Your SlideShare is downloading. ×
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Data Privacy Chicago May2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Data Privacy Chicago May2011

220

Published on

A presentation on EU Data Privacy in relation to E-marketing.

A presentation on EU Data Privacy in relation to E-marketing.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
220
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • We love the tone used in the opt-in boxes here – makes it sound well worth signing up and there’s no ambiguity!
  • Does a Zombie cookie breach Computer Misuse Act?
  • Transcript

    • 1. When will a Marketing Director go to Prison?
    • 2. Agenda
      • Email marketing
      • Gaining Consent
      • The “Cookie Law”
      • Behavioural vs Contextual
    • 3. E-Marketing is a fact of life
      • On-line ad spend is now greater than the amount spent on press advertising and climbing
      • Almost all websites now collect data from visitors
        • Visibly
        • Invisibly
      • E-mail marketing is getter ever more sophisticated
      • Social networking
      • But does it respect privacy properly?
    • 4. Only 67% of the Biggest companies comply
      • 33% of FTSE top 250 don’t comply with opt-in rules on Email*
      • The study looked at both on-line and off-line compliance
      • There was little difference from sector to sector
      • Compliance worse than in 2007 (69%)
      • Tesco Ireland just been fined
      *Atrium Study Nov 2010
    • 5. Let’s look at Privacy
      • Here’s a typical registration page – Tesco.com
      Look very closely here
    • 6. Let’s look at Privacy
    • 7. But Tesco then gets worse …..
      • Privacy policy
      • Use of your information and your preferences
      • We will use your information to provide and personalise our service. We will also use your contact details to communicate with you. We may use your information to send you offers and news about Tesco group products and services or those of other carefully selected companies which we think may be of interest to you. We may contact you by post, email, telephone or fax for these purposes.
      • Once you have registered to use Tesco.com, you will be provided with access to a "Contact Preferences" page that will allow you to tailor our commercial communications to your preferences.
      • To change your contact preferences simply click "Your Account" in the top frame and click "Your Contact Preferences". If you do not want to receive commercial communications from us, please select your choices by using the boxes available on that page.
      • But you don’t get sent to the Contact Preferences page – instead you have to wait for an email from Tesco in order to login….. which two hours later still hadn’t arrived.
      • Finally, when you do go back, here’s what you’d have to do …
    • 8. It’s a tortuous route Click on here… ..to go here Click on here… … .to go here And, finally click here to get to your preferences!
    • 9. CADBURY
    • 10. The problem of Cookies if (isset($UserID) && isset($Password)) { $query = &quot;select * from members where UserID = &quot;$UserID&quot; and Password = &quot;$Password&quot;&quot;; if ( !($dbq = mysql_query($query, $dblink))) { echo &quot;Unable to query database. Please Contact <a href=&quot;mailto:email@address&quot;>email@address</a>.n&quot;; exit; } $lim = mysql_num_rows( $dbq ); if ($lim != 1) { $headers=1; //HTML headers in place echo &quot;<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>&quot;; echo &quot;<B>Invalid User ID or Password. Please Try again</B><BR>&quot;; if ($lim == 1) { //make unique session id and store it in Database $timer = md5(time()); $sid = $UserID . &quot;+&quot; . $timer;
    • 11. Types of Cookie
      • Session
      • Persistent
      • First party
      • Third party
      • Tracking
      • Zombie (Flash)
    • 12. Why do advertisers want cookies?
      • Behavioural vs contextual
      • Google adwords is “contextual” – it presents ads based on my keywords
      • Display ads on websites are contextual – they are relevant to the content I’m viewing
      • Behavioural looks at what I’ve browsed and where I’ve been to select ads that may be relevant – in THEIR view – it DEPENDS on persistent Cookies
      • And the reason they want it? Up to FOURFOLD improvement – but usually 10% - 20%.
    • 13. New EU Rules – the problems
      • Cookies are a potential privacy threat
      • Some countries are effectively banning them
        • Germany
          • Going after Google vicariously
        • Switzerland & France
          • Says IP address is PII
      • Others don’t care
      • Art 29 WP not happy relying on browser settings alone
    • 14. Country Analysis
    • 15. Country Analysis
    • 16. Country Analysis
    • 17. More consultation
      • FTC in US is leaning towards “do not track me list”
      • Browser industry looking at potential solutions
      • Art 29WP consulting – AGAIN with ad networks
    • 18. Industry Solutions
    • 19. Industry Solutions
    • 20. Industry Solutions
    • 21. So, what to do? – 10 tips
      • 1) Inaction is not an option, websites need to review their use of cookies immediately have some plans in place, even if not actually implemented
      • 2) It is likely that the UK has now determined the direction of travel for the rest of Europe - expect the rest to jump in the same direction
      • 3) Reliance on browser settings is not a solution currently
      • 4) Zombie, persistent, re-spawning cookies are now dead in just about every circumstance
      • 5) 3rd party and tracking/analytic cookies are a major problem and working out how to get consent without driving visitors to your website insane is going to be a major challenge6) The more information the cookie collects, the higher the requirement for disclosure7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW)8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc.9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
    • 22. So, what to do?
      • 6) The more information the cookie collects, the higher the requirement for disclosure
      • 7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW
      • )8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc.
      • 9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room
      • 10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
    • 23. Is this the future?

    ×