Privacy & Analytics: Yeti or Snow Fairy?


Published on

Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Privacy & Analytics: Yeti or Snow Fairy?

  1. 1. Privacy & Digital Analytics : Yeti or Snow Fairy? January 22nd 2014 Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols
  2. 2. Expectations: no legislation, promised! @aureliepols
  3. 3. Datenschutz, Protección de datos, Protection des données @aureliepols
  4. 4. Current public opinion: Creepiness! @aureliepols
  5. 5. Privacy, a human right? Navi Pillay Source: Source: @aureliepols
  6. 6. The changing tide of public opinion Source: http:// www.globalresear 5341660 @aureliepols
  7. 7. Democracy in danger since the Patriot Act? Source: display/web/2013/01/22/daily-circuitalexis-de-tocqueville-democracy-inamerica @aureliepols
  8. 8. This is about keeping your job Source: youre-fired-which-grimsby-town-players-will-be-offered-newdeals-and-which-will-be-released/ @aureliepols
  9. 9. The confessions of a European analyst §  Grew up in the Netherlands, Dutch passport §  French mother tongue §  Most of my friends of bilingual at least! §  Have Polish & Russian origins §  Set-up my first start-up in Belgium in 2003 §  Sold it to a UK agency, Digitas LBi (Publicis), in 2008 §  Moved to Spain in 2009 §  Created Mind Your Group (Putting Your Data to Work) + sister company Mind Your Privacy in 2012 (yes, law firm – Data Science Protected) @aureliepols
  10. 10. Bridging Analytics & Data Protection in Europe §  European Convention of Human Rights, Article 8: Privacy is a fundamental right you don’t have to agree ;-) §  Spain = 80% of EU Data Protection fines; strict data protection legislation, breach notification & security protocols best practices @aureliepols
  11. 11. Spain: 80% of data protection fines in the EU @aureliepols
  12. 12. The Rule of Law is the foundation of Democracy “Democracy must be built through open societies that share information. When there is information, there is enlightment. When there is debate, there are solutions. When there is no sharing of power, no rule of law, no accountability, there is abuse, corruption, subjugation and indignation.” Atifete Jahjaga, President of Kosovo @aureliepols
  13. 13. The Rule of Law is the foundation of Democracy APEC US & UK Continental Common Law law influenced Class actions EU Continental Law Fines (by DPAs: Data protection Agencies) Privacy Personal Data Protection Business focused Citizen focused: data belongs to the visitor/prospect/consumer/citizen Sector based legislations: Over-arching EU Directives & HIPPA, COPPA, VPPA, … Regulations PII varies per state but lists Introduction of pseudo-anonymized defined data within the new PDP Regulation, partially trying to avoid * Again, you don’t have to agree! pinning down PII exactly imho @aureliepols
  14. 14. Privacy is a tough cookie to crack So was probably the Declaration of Human Rights, ask Eleanor Roosevelt! So called Cookie Directive, good or bad idea? -  Very techno specific -  Doesn’t help when legislation lags behind… -  Raised awareness? -  Clean house? Best cookies in the world: Maison Dandoy, Brussels, since 1829,, @aureliepols
  15. 15. Rome wasn’t build in a day Take away #1: §  The EU & the US view Privacy & data protection very differently and that is fine! §  Rome wasn’t built in one day, neither was the traffic regulation in NY or Madrid! @aureliepols
  16. 16. Take away #2 related to data: § Time: - Techno evolves faster than legislation - Privacy procedures are new to techno players => no Privacy culture! § Data is ad infinitum transferable, without decay => new Privacy challenges, la bande de GAFA (CNIL) Image source: %20cloute.jpg @aureliepols
  17. 17. Privacy tri-partite Joint effort by: 1.  Governments &/or international Associations => regulations, guidelines.. 2.  Businesses 3.  Citizens/consumers/voters Each party wanting to defend its rights: -  Personal Data Protection & the Rule of Law through respect of Fundamental Rights vs. -  Profits & hopefully Sustainability @aureliepols Governments OUR GLOBAL SOCIETY Citizens/ consumers/ voters Businesses
