Digital analytics & privacy: it's not the end of the world


Published on

This presentation starts by revisiting the common best practices related to digital analytics in order to measure digital asset’s effectiveness to increase conversion, common data feeds between tools and possibly data flows between continents for analysis.

These practices are then put in parallel with legal requirements, showing which steps need to be undertaken to assure legal compliance of said practices, how digital responsibles should be trained in data protection matters and what contracts are needed with both data providers & collectors so as to assure minimal liability for these routinely undertaken tasks.

This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Image source:
  • The french are mainly worried about exclusion
  • So data doesn’t erode over time and can be sold multiple times but its destruction is not part of any analytics process?
    With breach notifications being increasingly adopted by varying countries, the level of fines and class actions going up related to any data breaches or privacy infringements, wouldn’t it make sense to take a look at some procedures?
  • Digital analytics & privacy: it's not the end of the world

    1. 1. Digital Analytics & Privacy: it’s not the end of the world November 12th 2013 Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols
    2. 2. Expectations: no legislation, promised! @aureliepols
    3. 3. Datenschutz, Protección de datos, Protection des données @aureliepols
    4. 4. Privacy, a human right? Navi Pillay Source: @aureliepols Source:
    5. 5. The changing tide of public opinion Source: obalresearch.c a/25verdadessobre-el-casoevomoralesedwar dsnowden/534 1660 @aureliepols
    6. 6. Democracy in danger since the Patriot Act? Source: b/2013/01/22/daily-circuit-alexis-detocqueville-democracy-in-america @aureliepols
    7. 7. This is about keeping your job Source: @aureliepols
    8. 8. The confessions of a European analyst  Grew up in the Netherlands, Dutch passport  French mother tongue  Most of my friends of bilingual at least!  Have Polish & Russian origins  Set-up my first start-up in Belgium in 2003  Sold it to a UK agency, Digitas LBi (Publicis), in 2008  Moved to Spain in 2009  Created Mind Your Group (Putting Your Data to Work) + sister company Mind Your Privacy in 2012 (yes, law firm) @aureliepols
    9. 9. Bridging Analytics & Data Protection in Europe  European Convention of Human Rights, Article 8: Privacy is a fundamental right you don’t have to agree ;-)  Spain = 80% of EU Data Protection fines; strict data protection legislation, breach notification & security protocols best practices @aureliepols
    10. 10. The Rule of Law is the foundation of Democracy “Democracy must be built through open societies that share information. When there is information, there is enlightment. When there is debate, there are solutions. When there is no sharing of power, no rule of law, no accountability, there is abuse, corruption, subjugation and indignation.” Atifete Jahjaga, President of Kosovo @aureliepols
    11. 11. The Rule of Law is the foundation of Democracy APEC Continental law influenced US & UK Common Law EU Continental Law Class actions Privacy Business focused Fines (by DPAs: Data protection Agencies) Personal Data Protection Citizen focused: data belongs to the visitor/prospect/consumer/citizen Over-arching EU Directives & Regulations Sector based legislations: HIPPA, COPPA, VPPA, … PII varies per state but lists defined * Again, you don’t have to agree! @aureliepols Introduction of pseudo-anonymized data within the new PDP Regulation, partially trying to avoid pinning down PII exactly imho
    12. 12. Privacy is a tough cookie to crack So was probably the Declaration of Human Rights, ask Eleanor Roosevelt! So called Cookie Directive, good or bad idea? - Very techno specific - Doesn’t help when legislation lags behind… - Raised awareness? - Clean house? @aureliepols Best cookies in the world: Maison Dandoy, Brussels, since 1829,,
    13. 13. Rome wasn’t build in a day Take away #1: The EU & the US view Privacy & data protection very differently and that is fine! Rome wasn’t built in one day, neither was the traffic regulation in NY or Madrid! @aureliepols
    14. 14. Wicked French ;-) Most EU countries talk of zebra paths France: are still talking of passages cloûtés Take away #2 related to data: Time: - Techno evolves faster than legislation - Privacy procedures are new to techno players => no Privacy culture! Data is ad infinitum transferable, without decay => new Privacy challenges, la bande de GAFA (CNIL) @aureliepols Image source: %20cloute.jpg
    15. 15. Privacy tri-partite Joint effort by: 1. Governments &/or international Associations => regulations, guidelines.. 2. Businesses 3. Citizens/consumers/voters Each party wanting to defend its rights: - Personal Data Protection & the Rule of Law through respect of Fundamental Rights vs. - Profits & hopefully Sustainability @aureliepols
    16. 16. If data is the new oil, is Privacy the new Green? Comparing Facebook’s Privacy policy Source: @aureliepols
    17. 17. What’s in a word? DATA LIFECYCLE Source: @aureliepols Source:
    18. 18. Overlap & pieces missing Take away #3 Data: - ad infinitum transferable Legislation: - Breach notification Common sense: - Procedures! Source: @aureliepols
    19. 19. The evolution of Breach notification http://www.informationisb worlds-biggest-databreaches-hacks/ @aureliepols
    20. 20. LinkedIn Big Data feedback loop Consent? Anyone? Example: Netflix VPPA Source: @aureliepols
    21. 21. Some basic Privacy terms, bouh! PURPOSE: What are you using the data for? CONSENT: Reasonable expectation of the use of data => Transparency Trust => Social Media reputation (See also Breach notification for Crisis Management) Creepy => Ethics boundary @aureliepols
    22. 22. You: Data Controller – Tools: Data Processor, ok? Take away #4 Review those bloody contracts, will you? Assure liability is clear and that you are covered! Source: data-protection/datacollection/obligations/index _en.htm @aureliepols
    23. 23. Did Big Data kill the Privacy framework? No, it introduced a paradigm shift Just like analytics is becoming permeable through the company Purpose Purpose New business opportunity New business opportunity through data through data User consent User consent This is also the case for the legal consequences of the use of data: Employee Training & internal debate related to what is acceptable & what is not should become part of business Fair & Legal process Fair & Legal process Data diving analysis / /Big Data Data diving analysis Big Data Information for approved use Information for approved use @aureliepols
    24. 24. Security is only one solution to the problem SECURITY SECURITY (TECHNOLOGY) (TECHNOLOGY) The guy in the middle is a DPO: Data Protection Officer, required key personnel once the EU Personal Data Protection Regulation passes DATA COLLECTION DATA COLLECTION @aureliepols
    25. 25. The EU Personal Data Protection Regulation is coming #EUDataP Source: es/8813/7882/1681/IA B_Tuesday_Webinar _Data_Protection_FI NAL.pdf ICO is an outlier @aureliepols
    26. 26. Without the right support, the best security crumbles RIITY )) R TY Y ECU OG Y E C U L OG S S NO L H NO TE C H ((TEC DATA COLLECTION DATA COLLECTION @aureliepols
    27. 27. Human error causes most data breaches Source: http://www.cooldail ost/data-andsecurity-breaches
    28. 28. Bridging the analytics to the legal world Security = Icing on the cake SECURITY SECURITY TECHNOLOGY TECHNOLOGY Information for Information for approved use approved use Data diving analysis // Data diving analysis Big Data Big Data Fair & Legal process Fair & Legal process New business New business opportunity through opportunity through data data User consent User consent DATA COLLECTION DATA COLLECTION @aureliepols
    29. 29. Harmonising Security & Privacy  Effective Privacy management depends upon a Risk driven approach that surpasses compliance needs - Prepare for legislative changes - Recognise that just because something is legal, it doesn’t mean it is a good idea - Consider how Privacy drives strategic advantage => USP?  Skill requirements & interfaces between professionals - Identifying intersection and tackling conflict - Finding a common language - Developing a Privacy culture @aureliepols Source: esentations/file_upload/grc-w07-whenworlds-collide-harmonising-governancebetween-security-and-privacy.pdf
    30. 30. Always ask yourself these 3 questions & keep your job  What data am I collecting? - PII vs. non-PII - Persönlich ↔ Pseudonym ↔ Anonym  Who has access to this data? - Both persons & tools  Where is the data stored? - SafeHarbor vs. Binding Corporate Rules @aureliepols
    31. 31. Or follow the IAB’s recommendations! @aureliepols
    32. 32. Source: http://www.fanpo 423/title/goodwife-special-aliciaseason-3-photo
    33. 33. Thank you for your time! Aurélie Pols Something (Digital) Analytics Europe Chief Visionary Officer & Founder @aureliepols –