SlideShare a Scribd company logo
CREATIVE DESTRUCTION & PRIVACY
WHITEWASHING: WHERE DOES RISK
LIE?
Founder, Aurélie Pols & Associates
January 30th 2023
aurelie.pols@protonmail.com
1
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Data Governance & Privacy Engineer
Data is the New infrastructure – Privacy is the New Green – Trust is the New Currency
Dutch nationality, French mother tongue, works in English, lives in Spain (+kids!)
AURELIE POLS,
DATA GOVERNANCE
& PRIVACY ENGINEER
• DPO for mParticle (Customer Data platform) – contractor (USA, New York)
• Founder – Aurélie Pols & Associates
• Group expert member for the Observatory on the Online Platform Economy (E03607) – EU Commission
•Guest professor DPO certification courses Maastricht University, faculty of law (NL) & Solvay Business School
Brussels (B)
• Board Member European Center On Privacy and Security, Maastricht University (NL)
• Ethics Advisory Group (EAG) – European Data Protection Supervisor (EDPS) Towards a digital ethics
• Former Vice-chair P7002 – Data Privacy Process – IEEE
• Speaker/writer/consiglieri: Mobile World Congress, SWSX, Strata (+ Hadoop World), IAPP, Piwik, AT Internet,
industry associations, AdTech & MarTech vendors, …
2003:
OX2 Co-founder
Webanalytics.be
2008:
Sold to Digitas LBi
(Publicis)
2
Not former GAFAM
What I do for a living
In case you are (still) wondering ;-)
3
Interlocking liabilities & obligations
People
Company
(Telco,
Bank,
Insurance..)
Company
(Agency,
consultancy,
vendor, ...)
Cloud
provider
• Aligning contract obligations
• Risk
• (+ Mitigation measures?)
• Providing
• Security + Privacy
• Privacy engineering
• Design & Default(s)
B2C (+ B2B)
B2B
B2B
Privacy Notices
Lawful basis
Data Subject Rights
MSA
SOW
T&C
4
5
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
IAB’s CEO at Annual Leadership Meeting
1. (Privacy) extremists are political opportunists
2. Attacks to ”our” industry also from within => Apple
3. Opportunity for healthy competition: positive ∑, not zero ∑?
6
Source:
https://www.dataprotection
authority.be/iab-europe-
held-responsible-for-a-
mechanism-that-infringes-
the-gdpr
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Rise up? For what? For who exactly?
7
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Is the IAB spamming now?
8
The gathering has begun? Surely this is spam…
And no opt-out link? tsssss
🇨🇦
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Let’s blame Canada!
Perro ladrador poco mordedor
(bark but no teeth)
Why?
9
Source: https://www.priv.gc.ca/en/opc-news/news-and-announcements/2023/nr-c_230126/
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Had this been .. other than PIPEDA
Let’s speculate
1. The GDPR,
• A fine?
• Deletion obligations?
• At HomeDepot
• For their processors?
• (Notifications to data subjects?)
2. The US like CCPA/CPRA, Colorado, Connecticut, Virginia, Utah
• Opt-out obligations?
• A potential class action?
10
11
12
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Let’s go back to the story
“Home Depot shared details from e-receipts with Meta without the
knowledge or consent of customers”
Geography: 🇨🇦
Purpose of data processing: delivering e-receipts to HomeDepot
customers who purchased in store
Data involved? Email Personal information? ✅
Applicable law: PIPEDA
Program: Meta Platform Inc. Offline Conversions
13
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Taking a closer look at the data flows
“Information sent to Meta was used to verify if a customer had a
Facebook account.
If they did, Meta compared the person’s in-store purchases to Home
Depot’s advertisements sent over the platform to measure and report
on the effectiveness of those ads.
Meta’s Offline Conversions contractual terms also allowed it to use the
customer information for its own business purposes, including user
profiling and targeted advertising, unrelated to Home Depot”
14
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
In “privacy” obligations terms, the issues are:
i. sending PD/I to Meta beyond the purpose for the receipt (quid purpose
limitation principle?) requires some form of a lawful basis under GDPR
ii. Meta then engages in another data processing operation ie does the
user have a FB account? +
iii. FB compares to in-store purchases. isn't that data held by HomeDepot?
how does FB do that?
iv. to report on ad effectiveness ie another purpose in the interest of both
companies and
v. cross-mingle data between customer ie FB doesn't act as a data
processor or even service provider under CCPA/CPRA anymore!
15
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Justifications by HomeDepot
“Each email address Home Depot shared with Meta was encoded so
that it could not be read by individuals at Facebook. ”
“Home Depot said that it relied on implied consent and that its privacy
statement, accessible through its website and in print upon request at
retail locations, adequately explained that the company uses “de-
identified information for internal business purposes, such as
marketing, customer service, and business analytics” and that it “may
share information for business purposes,” including “with third parties.”
