Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR vs Blockchain – A Paradox, Challenge and an Opportunity


Published on

This presentation is from Affiliate Summit East 2018 (July 29 - July 31, 2018 in New York).

Session description: In this session we shall discuss GDPR and its applicabilty to digital (European and non-European) marketers – what are the best ways to get prepared – and why Blockchain is a threat to GDPR.

Published in: Business
  • Be the first to comment

  • Be the first to like this

GDPR vs Blockchain – A Paradox, Challenge and an Opportunity

  1. 1. 1Tal Ron, Drihem & Co. Law Firm
  2. 2. Tal Ron, Drihem & Co. Law Firm 2 Tal Ron, Drihem & Co. is a leading international law firm which has been recommended by European Legal 500, International Financial Law Review (IFLR), as well as Lawyer Monthly Capital Markets Law Firm of the Year, BDI, and Dun & Bradstreet. Tal Ron, Drihem & Co. is an award winning i-Gaming and financial entertainment law firm since 2003. Advocate and Notary Tal Itzhak Ron (LLB, B.Sc., M.Sc. Computer Science) established Tal Ron, Drihem & Co. in Tel Aviv back in 2003, focusing from the start on providing legal services for the Affiliates, Fin-Tech, Cryptocurrencies, E- commerce, Hi-Tech, Ad-Tech, and i-Gaming industries, quickly becoming one of the first international firms practicing solely in these areas. The firm today advises the world leading brokers, affiliates, operators, developers, and governing bodies worldwide, and is considered the first point of contact for innovative ventures setting up and optimizing their operations.
  3. 3.  A lot of companies have affiliate programs, it seems logical that a Company can only be blamed if it encourages its affiliates to publish fake reviews, act unethically, or steal its clients.  But according to the FTC: "Whether they advertise directly or through affiliates, companies have an obligation to ensure that the advertising for their products is not deceptive. Advertisers using affiliate marketers to promote their products would be wise to put in place a reasonable monitoring program to verify that those affiliates follow the principles of truth in advertising.“ However, if Affiliates are doing deceptive practices on their own, without direct encouragement from the Company, how is the Company itself liable?  The Company has the right to sue the Affiliate. Tal Ron, Drihem & Co. Law Firm 3
  4. 4. Tal Ron, Drihem & Co. Law Firm 4
  5. 5. Tal Ron, Drihem & Co. Law Firm 5 In the wake of data breaches, GDPR is empowering users where their personal data is concerned. EU General Data Protection Regulation (2016/679 active since May 25, 2018) applies to the processing of data carried out by organizations operating within the EU, and/or to organizations outside the EU that offer goods or services to individuals in the EU. Failure to comply means that companies will face steep fines (up to €20 Million or 4% of the global annual turnover whichever is higher).
  6. 6. Tal Ron, Drihem & Co. Law Firm 6 • Articles 13 & 14: Right to know how personal data is used. • Article 15: Right to access personal data. • Article 16: right to rectify incorrect personal data. • Article 17: Right to be forgotten-data erasure when data is no longer necessary & there is no legal obligation to keep it. • Article 27: Need to appoint an EU Representative (local liaison between data subjects and supervisory authorities). This applies to Companies that do not have an office in the EU, but provide their services within the EU. • Article 37(1): Designation of a Data Protection Officer (DPO) – case by case analysis.
  7. 7.  A Processor is responsible for processing personal data on behalf of a controller.  A Controller determines the purposes and means of processing personal data (therefore you may be required to follow GDPR requirements even though you do not process any data yourself). The GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR (generally via DPA Agreements). Tal Ron, Drihem & Co. Law Firm 7
  8. 8.  Name;  ID number(s);  IP Address;  Home Address;  Phone Number;  Payment Information;  RFI Tags;  Website Login,  Website Session ID;  User Name; Password;  E-mail Address;  Geo Location;  Device and App. IDs;  Cookies; […]. Tal Ron, Drihem & Co. Law Firm 8
  9. 9. Tal Ron, Drihem & Co. Law Firm 9 1. Remain Transparent and Process Data Lawfully; 2. You may no longer use Opt-Outs, Users need to Opt-In. 3. Change your Website’s Cookies Notices; 4. Update your T&C’s and Privacy Policy; 5. Make sure each EU User signs a Consent Form and service providers sign a Data Processing Agreement (DPA); 6. Establish an EU Representative and DPO. * We provide you with the legal set-up required by GDPR.
  10. 10. Tal Ron, Drihem & Co. Law Firm 10 All Tick Boxes must be left as Opt-In (not Opt-Out). User needs to give a Pro-Active Consent
  11. 11. Information to Disclose to User  Who is managing their data;  What you intend to do with the user's data;  How you will protect their data;  Why you need their data;  How long will you store their data for;  Who else will receive their data (list all of your third parties). Process Data Lawfully:  Receive explicit Consent from the user for each purpose of use of his/her data;  Performance of a contract (i.e. DPA Data Processing Agreement)  Legal Obligation;  Vital Interest of Individual(s); life or death situations  Public Interest;  Legitimate Interests. Tal Ron, Drihem & Co. Law Firm 11
  12. 12.  Use basic language so the Average User can understand– no long legal phrases.  Make it Easy to Opt-Out (Withdraw Consent);  List Data Safeguards (methods used to keep data safe);  Do you use cookies?  Do third parties collect your information? (List them)  State what personal information you collect;  State how and why you collect this information;  How long do you keep this information?  How do you use this information? Tal Ron, Drihem & Co. Law Firm 12
  13. 13.  Companies that do not have an office in the EU yet provide their products/services within the EU must appoint a Representative in the EU if they process personal data.  Who? Any natural or legal person who resides in the EU may be appointed (GDPR ART 4(17). The appointment to be a Representative must be made in writing.  The Representative operates as the local liaison with the data subjects and the supervisory authorities (acts on behalf of Controller/Processor).  Note: more and more service providers are asking companies to sign DPA agreements with their EU representative company. Tal Ron, Drihem & Co. Law Firm 13
  14. 14. Tal Ron, Drihem & Co. Law Firm 14
  15. 15. 1. Blockchains are decentralized and distributed. Impossible to identify the Processor of personal data. 2. Blockchains are public and transparent. Information, including personal data, is accessible to everyone! 3. Blockchains are non-editable – Transactions are irreversible. Impossible to rectify/delete information contained on a blockchain (eg. personal data). 4. *Contrary to GDPR’s right to be forgotten or right to rectify data! Tal Ron, Drihem & Co. Law Firm 15
  16. 16. Tal Ron, Drihem & Co. Law Firm 16 • Blockchain can be part of the solution for new GDPR rules. i.e. blockchain systems could be used to track consent and make sure deletion requests are fulfilled. • Governments must work in collaboration with technology to co-develop dynamic policies (i.e. peer to peer regulation)– We cannot wait for rules to play catch up every time a new technology is created! • Note: Blockchains built with privacy & GDPR compliance in mind, have a clear advantage for the future.
  17. 17. Tal Ron, Drihem & Co. Law Firm 17 Marshall Islands Vanuatu Estonia (EU) Lithuania (EU) Malta (EU) Scotland (EU?)
  18. 18. For any further questions feel free to contact us: Advocate and Notary Tal Itzhak Ron Direct Mobile: +972-52-2437484, Tal Ron, Drihem & Co., Law Firm Ha’Arbaa Towers (18th Floor) 28 Ha'arbaa Street Tel Aviv, Israel 18Tal Ron, Drihem & Co. Law Firm