Privacy & Analytics: Yeti or Snow Fairy?

Uploaded on

Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data …

Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Privacy & Digital Analytics : Yeti or Snow Fairy? January 22nd 2014 Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols
  • 2. Expectations: no legislation, promised! @aureliepols
  • 3. Datenschutz, Protección de datos, Protection des données @aureliepols
  • 4. Current public opinion: Creepiness! @aureliepols
  • 5. Privacy, a human right? Navi Pillay Source: Source: @aureliepols
  • 6. The changing tide of public opinion Source: http:// www.globalresear 5341660 @aureliepols
  • 7. Democracy in danger since the Patriot Act? Source: display/web/2013/01/22/daily-circuitalexis-de-tocqueville-democracy-inamerica @aureliepols
  • 8. This is about keeping your job Source: youre-fired-which-grimsby-town-players-will-be-offered-newdeals-and-which-will-be-released/ @aureliepols
  • 9. The confessions of a European analyst §  Grew up in the Netherlands, Dutch passport §  French mother tongue §  Most of my friends of bilingual at least! §  Have Polish & Russian origins §  Set-up my first start-up in Belgium in 2003 §  Sold it to a UK agency, Digitas LBi (Publicis), in 2008 §  Moved to Spain in 2009 §  Created Mind Your Group (Putting Your Data to Work) + sister company Mind Your Privacy in 2012 (yes, law firm – Data Science Protected) @aureliepols
  • 10. Bridging Analytics & Data Protection in Europe §  European Convention of Human Rights, Article 8: Privacy is a fundamental right you don’t have to agree ;-) §  Spain = 80% of EU Data Protection fines; strict data protection legislation, breach notification & security protocols best practices @aureliepols
  • 11. Spain: 80% of data protection fines in the EU @aureliepols
  • 12. The Rule of Law is the foundation of Democracy “Democracy must be built through open societies that share information. When there is information, there is enlightment. When there is debate, there are solutions. When there is no sharing of power, no rule of law, no accountability, there is abuse, corruption, subjugation and indignation.” Atifete Jahjaga, President of Kosovo @aureliepols
  • 13. The Rule of Law is the foundation of Democracy APEC US & UK Continental Common Law law influenced Class actions EU Continental Law Fines (by DPAs: Data protection Agencies) Privacy Personal Data Protection Business focused Citizen focused: data belongs to the visitor/prospect/consumer/citizen Sector based legislations: Over-arching EU Directives & HIPPA, COPPA, VPPA, … Regulations PII varies per state but lists Introduction of pseudo-anonymized defined data within the new PDP Regulation, partially trying to avoid * Again, you don’t have to agree! pinning down PII exactly imho @aureliepols
  • 14. Privacy is a tough cookie to crack So was probably the Declaration of Human Rights, ask Eleanor Roosevelt! So called Cookie Directive, good or bad idea? -  Very techno specific -  Doesn’t help when legislation lags behind… -  Raised awareness? -  Clean house? Best cookies in the world: Maison Dandoy, Brussels, since 1829,, @aureliepols
  • 15. Rome wasn’t build in a day Take away #1: §  The EU & the US view Privacy & data protection very differently and that is fine! §  Rome wasn’t built in one day, neither was the traffic regulation in NY or Madrid! @aureliepols
  • 16. Take away #2 related to data: § Time: - Techno evolves faster than legislation - Privacy procedures are new to techno players => no Privacy culture! § Data is ad infinitum transferable, without decay => new Privacy challenges, la bande de GAFA (CNIL) Image source: %20cloute.jpg @aureliepols
  • 17. Privacy tri-partite Joint effort by: 1.  Governments &/or international Associations => regulations, guidelines.. 2.  Businesses 3.  Citizens/consumers/voters Each party wanting to defend its rights: -  Personal Data Protection & the Rule of Law through respect of Fundamental Rights vs. -  Profits & hopefully Sustainability @aureliepols Governments OUR GLOBAL SOCIETY Citizens/ consumers/ voters Businesses
  • 18. If data is the new oil, is Privacy the new Green? Comparing Facebook’s Privacy policy Source: @aureliepols
  • 19. What’s in a word? DATA LIFECYCLE Source: @aureliepols Source: lifecycle-data-managementtraining.html
  • 20. Bridging worlds in Digital Marketing
  • 21. Overlap & pieces missing Take away #3 §  Data: -  ad infinitum transferable §  Legislation: -  Breach notification §  Common sense: -  Procedures! Source: data-management/cycle.html @aureliepols
  • 22. The evolution of Breach notification http:// www.informationisbeaut worlds-biggest-databreaches-hacks/ @aureliepols
  • 23. LinkedIn Big Data feedback loop Consent? Anyone? Example: Netflix VPPA Source: @aureliepols
  • 24. Some basic Privacy terms, bouh! PURPOSE: What are you using the data for? CONSENT: Reasonable expectation of the use of data => Transparency Trust => Social Media reputation (See also Breach notification for Crisis Management) Creepy => Ethics boundary @aureliepols
  • 25. You: Data Controller – Tools: Data Processor, ok? Take away #4 Review those bloody contracts, will you? Assure liability is clear and that you are covered! Source: http:// data-protection/datacollection/obligations/ index_en.htm @aureliepols
  • 26. Did Big Data kill the Privacy framework? No, it introduced a paradigm shift Just like analytics is becoming permeable through the company Purpose New business opportunity through data User consent This is also the case for the legal consequences of the use of data: Employee Training & internal debate related to what is acceptable & what is not should become part of business Fair & Legal process Data diving analysis / Big Data Information for approved use @aureliepols
  • 27. Security is only one solution to the problem SECURITY (TECHNOLOGY) The guy in the middle is a DPO: Data Protection Officer, required key personnel once the EU Personal Data Protection Regulation passes DATA COLLECTION @aureliepols
  • 28. The EU Personal Data Protection Regulation is coming #EUDataP Source: files/ 8813/7882/1681/ IAB_Tuesday_Web inar_Data_Protecti on_FINAL.pdf ICO is an outlier @aureliepols
  • 29. Without the right support, the best security crumbles Y URIT SEC OLOGY) HN (TEC DATA COLLECTION @aureliepols
  • 30. Human error causes most data breaches Source: http:// www.cooldailyinfo post/data-andsecurity-breaches @aureliepols
  • 31. Bridging the analytics to the legal world Security = Icing on the cake SECURITY TECHNOLOGY Information for approved use Data diving analysis / Big Data Fair & Legal process New business opportunity through data User consent DATA COLLECTION @aureliepols
  • 32. Harmonising Security & Privacy §  Effective Privacy management depends upon a Risk driven approach that surpasses compliance needs -  Prepare for legislative changes -  Recognise that just because something is legal, it doesn’t mean it is a good idea -  Consider how Privacy drives strategic advantage => USP? §  Skill requirements & interfaces between professionals -  Identifying intersection and tackling conflict -  Finding a common language -  Developing a Privacy culture @aureliepols Source: writable/presentations/file_upload/ grc-w07-when-worlds-collideharmonising-governance-betweensecurity-and-privacy.pdf
  • 33. Always ask yourself these 3 questions & keep your job §  What data am I collecting? -  PII vs. non-PII -  Persönlich ↔ Pseudonym ↔ Anonym §  Who has access to this data? -  Both persons & tools §  Where is the data stored? -  SafeHarbor vs. Binding Corporate Rules @aureliepols
  • 34. Or follow the IAB’s recommendations! @aureliepols @aureliepols
  • 35. Don’t let your company turn into @aureliepols
  • 36. From Yeti to Snow Fairy @aureliepols
  • 37. From Yeti to Snow Fairy @aureliepols
  • 38. Snow Fairy? @aureliepols
  • 39. Source: http:// /clubs/the-goodwife/images/ 25049423/title/ good-wifespecial-aliciaseason-3-photo @aureliepols
  • 40. Thank you for your time! Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols –