Knowing Me, Knowing You - Managing & Using Contact Information


Published on

Philip Nolan, Partner, Mason Hayes & Curran, discusses leveraging data for your business.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Knowing Me, Knowing You - Managing & Using Contact Information

  1. 1. Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January 01 6145078 1
  2. 2. Data: Your Key Asset Compliance → asset protection Core to business models → Understanding customers → Web 2.0 → Online advertising → Location based services /telematics → Analytics/Big Data → Greentech/smart grid 2
  3. 3. Topics Learning about your network → Basic Rules → Current challenges Contacting your network The FutureGoal = Selling to the right person at the right time 3
  4. 4. Learning About Your Network – Basic Rules “Fair Processing” → transparency Consent or legitimate interests Limited Purpose → define clear purposes Not proportionate → do I need this information? Retention → is this data still current? Do I still need this information? 4
  5. 5. Learning About Your Network – Current Issues Sensitive Personal Data Cookies Databrokers Location Based Services Screen ScrapingAll areas of increasing market, and regulatory, interest 5
  6. 6. “Sensitive” Personal Data→ Race, political/religious views, trade union membership, health, sex life→ US Presidential Campaign→ Healthcare Products→ Need explicit consent→ US approach may not work in EU 6
  7. 7. Cookies What are Cookies? Basis of OBA and website analytics New (2011) rules impose stringent disclosure obligations: → “Clear and comprehensive information” which is “prominently displayed and easily accessible” regarding the type of cookie being used and details of its purpose; → Consent, not “opt-out” → Exception for technically required cookies. 7
  8. 8. Cookies (2) Practical compliance → How intrusive are the cookies? Notice to users (pop-up vs. link) Ongoing debate re. OBA → “Article 29 Working Party” - Prior Opt-In required → DPC (FB Audit) – no clear industry practice at this time• If linked to personal data, also need to comply with general data protection rules• December 2012 → DPC letters to 80 websites 8
  9. 9. Buying Data Databrokers sell lists of contacts/leads Should be based on prior, informed, opt-in consent Lawful, but care needed Check the contract – look for Reps/Warranties re. privacy compliance How did the supplier get the information? Fair processing → need to inform the contact you have their personal data 9
  10. 10. Location Based Services/ Telematics Emerging trend Applying online-style analysis to the real world, e.g. store browsing; offering vouchers to nearby potential customers. Implement via RFID chips or mobile phone Specifically regulated Requires consent or anonymous data 10
  11. 11. Screen Scraping Automatically pulling data off a website Can breach “fair processing principle” and may lead litigation Ryanair v. Breach of Terms; IP infringement 11
  12. 12. Contacting Your Network• Basic Rule → B2C email – need prior consent (and an opt-out) → B2B email – must offer an opt-out• Practical Steps → Always get consent for B2C campaigns → Offer opt-out in email → Implement a system to record opt outs.• Consequences → Fine of €5,000 or (on indictment) €250,000 12
  13. 13. Future Developments: Data Protection Regulation Harmonise EU law Controversial → Further regulation Recent Parliament proposals → additional restrictions Council reservations Likely to come into force in 2015/2016 (If adopted) 13
  14. 14. Future Developments: Data Protection Regulation Key issues: → explicit consent → Restriction of “legitimate interests” → “right to be forgotten” → “privacy by design” → “privacy impact assessments” → 2% turnover fines 14
  15. 15. ASAI OBA Rules Likely to be based on ASA Rules (which come into force on 4 Feb 2013) → Third Parties (i.e. ad networks) must notify users → Users must be given an opportunity to “opt-out” → Advertisers must co-operate in identifying the Third Parties → Country of origin principle In addition to existing “cookies rules” 15
  16. 16. Concluding Thoughts Area of increasing value and importance to business, driven by technology BUT also an area of increasing regulatory attention Predication → Will continue to evolve and will likely become more central to business in the coming years. 16
  17. 17. Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January 01 6145078 17