Digital Analytics & Privacy:
it’s not the end of the world
November 12th 2013

Aurélie Pols
Something (Digital) Analytics ...
Expectations: no legislation, promised!

@aureliepols
Datenschutz, Protección de datos, Protection des données

@aureliepols
Privacy, a human right?
Navi Pillay

Source: http://rt.com/news/germany-brazil-un-spying-resolution-394/

@aureliepols

So...
The changing tide of public opinion

Source:
http://www.gl
obalresearch.c
a/25verdadessobre-el-casoevomoralesedwar
dsnowde...
Democracy in danger since the Patriot Act?

Source:
http://minnesota.publicradio.org/display/we
b/2013/01/22/daily-circuit...
This is about keeping your job

Source: http://toogoodtogodown.wordpress.com/2012/04/30/yourefired-which-grimsby-town-play...
The confessions of a European analyst
 Grew up in the Netherlands, Dutch passport
 French mother tongue
 Most of my fri...
Bridging Analytics & Data Protection in Europe

 European Convention of Human Rights, Article 8: Privacy is a fundamental...
The Rule of Law is the foundation of Democracy
“Democracy must be built through open
societies that share information.
Whe...
The Rule of Law is the foundation of Democracy
APEC
Continental law
influenced

US & UK
Common Law

EU
Continental Law

Cl...
Privacy is a tough cookie to crack
So was probably the Declaration of
Human Rights, ask Eleanor Roosevelt!
So called Cooki...
Rome wasn’t build in a day
Take away #1:
The EU & the US view Privacy & data
protection very differently and that is fine...
Wicked French ;-)
Most EU countries talk of zebra paths
France: are still talking of passages cloûtés
Take away #2 related...
Privacy tri-partite
Joint effort by:
1. Governments &/or international
Associations => regulations, guidelines..
2. Busine...
If data is the new oil, is Privacy the new Green?
Comparing Facebook’s Privacy policy

Source: http://mattmckeon.com/faceb...
What’s in a word? DATA LIFECYCLE

Source:
https://vividcortex.com/blog/2013/10/30/slides-from-makingbig-data-small-at-stra...
Overlap & pieces missing
Take away #3
Data:
- ad infinitum
transferable
Legislation:
- Breach notification
Common sense...
The evolution of Breach notification

http://www.informationisb
eautiful.net/visualizations/
worlds-biggest-databreaches-h...
LinkedIn Big Data feedback loop
Consent?
Anyone?
Example:
Netflix
VPPA

Source: https://www.facebook.com/photo.php?v=10151...
Some basic Privacy terms, bouh!
PURPOSE:
What are you using the data for?
CONSENT:
Reasonable expectation of the use of
da...
You: Data Controller – Tools: Data Processor, ok?
Take away #4
Review those bloody
contracts, will you?
Assure liability i...
Did Big Data kill the Privacy framework?
No, it introduced a paradigm shift
Just like analytics is becoming
permeable thro...
Security is only one solution to the problem
SECURITY
SECURITY
(TECHNOLOGY)
(TECHNOLOGY)

The guy in the middle is a
DPO: ...
The EU Personal Data Protection Regulation is coming
#EUDataP
Source:
www.iabeurope.eu/fil
es/8813/7882/1681/IA
B_Tuesday_...
Without the right support, the best security crumbles
RIITY ))
R TY Y
ECU OG Y
E C U L OG
S
S
NO L
H NO
TE C H
((TEC

DATA...
Human error causes most data breaches

Source:
http://www.cooldail
yinfographics.com/p
ost/data-andsecurity-breaches
Bridging the analytics to the legal world
Security = Icing on the cake

SECURITY
SECURITY
TECHNOLOGY
TECHNOLOGY
Informatio...
Harmonising Security & Privacy
 Effective Privacy management depends upon a Risk driven approach that surpasses
complianc...
Always ask yourself these 3 questions & keep your job
 What data am I collecting?
- PII vs. non-PII
- Persönlich ↔ Pseudo...
Or follow the IAB’s recommendations!

@aureliepols
Source:
http://www.fanpo
p.com/clubs/thegoodwife/images/25049
423/title/goodwife-special-aliciaseason-3-photo
Thank you for your time!
Aurélie Pols
Something (Digital) Analytics Europe
Chief Visionary Officer & Founder
@aureliepols ...
Upcoming SlideShare
Loading in...5
×

Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the end of the world

401

Published on

This is Aurélie Pols presentation at Strata London Conference last 11-13 November.

It is in English and starts by revisiting the common best practices related to digital analytics in order to measure digital asset’s effectiveness to increase conversion, common data feeds between tools and possibly data flows between continents for analysis.

