018 Report
IAB Netherlands - Deloitte Programmatic Advertising 2018 Report
 
IAB Europe Webinar Deck: Digital Brand Advertising and Measurement
IAB Europe Webinar Deck: Digital Brand Advertising and MeasurementIAB Europe Webinar Deck: Digital Brand Advertising and Measurement
IAB Europe Webinar Deck: Digital Brand Advertising and Measurement
 
DOOH Presentation by OMD for DOOH and DA Webinar
DOOH Presentation by OMD for DOOH and DA WebinarDOOH Presentation by OMD for DOOH and DA Webinar
DOOH Presentation by OMD for DOOH and DA Webinar
 
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload) IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
 
Interact 2018 - Advertising that works for everyone
Interact 2018 - Advertising that works for everyoneInteract 2018 - Advertising that works for everyone
Interact 2018 - Advertising that works for everyone
 
Interact 2018 - Embracing an ever-changing future for digital advertising
Interact 2018 - Embracing an ever-changing future for digital advertisingInteract 2018 - Embracing an ever-changing future for digital advertising
Interact 2018 - Embracing an ever-changing future for digital advertising
 
Interact 2018 - IAB Europe’s GDPR Transparency & Consent Framework
Interact 2018 - IAB Europe’s GDPR Transparency & Consent FrameworkInteract 2018 - IAB Europe’s GDPR Transparency & Consent Framework
Interact 2018 - IAB Europe’s GDPR Transparency & Consent Framework
 
Interact 2018 - DOOH growth and barriers
Interact 2018 - DOOH growth and barriersInteract 2018 - DOOH growth and barriers
Interact 2018 - DOOH growth and barriers
 
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...
Interact 2018 - Creativity & Interactivity: the perfect match to win user’s ...
 
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...
Interact 2018 - Quo vadis Italy? The concentration of online time spent and t...
 
Interact 2018 - What Builds Brand Love
Interact 2018 - What Builds Brand LoveInteract 2018 - What Builds Brand Love
Interact 2018 - What Builds Brand Love
 

Recently uploaded

Best Persuasive selling skills presentation.pptx
Best Persuasive selling skills presentation.pptxBest Persuasive selling skills presentation.pptx
Best Persuasive selling skills presentation.pptxMasterPhil1
 
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...Search Engine Journal
 
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...Ahrefs
 
Social Samosa Guidebook for SAMMIES 2024.pdf
Social Samosa Guidebook for SAMMIES 2024.pdfSocial Samosa Guidebook for SAMMIES 2024.pdf
Social Samosa Guidebook for SAMMIES 2024.pdfSocial Samosa
 
What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?Juan Pineda
 
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRCall Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRlizamodels9
 
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Common Culture: Paul Willis Symbolic Creativity
Common Culture: Paul Willis Symbolic CreativityCommon Culture: Paul Willis Symbolic Creativity
Common Culture: Paul Willis Symbolic CreativityMonishka Adhikari
 
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...Hugues Rey
 
2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)Jomer Gregorio
 
Jai Institute for Parenting Program Guide
Jai Institute for Parenting Program GuideJai Institute for Parenting Program Guide
Jai Institute for Parenting Program Guidekiva6
 
Mastering SEO in the Evolving AI-driven World
Mastering SEO in the Evolving AI-driven WorldMastering SEO in the Evolving AI-driven World
Mastering SEO in the Evolving AI-driven WorldScalenut
 
Fueling A_B experiments with behavioral insights (1).pdf
Fueling A_B experiments with behavioral insights (1).pdfFueling A_B experiments with behavioral insights (1).pdf
Fueling A_B experiments with behavioral insights (1).pdfVWO
 
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing Strategy
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing StrategyDIGITAL MARKETING COURSE IN BTM -Influencer Marketing Strategy
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing StrategySouvikRay24
 
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfResearch and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfVWO
 
SORA AI: Will It Be the Future of Video Creation?
SORA AI: Will It Be the Future of Video Creation?SORA AI: Will It Be the Future of Video Creation?
SORA AI: Will It Be the Future of Video Creation?Searchable Design
 
McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)DEVARAJV16
 
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdf
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdfDGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdf
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdfDemandbase
 
From Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOFrom Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOSzymon Słowik
 
Avoid the 2025 web accessibility rush: do not fear WCAG compliance
Avoid the 2025 web accessibility rush: do not fear WCAG complianceAvoid the 2025 web accessibility rush: do not fear WCAG compliance
Avoid the 2025 web accessibility rush: do not fear WCAG complianceDamien ROBERT
 

Recently uploaded (20)

Best Persuasive selling skills presentation.pptx
Best Persuasive selling skills presentation.pptxBest Persuasive selling skills presentation.pptx
Best Persuasive selling skills presentation.pptx
 
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...
Do More with Less: Navigating Customer Acquisition Challenges for Today's Ent...
 
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
 
Social Samosa Guidebook for SAMMIES 2024.pdf
Social Samosa Guidebook for SAMMIES 2024.pdfSocial Samosa Guidebook for SAMMIES 2024.pdf
Social Samosa Guidebook for SAMMIES 2024.pdf
 
What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?
 
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRCall Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
 
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Common Culture: Paul Willis Symbolic Creativity
Common Culture: Paul Willis Symbolic CreativityCommon Culture: Paul Willis Symbolic Creativity
Common Culture: Paul Willis Symbolic Creativity
 
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
 
2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)
 
Jai Institute for Parenting Program Guide
Jai Institute for Parenting Program GuideJai Institute for Parenting Program Guide
Jai Institute for Parenting Program Guide
 
Mastering SEO in the Evolving AI-driven World
Mastering SEO in the Evolving AI-driven WorldMastering SEO in the Evolving AI-driven World
Mastering SEO in the Evolving AI-driven World
 
Fueling A_B experiments with behavioral insights (1).pdf
Fueling A_B experiments with behavioral insights (1).pdfFueling A_B experiments with behavioral insights (1).pdf
Fueling A_B experiments with behavioral insights (1).pdf
 
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing Strategy
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing StrategyDIGITAL MARKETING COURSE IN BTM -Influencer Marketing Strategy
DIGITAL MARKETING COURSE IN BTM -Influencer Marketing Strategy
 
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfResearch and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
 
SORA AI: Will It Be the Future of Video Creation?
SORA AI: Will It Be the Future of Video Creation?SORA AI: Will It Be the Future of Video Creation?
SORA AI: Will It Be the Future of Video Creation?
 
McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)
 
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdf
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdfDGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdf
DGR_Digital Advertising Strategies for a Cookieless World_Presentation.pdf
 
From Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOFrom Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEO
 
Avoid the 2025 web accessibility rush: do not fear WCAG compliance
Avoid the 2025 web accessibility rush: do not fear WCAG complianceAvoid the 2025 web accessibility rush: do not fear WCAG compliance
Avoid the 2025 web accessibility rush: do not fear WCAG compliance
 