Home Depot also relied on Facebook’s privacy statement, which
explained the Offline Conversions program”
16
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
On the magic of de-identification
This does NOT work under the GDPR or any opt-in laws which require:
1. A lawful basis
• Implied consent is not one of them
• GDPR has 6, LGPD has 10, Chinese PIPL 7
2. A defined purpose
Please share broadly
https://edps.europa.eu/system/files/2021-04/
21-04-27_aepd-edps_anonymisation_en_5.pdf
17
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
10 misunderstandings related to anonymization
1. Pseudonimization is not anonymization
2. Encryption is not anonymization
3. Anonymization of data is always possible
4. Anonymization is forever
5. Anonymization always reduces the probability of re-identification to zero
6. Anonymization is a binary concept that can not be measured
7. Anonymization can be fully automated
8. Anonymization makes the data useless
9. Following an anonymization process used by others renders same results
10. There is no risk and no interest in finding out to whom this data refers to
18
The data is anonymous, privacy
law doesn’t apply
Privacy whitewashing #1
19
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Justifications by HomeDepot (II)
“... Meta employed an automated process that allowed it to match email
addresses attached to Facebook accounts.
Email addresses not already associated with a Facebook account could not
be linked to individuals.”
”The company said that it did not notify customers of its information sharing
agreement with Meta just prior to issuing e-receipts due to the risk of
“consent fatigue.””
Actually, under the GDPR, the initial data processing operation would NOT
require consent: the lawful basis would be contract.
For subsequent processes however, like ADM, art 22 would apply where a
data subject would have the Right NOT to be subject to it
20
The consumer consented
Privacy whitewashing #2
Follow up question is typically: to what exactly? PURPOSE
21
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Lessons learnt, now what?
The structure of how laws are built up really varies
Their consequences as well so what enforcement means
How enforcement is then accepted also
In the end this is all about change
“Home Depot was fully cooperative throughout the investigation and
has agreed to implement the OPC’s recommendations. The company
stopped sharing customer information with Meta in October 2022.”
22
The company will not do it
anymore/again
Privacy whitewashing #3
Follow up question is typically: how to make sure?
23
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
High level: opt-in vs. opt-out laws
Comparing roles in 2 major privacy laws:
GDPR is a horizontal law, which took 5 years to mature, is enshrined
within EU law (Charter + TFEU), enforced by supervisory authorities
CCPA was originally proposed as a ballot proposition by a privacy group
known as Californians for Consumer Privacy.
24
CCPA/CPRA GDPR
Business Data controller
Service provider Data processor
3rd party/data broker Joint controller Accountability
Fundam
ental right
Lim
ited rights
Data to support growth
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
US privacy law is sectoral
You’ve all heard of
COPPA, HIPAA, VPPA,
Fair Credit Act, …
And boy, is this
getting complicated!
P = right to opt-out of
processing for
profiling/targeted
advertising purposes
25
Source:
https://iapp.org/media/pdf/resource_ce
nter/State_Comp_Privacy_Law_Chart.pdf
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Purpose is taking center stage
Even in US state laws now: what is the data used for?
The scope of opt-outs vary by state:
1. VA, CO & CT enable consumers to opt-out of targeted advertising,
sale and profiling
2. UT enables consumers to opt-out of targeted advertising and sale of
data (but not profiling)
3. CA enables consumers to opt-out of sale & sharing + under CPRA,
when a business sees an opt-out preference signal (eg. GPC), it
must also opt the consumer out of from profiling
26
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Legislative evolutions: where is ePrivacy?
28
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
And yes there is more coming
29
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
But not just Europe and cookies: SDKs…
30
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Does section 230, DMA/DSA ring any bells?
31
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
ADM, ML & AI
Start here
Keep in mind
1. Lawful basis
2. Purpose
(limitation)
If PD/I
32
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
While AI brings back IP challenges
33
Source:
https://www.theverg
e.com/2023/1/17/23
558516/ai-art-
copyright-stable-
diffusion-getty-
images-lawsuit
Provenance of digital raw
material matters
Risks lie in lack of explainability for all actors involved in the data ecosystem
34
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates –
Data governance, the sexiest job of 2023?
35
Thank you for coming to my
presentation
Aurelie.pols@protonmail.com
36
Life is like a plate of spaghetti, everthing is interconnected
Life is like a box of chocolates, you never know what to expect!