  18. 18. If data is the new oil, is Privacy the new Green? Comparing Facebook’s Privacy policy Source: @aureliepols
  19. 19. What’s in a word? DATA LIFECYCLE Source: @aureliepols Source: lifecycle-data-managementtraining.html
  20. 20. Bridging worlds in Digital Marketing
  21. 21. Overlap & pieces missing Take away #3 §  Data: -  ad infinitum transferable §  Legislation: -  Breach notification §  Common sense: -  Procedures! Source: data-management/cycle.html @aureliepols
  22. 22. The evolution of Breach notification http:// www.informationisbeaut worlds-biggest-databreaches-hacks/ @aureliepols
  23. 23. LinkedIn Big Data feedback loop Consent? Anyone? Example: Netflix VPPA Source: @aureliepols
  24. 24. Some basic Privacy terms, bouh! PURPOSE: What are you using the data for? CONSENT: Reasonable expectation of the use of data => Transparency Trust => Social Media reputation (See also Breach notification for Crisis Management) Creepy => Ethics boundary @aureliepols
  25. 25. You: Data Controller – Tools: Data Processor, ok? Take away #4 Review those bloody contracts, will you? Assure liability is clear and that you are covered! Source: http:// data-protection/datacollection/obligations/ index_en.htm @aureliepols
  26. 26. Did Big Data kill the Privacy framework? No, it introduced a paradigm shift Just like analytics is becoming permeable through the company Purpose New business opportunity through data User consent This is also the case for the legal consequences of the use of data: Employee Training & internal debate related to what is acceptable & what is not should become part of business Fair & Legal process Data diving analysis / Big Data Information for approved use @aureliepols
  27. 27. Security is only one solution to the problem SECURITY (TECHNOLOGY) The guy in the middle is a DPO: Data Protection Officer, required key personnel once the EU Personal Data Protection Regulation passes DATA COLLECTION @aureliepols
  28. 28. The EU Personal Data Protection Regulation is coming #EUDataP Source: files/ 8813/7882/1681/ IAB_Tuesday_Web inar_Data_Protecti on_FINAL.pdf ICO is an outlier @aureliepols
  29. 29. Without the right support, the best security crumbles Y URIT SEC OLOGY) HN (TEC DATA COLLECTION @aureliepols
  30. 30. Human error causes most data breaches Source: http:// www.cooldailyinfo post/data-andsecurity-breaches @aureliepols
  31. 31. Bridging the analytics to the legal world Security = Icing on the cake SECURITY TECHNOLOGY Information for approved use Data diving analysis / Big Data Fair & Legal process New business opportunity through data User consent DATA COLLECTION @aureliepols
  32. 32. Harmonising Security & Privacy §  Effective Privacy management depends upon a Risk driven approach that surpasses compliance needs -  Prepare for legislative changes -  Recognise that just because something is legal, it doesn’t mean it is a good idea -  Consider how Privacy drives strategic advantage => USP? §  Skill requirements & interfaces between professionals -  Identifying intersection and tackling conflict -  Finding a common language -  Developing a Privacy culture @aureliepols Source: writable/presentations/file_upload/ grc-w07-when-worlds-collideharmonising-governance-betweensecurity-and-privacy.pdf
  33. 33. Always ask yourself these 3 questions & keep your job §  What data am I collecting? -  PII vs. non-PII -  Persönlich ↔ Pseudonym ↔ Anonym §  Who has access to this data? -  Both persons & tools §  Where is the data stored? -  SafeHarbor vs. Binding Corporate Rules @aureliepols
  34. 34. Or follow the IAB’s recommendations! @aureliepols @aureliepols
  35. 35. Don’t let your company turn into @aureliepols
  36. 36. From Yeti to Snow Fairy @aureliepols
  37. 37. From Yeti to Snow Fairy @aureliepols
  38. 38. Snow Fairy? @aureliepols
  39. 39. Source: http:// /clubs/the-goodwife/images/ 25049423/title/ good-wifespecial-aliciaseason-3-photo @aureliepols
  40. 40. Thank you for your time! Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols –