Transcript of "Knowing Me, Knowing You - Managing & Using Contact Information "
Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January email@example.com/ 01 6145078 1
Data: Your Key Asset Compliance → asset protection Core to business models → Understanding customers → Web 2.0 → Online advertising → Location based services /telematics → Analytics/Big Data → Greentech/smart grid 2
Topics Learning about your network → Basic Rules → Current challenges Contacting your network The FutureGoal = Selling to the right person at the right time 3
Learning About Your Network – Basic Rules “Fair Processing” → transparency Consent or legitimate interests Limited Purpose → define clear purposes Not proportionate → do I need this information? Retention → is this data still current? Do I still need this information? 4
Learning About Your Network – Current Issues Sensitive Personal Data Cookies Databrokers Location Based Services Screen ScrapingAll areas of increasing market, and regulatory, interest 5
“Sensitive” Personal Data→ Race, political/religious views, trade union membership, health, sex life→ US Presidential Campaign→ Healthcare Products→ Need explicit consent→ US approach may not work in EU 6
Cookies What are Cookies? Basis of OBA and website analytics New (2011) rules impose stringent disclosure obligations: → “Clear and comprehensive information” which is “prominently displayed and easily accessible” regarding the type of cookie being used and details of its purpose; → Consent, not “opt-out” → Exception for technically required cookies. 7
Cookies (2) Practical compliance → How intrusive are the cookies? Notice to users (pop-up vs. link) Ongoing debate re. OBA → “Article 29 Working Party” - Prior Opt-In required → DPC (FB Audit) – no clear industry practice at this time• If linked to personal data, also need to comply with general data protection rules• December 2012 → DPC letters to 80 websites 8
Buying Data Databrokers sell lists of contacts/leads Should be based on prior, informed, opt-in consent Lawful, but care needed Check the contract – look for Reps/Warranties re. privacy compliance How did the supplier get the information? Fair processing → need to inform the contact you have their personal data 9
Location Based Services/ Telematics Emerging trend Applying online-style analysis to the real world, e.g. store browsing; offering vouchers to nearby potential customers. Implement via RFID chips or mobile phone Specifically regulated Requires consent or anonymous data 10
Screen Scraping Automatically pulling data off a website Can breach “fair processing principle” and may lead litigation Ryanair v. Billigfluege.de Breach of Terms; IP infringement 11
Contacting Your Network• Basic Rule → B2C email – need prior consent (and an opt-out) → B2B email – must offer an opt-out• Practical Steps → Always get consent for B2C campaigns → Offer opt-out in email → Implement a system to record opt outs.• Consequences → Fine of €5,000 or (on indictment) €250,000 12
Future Developments: Data Protection Regulation Harmonise EU law Controversial → Further regulation Recent Parliament proposals → additional restrictions Council reservations Likely to come into force in 2015/2016 (If adopted) 13
Future Developments: Data Protection Regulation Key issues: → explicit consent → Restriction of “legitimate interests” → “right to be forgotten” → “privacy by design” → “privacy impact assessments” → 2% turnover fines 14
ASAI OBA Rules Likely to be based on ASA Rules (which come into force on 4 Feb 2013) → Third Parties (i.e. ad networks) must notify users → Users must be given an opportunity to “opt-out” → Advertisers must co-operate in identifying the Third Parties → Country of origin principle In addition to existing “cookies rules” 15
Concluding Thoughts Area of increasing value and importance to business, driven by technology BUT also an area of increasing regulatory attention Predication → Will continue to evolve and will likely become more central to business in the coming years. 16
Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January firstname.lastname@example.org/ 01 6145078 17
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.