More Related Content

What's hot

Tietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäTietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössä
Harto Pönkä
 
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmastaEU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
Harto Pönkä
 
AI in healthcare - SF Bay ACM chapter
AI in healthcare - SF Bay ACM chapterAI in healthcare - SF Bay ACM chapter
AI in healthcare - SF Bay ACM chapter
Alex Ermolaev
 
AI in Healthcare | Future of Smart Hospitals
AI in Healthcare | Future of Smart Hospitals AI in Healthcare | Future of Smart Hospitals
AI in Healthcare | Future of Smart Hospitals
Renee Yao
 
Gleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
Gleecus Whitepaper : Applications of Artificial Intelligence in HealthcareGleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
Gleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
Suprit Patra
 
Healthcare + AI: Use cases & Challenges
Healthcare + AI: Use cases & ChallengesHealthcare + AI: Use cases & Challenges
Healthcare + AI: Use cases & Challenges
Srinath Perera
 
The Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
The Future of Food: Amazing Lab Grown And 3D Printed Meat And FishThe Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
The Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
Bernard Marr
 
GDPR ja tietosuoja opetustoimessa
GDPR ja tietosuoja opetustoimessaGDPR ja tietosuoja opetustoimessa
GDPR ja tietosuoja opetustoimessa
Harto Pönkä
 
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklaiOlga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
Lietuvos kompiuterininkų sąjunga
 
Big data in healthcare
Big data in healthcareBig data in healthcare
Big data in healthcare
DeZyre
 
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessa
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessaTietosuojariskit opetuksen viestinnässä ja etäopetuksessa
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessa
Harto Pönkä
 
Oppimisanalytiikka, GDPR, tietosuoja ja etiikka
Oppimisanalytiikka, GDPR, tietosuoja ja etiikkaOppimisanalytiikka, GDPR, tietosuoja ja etiikka
Oppimisanalytiikka, GDPR, tietosuoja ja etiikka
Harto Pönkä
 
3D-Bioprinting coming of age-from cells to organs
3D-Bioprinting coming of age-from cells to organs3D-Bioprinting coming of age-from cells to organs
3D-Bioprinting coming of age-from cells to organs
Daniel Thomas
 
Artificial Intelligence Service in Healthcare
Artificial Intelligence Service in HealthcareArtificial Intelligence Service in Healthcare
Artificial Intelligence Service in Healthcare
Ankit Jain
 
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmastaSosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
Harto Pönkä
 
AI in the Covid-19 pandemic
AI in the Covid-19 pandemicAI in the Covid-19 pandemic
AI in the Covid-19 pandemic
Deakin University
 
Tietosuoja opetuksessa
Tietosuoja opetuksessaTietosuoja opetuksessa
Tietosuoja opetuksessa
Harto Pönkä
 
Machine Learning in Healthcare
Machine Learning in HealthcareMachine Learning in Healthcare
Machine Learning in Healthcare
BigR.io
 
Webinar on AI in Medical Diagnosis with Emerging Technologies
Webinar on AI in Medical Diagnosis with Emerging TechnologiesWebinar on AI in Medical Diagnosis with Emerging Technologies
Webinar on AI in Medical Diagnosis with Emerging Technologies
BIS Research Inc.
 
Tietosuojavastaavan nimittäminen ja tehtävät
Tietosuojavastaavan nimittäminen ja tehtävätTietosuojavastaavan nimittäminen ja tehtävät
Tietosuojavastaavan nimittäminen ja tehtävät
Harto Pönkä
 

What's hot (20)

Tietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäTietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössä
 
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmastaEU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
 
AI in healthcare - SF Bay ACM chapter
AI in healthcare - SF Bay ACM chapterAI in healthcare - SF Bay ACM chapter
AI in healthcare - SF Bay ACM chapter
 
AI in Healthcare | Future of Smart Hospitals
AI in Healthcare | Future of Smart Hospitals AI in Healthcare | Future of Smart Hospitals
AI in Healthcare | Future of Smart Hospitals
 
Gleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
Gleecus Whitepaper : Applications of Artificial Intelligence in HealthcareGleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
Gleecus Whitepaper : Applications of Artificial Intelligence in Healthcare
 
Healthcare + AI: Use cases & Challenges
Healthcare + AI: Use cases & ChallengesHealthcare + AI: Use cases & Challenges
Healthcare + AI: Use cases & Challenges
 
The Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
The Future of Food: Amazing Lab Grown And 3D Printed Meat And FishThe Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
The Future of Food: Amazing Lab Grown And 3D Printed Meat And Fish
 
GDPR ja tietosuoja opetustoimessa
GDPR ja tietosuoja opetustoimessaGDPR ja tietosuoja opetustoimessa
GDPR ja tietosuoja opetustoimessa
 
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklaiOlga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
Olga Kurasova. Dirbtinis intelektas ir neuroniniai tinklai
 
Big data in healthcare
Big data in healthcareBig data in healthcare
Big data in healthcare
 
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessa
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessaTietosuojariskit opetuksen viestinnässä ja etäopetuksessa
Tietosuojariskit opetuksen viestinnässä ja etäopetuksessa
 
Oppimisanalytiikka, GDPR, tietosuoja ja etiikka
Oppimisanalytiikka, GDPR, tietosuoja ja etiikkaOppimisanalytiikka, GDPR, tietosuoja ja etiikka
Oppimisanalytiikka, GDPR, tietosuoja ja etiikka
 
3D-Bioprinting coming of age-from cells to organs
3D-Bioprinting coming of age-from cells to organs3D-Bioprinting coming of age-from cells to organs
3D-Bioprinting coming of age-from cells to organs
 
Artificial Intelligence Service in Healthcare
Artificial Intelligence Service in HealthcareArtificial Intelligence Service in Healthcare
Artificial Intelligence Service in Healthcare
 
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmastaSosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
Sosiaalinen media, evästeet ja analytiikka tietosuojan näkökulmasta
 
AI in the Covid-19 pandemic
AI in the Covid-19 pandemicAI in the Covid-19 pandemic
AI in the Covid-19 pandemic
 
Tietosuoja opetuksessa
Tietosuoja opetuksessaTietosuoja opetuksessa
Tietosuoja opetuksessa
 
Machine Learning in Healthcare
Machine Learning in HealthcareMachine Learning in Healthcare
Machine Learning in Healthcare
 
Webinar on AI in Medical Diagnosis with Emerging Technologies
Webinar on AI in Medical Diagnosis with Emerging TechnologiesWebinar on AI in Medical Diagnosis with Emerging Technologies
Webinar on AI in Medical Diagnosis with Emerging Technologies
 
Tietosuojavastaavan nimittäminen ja tehtävät
Tietosuojavastaavan nimittäminen ja tehtävätTietosuojavastaavan nimittäminen ja tehtävät
Tietosuojavastaavan nimittäminen ja tehtävät
 

Similar to Creative destruction & Privacy Whitewashing: where does risk lie?

For Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCFFor Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCF
Aurélie Pols
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
Aurélie Pols
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
Aurélie Pols
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
Aurélie Pols
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcement
Aurélie Pols
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
Aurélie Pols
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer Trust
Aurélie Pols
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Aurélie Pols
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club
Aurélie Pols
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
Piwik PRO
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?
FLUZO
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.
jatharrison
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
mleyden
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting   the impacts of gdprCognizant business consulting   the impacts of gdpr
Cognizant business consulting the impacts of gdpr
audrey miguel
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
The Economist Media Businesses
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
SilverTech
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
Piwik PRO
 

Similar to Creative destruction & Privacy Whitewashing: where does risk lie? (20)

For Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCFFor Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCF
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcement
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer Trust
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting   the impacts of gdprCognizant business consulting   the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
 

More from Aurélie Pols

IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
Aurélie Pols
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global Village
Aurélie Pols
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?
Aurélie Pols
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
Aurélie Pols
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?
Aurélie Pols
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)
Aurélie Pols
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Aurélie Pols
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens
Aurélie Pols
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's Rights
Aurélie Pols
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?
Aurélie Pols
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for Superweek
Aurélie Pols
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - Keynote
Aurélie Pols
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataData
Aurélie Pols
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data Science
Aurélie Pols
 
Sibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital EthicsSibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital Ethics
Aurélie Pols
 
Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?
Aurélie Pols
 
Multi-tasking teams within cyber security departments
Multi-tasking teams within cyber security departmentsMulti-tasking teams within cyber security departments
Multi-tasking teams within cyber security departments
Aurélie Pols
 
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantageBIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
Aurélie Pols
 
Get data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design conceptGet data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design concept
Aurélie Pols
 
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New GreenBig Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Aurélie Pols
 

More from Aurélie Pols (20)

IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global Village
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's Rights
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for Superweek
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - Keynote
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataData
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data Science
 
Sibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital EthicsSibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital Ethics
 
Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?
 
Multi-tasking teams within cyber security departments
Multi-tasking teams within cyber security departmentsMulti-tasking teams within cyber security departments
Multi-tasking teams within cyber security departments
 
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantageBIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
 
Get data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design conceptGet data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design concept
 
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New GreenBig Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
 

Recently uploaded

Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
9ib5wiwt
 
The Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot CitizenshipThe Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot Citizenship
BridgeWest.eu
 
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxNATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
anvithaav
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW  AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW  AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
MwaiMapemba
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
46adnanshahzad
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
BridgeWest.eu
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
9ib5wiwt
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Gabe Whitley
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
Wendy Couture
 
VAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act PresentationVAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act Presentation
FernandoSimesBlanco1
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
9ib5wiwt
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
gaelcabigunda
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
nehatalele22st
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
Knowyourright
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
o6ov5dqmf
 

Recently uploaded (20)

Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
 
The Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot CitizenshipThe Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot Citizenship
 
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxNATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW  AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW  AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
 
VAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act PresentationVAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act Presentation
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
 

Creative destruction & Privacy Whitewashing: where does risk lie?

  • 1. CREATIVE DESTRUCTION & PRIVACY WHITEWASHING: WHERE DOES RISK LIE? Founder, Aurélie Pols & Associates January 30th 2023 aurelie.pols@protonmail.com 1
  • 2. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Data Governance & Privacy Engineer Data is the New infrastructure – Privacy is the New Green – Trust is the New Currency Dutch nationality, French mother tongue, works in English, lives in Spain (+kids!) AURELIE POLS, DATA GOVERNANCE & PRIVACY ENGINEER • DPO for mParticle (Customer Data platform) – contractor (USA, New York) • Founder – Aurélie Pols & Associates • Group expert member for the Observatory on the Online Platform Economy (E03607) – EU Commission •Guest professor DPO certification courses Maastricht University, faculty of law (NL) & Solvay Business School Brussels (B) • Board Member European Center On Privacy and Security, Maastricht University (NL) • Ethics Advisory Group (EAG) – European Data Protection Supervisor (EDPS) Towards a digital ethics • Former Vice-chair P7002 – Data Privacy Process – IEEE • Speaker/writer/consiglieri: Mobile World Congress, SWSX, Strata (+ Hadoop World), IAPP, Piwik, AT Internet, industry associations, AdTech & MarTech vendors, … 2003: OX2 Co-founder Webanalytics.be 2008: Sold to Digitas LBi (Publicis) 2 Not former GAFAM
  • 3. What I do for a living In case you are (still) wondering ;-) 3
  • 4. Interlocking liabilities & obligations People Company (Telco, Bank, Insurance..) Company (Agency, consultancy, vendor, ...) Cloud provider • Aligning contract obligations • Risk • (+ Mitigation measures?) • Providing • Security + Privacy • Privacy engineering • Design & Default(s) B2C (+ B2B) B2B B2B Privacy Notices Lawful basis Data Subject Rights MSA SOW T&C 4
  • 5. 5
  • 6. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – IAB’s CEO at Annual Leadership Meeting 1. (Privacy) extremists are political opportunists 2. Attacks to ”our” industry also from within => Apple 3. Opportunity for healthy competition: positive ∑, not zero ∑? 6 Source: https://www.dataprotection authority.be/iab-europe- held-responsible-for-a- mechanism-that-infringes- the-gdpr
  • 7. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Rise up? For what? For who exactly? 7
  • 8. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Is the IAB spamming now? 8 The gathering has begun? Surely this is spam… And no opt-out link? tsssss 🇨🇦
  • 9. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Let’s blame Canada! Perro ladrador poco mordedor (bark but no teeth) Why? 9 Source: https://www.priv.gc.ca/en/opc-news/news-and-announcements/2023/nr-c_230126/
  • 10. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Had this been .. other than PIPEDA Let’s speculate 1. The GDPR, • A fine? • Deletion obligations? • At HomeDepot • For their processors? • (Notifications to data subjects?) 2. The US like CCPA/CPRA, Colorado, Connecticut, Virginia, Utah • Opt-out obligations? • A potential class action? 10
  • 11. 11
  • 12. 12
  • 13. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Let’s go back to the story “Home Depot shared details from e-receipts with Meta without the knowledge or consent of customers” Geography: 🇨🇦 Purpose of data processing: delivering e-receipts to HomeDepot customers who purchased in store Data involved? Email Personal information? ✅ Applicable law: PIPEDA Program: Meta Platform Inc. Offline Conversions 13
  • 14. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Taking a closer look at the data flows “Information sent to Meta was used to verify if a customer had a Facebook account. If they did, Meta compared the person’s in-store purchases to Home Depot’s advertisements sent over the platform to measure and report on the effectiveness of those ads. Meta’s Offline Conversions contractual terms also allowed it to use the customer information for its own business purposes, including user profiling and targeted advertising, unrelated to Home Depot” 14
  • 15. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – In “privacy” obligations terms, the issues are: i. sending PD/I to Meta beyond the purpose for the receipt (quid purpose limitation principle?) requires some form of a lawful basis under GDPR ii. Meta then engages in another data processing operation ie does the user have a FB account? + iii. FB compares to in-store purchases. isn't that data held by HomeDepot? how does FB do that? iv. to report on ad effectiveness ie another purpose in the interest of both companies and v. cross-mingle data between customer ie FB doesn't act as a data processor or even service provider under CCPA/CPRA anymore! 15
  • 16. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Justifications by HomeDepot “Each email address Home Depot shared with Meta was encoded so that it could not be read by individuals at Facebook. ” “Home Depot said that it relied on implied consent and that its privacy statement, accessible through its website and in print upon request at retail locations, adequately explained that the company uses “de- identified information for internal business purposes, such as marketing, customer service, and business analytics” and that it “may share information for business purposes,” including “with third parties.” Home Depot also relied on Facebook’s privacy statement, which explained the Offline Conversions program” 16
  • 17. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – On the magic of de-identification This does NOT work under the GDPR or any opt-in laws which require: 1. A lawful basis • Implied consent is not one of them • GDPR has 6, LGPD has 10, Chinese PIPL 7 2. A defined purpose Please share broadly https://edps.europa.eu/system/files/2021-04/ 21-04-27_aepd-edps_anonymisation_en_5.pdf 17
  • 18. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – 10 misunderstandings related to anonymization 1. Pseudonimization is not anonymization 2. Encryption is not anonymization 3. Anonymization of data is always possible 4. Anonymization is forever 5. Anonymization always reduces the probability of re-identification to zero 6. Anonymization is a binary concept that can not be measured 7. Anonymization can be fully automated 8. Anonymization makes the data useless 9. Following an anonymization process used by others renders same results 10. There is no risk and no interest in finding out to whom this data refers to 18
  • 19. The data is anonymous, privacy law doesn’t apply Privacy whitewashing #1 19
  • 20. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Justifications by HomeDepot (II) “... Meta employed an automated process that allowed it to match email addresses attached to Facebook accounts. Email addresses not already associated with a Facebook account could not be linked to individuals.” ”The company said that it did not notify customers of its information sharing agreement with Meta just prior to issuing e-receipts due to the risk of “consent fatigue.”” Actually, under the GDPR, the initial data processing operation would NOT require consent: the lawful basis would be contract. For subsequent processes however, like ADM, art 22 would apply where a data subject would have the Right NOT to be subject to it 20
  • 21. The consumer consented Privacy whitewashing #2 Follow up question is typically: to what exactly? PURPOSE 21
  • 22. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Lessons learnt, now what? The structure of how laws are built up really varies Their consequences as well so what enforcement means How enforcement is then accepted also In the end this is all about change “Home Depot was fully cooperative throughout the investigation and has agreed to implement the OPC’s recommendations. The company stopped sharing customer information with Meta in October 2022.” 22
  • 23. The company will not do it anymore/again Privacy whitewashing #3 Follow up question is typically: how to make sure? 23
  • 24. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – High level: opt-in vs. opt-out laws Comparing roles in 2 major privacy laws: GDPR is a horizontal law, which took 5 years to mature, is enshrined within EU law (Charter + TFEU), enforced by supervisory authorities CCPA was originally proposed as a ballot proposition by a privacy group known as Californians for Consumer Privacy. 24 CCPA/CPRA GDPR Business Data controller Service provider Data processor 3rd party/data broker Joint controller Accountability Fundam ental right Lim ited rights Data to support growth
  • 25. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – US privacy law is sectoral You’ve all heard of COPPA, HIPAA, VPPA, Fair Credit Act, … And boy, is this getting complicated! P = right to opt-out of processing for profiling/targeted advertising purposes 25 Source: https://iapp.org/media/pdf/resource_ce nter/State_Comp_Privacy_Law_Chart.pdf
  • 26. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Purpose is taking center stage Even in US state laws now: what is the data used for? The scope of opt-outs vary by state: 1. VA, CO & CT enable consumers to opt-out of targeted advertising, sale and profiling 2. UT enables consumers to opt-out of targeted advertising and sale of data (but not profiling) 3. CA enables consumers to opt-out of sale & sharing + under CPRA, when a business sees an opt-out preference signal (eg. GPC), it must also opt the consumer out of from profiling 26
  • 27. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Legislative evolutions: where is ePrivacy? 28
  • 28. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – And yes there is more coming 29
  • 29. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – But not just Europe and cookies: SDKs… 30
  • 30. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Does section 230, DMA/DSA ring any bells? 31
  • 31. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – ADM, ML & AI Start here Keep in mind 1. Lawful basis 2. Purpose (limitation) If PD/I 32
  • 32. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – While AI brings back IP challenges 33 Source: https://www.theverg e.com/2023/1/17/23 558516/ai-art- copyright-stable- diffusion-getty- images-lawsuit
  • 33. Provenance of digital raw material matters Risks lie in lack of explainability for all actors involved in the data ecosystem 34
  • 34. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Data governance, the sexiest job of 2023? 35
  • 35. Thank you for coming to my presentation Aurelie.pols@protonmail.com 36 Life is like a plate of spaghetti, everthing is interconnected Life is like a box of chocolates, you never know what to expect!