Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMas...
Data: Your Key Asset Compliance → asset protection Core to business models    → Understanding customers    → Web 2.0    ...
Topics Learning about your network   → Basic Rules   → Current challenges Contacting your network The FutureGoal = Sell...
Learning About Your Network – Basic Rules “Fair Processing” → transparency Consent or legitimate interests Limited Purp...
Learning About Your Network – Current Issues Sensitive Personal Data Cookies Databrokers Location Based Services Scre...
“Sensitive” Personal Data→ Race, political/religious views, trade union membership,  health, sex life→ US Presidential Cam...
Cookies What are Cookies? Basis of OBA and website analytics New (2011) rules impose stringent disclosure obligations: ...
Cookies (2) Practical compliance → How intrusive are the cookies? Notice to users (pop-up vs. link) Ongoing debate re. ...
Buying Data Databrokers sell lists of contacts/leads Should be based on prior, informed, opt-in consent Lawful, but car...
Location Based Services/ Telematics Emerging trend Applying online-style analysis to the real world, e.g. store browsing...
Screen Scraping Automatically pulling data off a website Can breach “fair processing principle” and may lead litigation...
Contacting Your Network• Basic Rule    → B2C email – need prior consent (and an opt-out)    → B2B email – must offer an op...
Future Developments: Data Protection Regulation Harmonise EU law Controversial → Further regulation Recent Parliament p...
Future Developments: Data Protection Regulation Key issues:    → explicit consent    → Restriction of “legitimate interes...
ASAI OBA Rules Likely to be based on ASA Rules (which come into force on  4 Feb 2013)    → Third Parties (i.e. ad network...
Concluding Thoughts Area of increasing value and importance to business, driven  by technology BUT also an area of incre...
Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMas...
Upcoming SlideShare
Loading in …5
×

Knowing Me, Knowing You - Managing & Using Contact Information

540 views

Published on

Philip Nolan, Partner, Mason Hayes & Curran, discusses leveraging data for your business.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Knowing Me, Knowing You - Managing & Using Contact Information

  1. 1. Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January 2012pnolan@mhc.ie/ 01 6145078 1
  2. 2. Data: Your Key Asset Compliance → asset protection Core to business models → Understanding customers → Web 2.0 → Online advertising → Location based services /telematics → Analytics/Big Data → Greentech/smart grid 2
  3. 3. Topics Learning about your network → Basic Rules → Current challenges Contacting your network The FutureGoal = Selling to the right person at the right time 3
  4. 4. Learning About Your Network – Basic Rules “Fair Processing” → transparency Consent or legitimate interests Limited Purpose → define clear purposes Not proportionate → do I need this information? Retention → is this data still current? Do I still need this information? 4
  5. 5. Learning About Your Network – Current Issues Sensitive Personal Data Cookies Databrokers Location Based Services Screen ScrapingAll areas of increasing market, and regulatory, interest 5
  6. 6. “Sensitive” Personal Data→ Race, political/religious views, trade union membership, health, sex life→ US Presidential Campaign→ Healthcare Products→ Need explicit consent→ US approach may not work in EU 6
  7. 7. Cookies What are Cookies? Basis of OBA and website analytics New (2011) rules impose stringent disclosure obligations: → “Clear and comprehensive information” which is “prominently displayed and easily accessible” regarding the type of cookie being used and details of its purpose; → Consent, not “opt-out” → Exception for technically required cookies. 7
  8. 8. Cookies (2) Practical compliance → How intrusive are the cookies? Notice to users (pop-up vs. link) Ongoing debate re. OBA → “Article 29 Working Party” - Prior Opt-In required → DPC (FB Audit) – no clear industry practice at this time• If linked to personal data, also need to comply with general data protection rules• December 2012 → DPC letters to 80 websites 8
  9. 9. Buying Data Databrokers sell lists of contacts/leads Should be based on prior, informed, opt-in consent Lawful, but care needed Check the contract – look for Reps/Warranties re. privacy compliance How did the supplier get the information? Fair processing → need to inform the contact you have their personal data 9
  10. 10. Location Based Services/ Telematics Emerging trend Applying online-style analysis to the real world, e.g. store browsing; offering vouchers to nearby potential customers. Implement via RFID chips or mobile phone Specifically regulated Requires consent or anonymous data 10
  11. 11. Screen Scraping Automatically pulling data off a website Can breach “fair processing principle” and may lead litigation Ryanair v. Billigfluege.de Breach of Terms; IP infringement 11
  12. 12. Contacting Your Network• Basic Rule → B2C email – need prior consent (and an opt-out) → B2B email – must offer an opt-out• Practical Steps → Always get consent for B2C campaigns → Offer opt-out in email → Implement a system to record opt outs.• Consequences → Fine of €5,000 or (on indictment) €250,000 12
  13. 13. Future Developments: Data Protection Regulation Harmonise EU law Controversial → Further regulation Recent Parliament proposals → additional restrictions Council reservations Likely to come into force in 2015/2016 (If adopted) 13
  14. 14. Future Developments: Data Protection Regulation Key issues: → explicit consent → Restriction of “legitimate interests” → “right to be forgotten” → “privacy by design” → “privacy impact assessments” → 2% turnover fines 14
  15. 15. ASAI OBA Rules Likely to be based on ASA Rules (which come into force on 4 Feb 2013) → Third Parties (i.e. ad networks) must notify users → Users must be given an opportunity to “opt-out” → Advertisers must co-operate in identifying the Third Parties → Country of origin principle In addition to existing “cookies rules” 15
  16. 16. Concluding Thoughts Area of increasing value and importance to business, driven by technology BUT also an area of increasing regulatory attention Predication → Will continue to evolve and will likely become more central to business in the coming years. 16
  17. 17. Knowing me, Knowing you – Managing andUsing Contact InformationPhilip Nolan,Partner,Head of Privacy and Data ProtectionMason Hayes & Curran31 January 2012pnolan@mhc.ie/ 01 6145078 17

×