These practices are then put in parallel with legal requirements, showing which steps need to be undertaken to assure legal compliance of said practices, how digital responsibles should be trained in data protection matters and what contracts are needed with both data providers & collectors so as to assure minimal liability for these routinely undertaken tasks.

This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
401
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Image source: http://www.lugaresparavisitar.es/wp-content/uploads/2013/04/Acueducto-de-Segovia.-Vista-general-Ospanacar-Flickr.jpg
  • The french are mainly worried about exclusion
  • So data doesn’t erode over time and can be sold multiple times but its destruction is not part of any analytics process?
    Question:
    With breach notifications being increasingly adopted by varying countries, the level of fines and class actions going up related to any data breaches or privacy infringements, wouldn’t it make sense to take a look at some procedures?
  • Transcript of "Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the end of the world"

    1. 1. Digital Analytics & Privacy: it’s not the end of the world November 12th 2013 Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols
    2. 2. Expectations: no legislation, promised! @aureliepols
    3. 3. Datenschutz, Protección de datos, Protection des données @aureliepols
    4. 4. Privacy, a human right? Navi Pillay Source: http://rt.com/news/germany-brazil-un-spying-resolution-394/ @aureliepols Source: http://www.ohchr.org/EN/Pages/WelcomePage.aspx
    5. 5. The changing tide of public opinion Source: http://www.gl obalresearch.c a/25verdadessobre-el-casoevomoralesedwar dsnowden/534 1660 @aureliepols
    6. 6. Democracy in danger since the Patriot Act? Source: http://minnesota.publicradio.org/display/we b/2013/01/22/daily-circuit-alexis-detocqueville-democracy-in-america @aureliepols
    7. 7. This is about keeping your job Source: http://toogoodtogodown.wordpress.com/2012/04/30/yourefired-which-grimsby-town-players-will-be-offered-new-deals-and-whichwill-be-released/ @aureliepols http://blog.kevinmaxwell.co.uk/2012/11/guess-what-youre-fired/
    8. 8. The confessions of a European analyst  Grew up in the Netherlands, Dutch passport  French mother tongue  Most of my friends of bilingual at least!  Have Polish & Russian origins  Set-up my first start-up in Belgium in 2003  Sold it to a UK agency, Digitas LBi (Publicis), in 2008  Moved to Spain in 2009  Created Mind Your Group (Putting Your Data to Work) + sister company Mind Your Privacy in 2012 (yes, law firm) @aureliepols
    9. 9. Bridging Analytics & Data Protection in Europe  European Convention of Human Rights, Article 8: Privacy is a fundamental right you don’t have to agree ;-)  Spain = 80% of EU Data Protection fines; strict data protection legislation, breach notification & security protocols best practices @aureliepols
    10. 10. The Rule of Law is the foundation of Democracy “Democracy must be built through open societies that share information. When there is information, there is enlightment. When there is debate, there are solutions. When there is no sharing of power, no rule of law, no accountability, there is abuse, corruption, subjugation and indignation.” Atifete Jahjaga, President of Kosovo @aureliepols
    11. 11. The Rule of Law is the foundation of Democracy APEC Continental law influenced US & UK Common Law EU Continental Law Class actions Privacy Business focused Fines (by DPAs: Data protection Agencies) Personal Data Protection Citizen focused: data belongs to the visitor/prospect/consumer/citizen Over-arching EU Directives & Regulations Sector based legislations: HIPPA, COPPA, VPPA, … PII varies per state but lists defined * Again, you don’t have to agree! @aureliepols Introduction of pseudo-anonymized data within the new PDP Regulation, partially trying to avoid pinning down PII exactly imho
    12. 12. Privacy is a tough cookie to crack So was probably the Declaration of Human Rights, ask Eleanor Roosevelt! So called Cookie Directive, good or bad idea? - Very techno specific - Doesn’t help when legislation lags behind… - Raised awareness? - Clean house? @aureliepols Best cookies in the world: Maison Dandoy, Brussels, since 1829, http://www.maisondandoy.com/en/home/,
    13. 13. Rome wasn’t build in a day Take away #1: The EU & the US view Privacy & data protection very differently and that is fine! Rome wasn’t built in one day, neither was the traffic regulation in NY or Madrid! @aureliepols
    14. 14. Wicked French ;-) Most EU countries talk of zebra paths France: are still talking of passages cloûtés Take away #2 related to data: Time: - Techno evolves faster than legislation - Privacy procedures are new to techno players => no Privacy culture! Data is ad infinitum transferable, without decay => new Privacy challenges, la bande de GAFA (CNIL) @aureliepols Image source: http://images.forum-auto.com/mesimages/770027/passage %20cloute.jpg
    15. 15. Privacy tri-partite Joint effort by: 1. Governments &/or international Associations => regulations, guidelines.. 2. Businesses 3. Citizens/consumers/voters Each party wanting to defend its rights: - Personal Data Protection & the Rule of Law through respect of Fundamental Rights vs. - Profits & hopefully Sustainability @aureliepols
    16. 16. If data is the new oil, is Privacy the new Green? Comparing Facebook’s Privacy policy Source: http://mattmckeon.com/facebook-privacy/ @aureliepols
    17. 17. What’s in a word? DATA LIFECYCLE Source: https://vividcortex.com/blog/2013/10/30/slides-from-makingbig-data-small-at-strata @aureliepols Source: http://www.simpletraining.com/lifecycledata-management-training.html
    18. 18. Overlap & pieces missing Take away #3 Data: - ad infinitum transferable Legislation: - Breach notification Common sense: - Procedures! Source: http://libraries.mit.edu/guides/subjects/datamanagement/cycle.html @aureliepols
    19. 19. The evolution of Breach notification http://www.informationisb eautiful.net/visualizations/ worlds-biggest-databreaches-hacks/ @aureliepols
    20. 20. LinkedIn Big Data feedback loop Consent? Anyone? Example: Netflix VPPA Source: https://www.facebook.com/photo.php?v=10151708759330687&set=vb.9445547199&type=2&theater @aureliepols
    21. 21. Some basic Privacy terms, bouh! PURPOSE: What are you using the data for? CONSENT: Reasonable expectation of the use of data => Transparency Trust => Social Media reputation (See also Breach notification for Crisis Management) Creepy => Ethics boundary @aureliepols
    22. 22. You: Data Controller – Tools: Data Processor, ok? Take away #4 Review those bloody contracts, will you? Assure liability is clear and that you are covered! Source: http://ec.europa.eu/justice/ data-protection/datacollection/obligations/index _en.htm @aureliepols
    23. 23. Did Big Data kill the Privacy framework? No, it introduced a paradigm shift Just like analytics is becoming permeable through the company Purpose Purpose New business opportunity New business opportunity through data through data User consent User consent This is also the case for the legal consequences of the use of data: Employee Training & internal debate related to what is acceptable & what is not should become part of business Fair & Legal process Fair & Legal process Data diving analysis / /Big Data Data diving analysis Big Data Information for approved use Information for approved use @aureliepols
    24. 24. Security is only one solution to the problem SECURITY SECURITY (TECHNOLOGY) (TECHNOLOGY) The guy in the middle is a DPO: Data Protection Officer, required key personnel once the EU Personal Data Protection Regulation passes DATA COLLECTION DATA COLLECTION @aureliepols
    25. 25. The EU Personal Data Protection Regulation is coming #EUDataP Source: www.iabeurope.eu/fil es/8813/7882/1681/IA B_Tuesday_Webinar _Data_Protection_FI NAL.pdf ICO is an outlier @aureliepols
    26. 26. Without the right support, the best security crumbles RIITY )) R TY Y ECU OG Y E C U L OG S S NO L H NO TE C H ((TEC DATA COLLECTION DATA COLLECTION @aureliepols
    27. 27. Human error causes most data breaches Source: http://www.cooldail yinfographics.com/p ost/data-andsecurity-breaches
    28. 28. Bridging the analytics to the legal world Security = Icing on the cake SECURITY SECURITY TECHNOLOGY TECHNOLOGY Information for Information for approved use approved use Data diving analysis // Data diving analysis Big Data Big Data Fair & Legal process Fair & Legal process New business New business opportunity through opportunity through data data User consent User consent DATA COLLECTION DATA COLLECTION @aureliepols
    29. 29. Harmonising Security & Privacy  Effective Privacy management depends upon a Risk driven approach that surpasses compliance needs - Prepare for legislative changes - Recognise that just because something is legal, it doesn’t mean it is a good idea - Consider how Privacy drives strategic advantage => USP?  Skill requirements & interfaces between professionals - Identifying intersection and tackling conflict - Finding a common language - Developing a Privacy culture @aureliepols Source: http://www.rsaconference.com/writable/pr esentations/file_upload/grc-w07-whenworlds-collide-harmonising-governancebetween-security-and-privacy.pdf
    30. 30. Always ask yourself these 3 questions & keep your job  What data am I collecting? - PII vs. non-PII - Persönlich ↔ Pseudonym ↔ Anonym  Who has access to this data? - Both persons & tools  Where is the data stored? - SafeHarbor vs. Binding Corporate Rules @aureliepols
    31. 31. Or follow the IAB’s recommendations! @aureliepols
    32. 32. Source: http://www.fanpo p.com/clubs/thegoodwife/images/25049 423/title/goodwife-special-aliciaseason-3-photo
    33. 33. Thank you for your time! Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols – www.mindyourprivacy.com/uk/

    ×