Interact 2018 - GDPR for digital publishers, digital agencies and advertisers

  • 1. GDPR for Digital Publishers, Digital Agencies, and Advertisers Matthias Matthiesen Director, Privacy & Public Policy Chris Hartsuiker Manager, Privacy & Public Policy May 23rd, INTERACT 2018 Milan
  • 2. • You are a controller or processor in the EU: The GDPR applies to you. • You are a controller outside of the EU: GDPR applies if you if • you monitor the behavior of people in Europe, or • you offer goods and services to people in Europe. Territorial Applicability
  • 3. Even if the GDPR technically doesn’t apply to YOU… • Partners might be in scope; they will have to know if it’s safe for them to send data to your company. • Countries outside of the EU of the GDPR are ‘third countries’ – transferring data to those companies is an ‘international data transfer’, which is only allowed if there is a transfer mechanism.
  • 5. Personal Data ANONYMOUS IDENTIFIABLE NATURAL PERSON IDENTIFIED NATURAL PERSON PERSONAL DATA NON-PERSONAL DATA PSEUDONYMOUS DATA PERSONALLY IDENTIFIABLE INFORMATION (“PII”)
  • 6. Personal Data If an individual can be singled out by data, that data is personal data (unique cookie ID or AAID/IDFA)
  • 7. Personal Data IP 94.225.47.200 Internet Service Provider Matthias Matthiesen on Friday, 22 April 2016, 9:15 AM IP 94.225.47.200 Online Service Legal Means (Court Order) Internet Service Provider Matthias Matthiesen on Friday, 22 April 2016, 9:15 AM If data can be re-identified by the controller, or another entity, that data is personal data.
  • 8. Personal Data • Information related to an identified or identifiable natural person. • Identifiers, such as a name, number, location, online ID, or one or more factors specific to a natural person. • IP address, cookie ID, RFID tag, especially when combined with profiles.
  • 9. When in doubt: It’s Personal Data
  • 10. This far-reaching effect is completely intentional. • The GDPR is the latest and potentially greatest example of what is known as the “Brussels effect”. Illustration by Sara Gironi Carnevale for POLITICO Europe
  • 12. ePrivacy Directive • Storing information, such as cookies, or accessing information stored on a user device generally requires consent. • Unless “strictly” technically necessary for provision of the service requested by a user, e.g. shopping cart cookies. NB: The ePrivacy Directive is a law from 2009, not to be confused with its proposed update, the ePrivacy Regulation.
  • 13. ePrivacy rules before GDPR ePrivacy Consent Requirement GET CONSENT AS DEFINED BY
  • 14. ePrivacy rules after GDPR ePrivacy Consent Requirement GET CONSENT AS DEFINED BY GDPR
  • 15. Hierarchy ePrivacy and GDPR Processing personal data Storing/accessing Personaldataondevice Consent GDPR Legal Basis ePrivacy GDPR Consent • Collection of data over the internet generally requires consent because of ePrivacy • Processing of personal data requires a GDPR legal basis e.g. consent, or legitimate interest. • Where both apply at the same time the more specific consent rule of the ePrivacy prevails. Storing/accessing data on device
  • 16. Consent • Consent is a statement or clear affirmative action signifying agreement to the processing of personal data. It must be • freely given, specific, informed • Controllers must be able to demonstrate that the data subject has consented to the processing of their personal data. • Consent must be revocable at any time. Revoking consent must be as easy as granting consent.
  • 17. Consent • Consent ≠ silence/inactivity • Consent ≠ freely given if inappropriately bundled. • Consent ≠ freely given if inappropriately a condition • Consent ≠ freely given in situations of “power imbalance” • Which affirmative actions can convey consent? • Choosing technical settings (which)? • Further browsing? • Clicking a link? • Highlighting text? • Informed = purpose & controller disclosed
  • 22. Quick Recap: • GDPR applies based on territory (everywhere is Europe). • Personal data covers a huge amount of types of data (when in doubt: it’s personal data). • Processing personal data is only lawful with a legal basis (consent, legitimate interest).
  • 24. Data Subject Rights Data subject rights • The right to access • The right to rectification • The right to erasure • The right to restrict processing • The right to data portability • The right to object • Rights related to automated decisions, including profiling, with legal or significant effects
  • 25. Profiling & Automated Decision Making • Profiling is automated processing, analyzing, or predicting a person’s preferences, interests, behavior, etc. • It must be justified through one of the legal justifications, e.g. consent or the legitimate interests of the controller. • Where an automated decision, including profiling, has legal effects or similarly significantly affects a user, it is regulated more strictly. • It can only be justified through the explicit consent of the user.
  • 26. Profiling & Automated Decision Making Automated review of credit applications Automated recruitment practices, e.g. candidate selection through algorithm
  • 27. So what can I do if I’m not ready for GDPR day on Friday?
  • 28. So what can I do if I’m not ready for GDPR day on Friday? 1.Determine whether GDPR applies. 2.Take stock of all data processing activities. 3.Conduct impact assessments. 4.Create a compliance roadmap. 5.Appoint a DPO. 6.Get help, engage with industry, stay informed. 7.Help others.
  • 29.
  • 30. Thank you! Matthias Matthiesen matthiesen@iabeurope.eu Chris Hartsuiker hartsuiker@iabeurope.eu Or come find us during Interact!