SlideShare a Scribd company logo

For Superweek 2022: discussing risk using IAB's TCF

Aurélie Pols
Aurélie Pols

This document discusses the legality of real-time bidding (RTB) under GDPR and who bears the risk of non-compliance. It notes that RTB involves broadcasting personal data internationally to various entities without ensuring proper deletion or purpose limitations. This violates GDPR principles. While the IAB claims its transparency and consent framework addresses this, investigations found ongoing issues. The document argues RTB likely violates GDPR and publishers may ultimately be responsible as data controllers, though determining clear liability is difficult given interlocking obligations of many involved parties. Education is needed on privacy risks to help achieve compliance.

Data & Analytics
1 of 29
Download to read offline
IAB'S TCF, FROM STANDARD (?) TO UNLAWFUL PROCESSING: WHO ENDS UP WITH NON-COMPLIANCE RISKS? Founder, Aurélie Pols & Associates February 1st 2022 aurelie.pols@protonmail.com 1
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Data Governance & Privacy Engineer Data is the New infrastructure – Privacy is the New Green – Trust is the New Currency Dutch nationality, French mother tongue, works in English, lives in Spain AURELIE POLS, DATA GOVERNANCE & PRIVACY ENGINEER • DPO for mParticle (Customer Data platform) – contractor (USA, New York) • Founder – Aurélie Pols & Associates • Expert Advisory Board (EAB) member - Panelfit (EU H2020 No 788039) • Group expert member for the Observatory on the Online Platform Economy (E03607) – EU Commission •Guest professor DPO certification courses Maastricht University, faculty of law (NL) & Solvay Business School Brussels (B) • Board Member European Center On Privacy and Security, Maastricht University (NL) • Ethics Advisory Group (EAG) – European Data Protection Supervisor (EDPS) Towards a digital ethics • Former Vice-chair P7002 – Data Privacy Process – IEEE • Speaker/writer/consiglieri: Mobile World Congress, SWSX, Strata (+ Hadoop World), IAPP, Piwik, AT Internet, industry associations, AdTech & MarTech vendors, … 2003: OX2 Co-founder Webanalytics.be 2008: Sold to Digitas LBi (Publicis) 2
What I do for a living In case you’re wondering ;-) 3
Interlocking liabilities & obligations People Company (Telco, Bank, Insurance..) Company (Agency, consultancy, vendor, ...) Cloud provider • Aligning contract obligations • (+ enforcement?) • Providing • Security • Privacy features • Privacy engineering B2C B2B B2B Privacy policies Consent MSA SOW T&C 4
IAB’s TCF on RTB A little bit of history 5
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – There’s this guy in Ireland who talks of RTB 6 Video here: https://vimeo.com/670735163
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – He has been tackling this subject First as a publisher, then working for a browser and now at an NGO 7 Link https://iabeurope.eu/transparency-consent-framework/
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The problem? 8 https://www.dataprotectionauthority.be/citizen/belgian-dpa-sends-its-draft-decision-in-the-iab-europe-case-to-european-counterparts
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The “privacy freedom fighter” angle 9 Link https://www.iccl.ie/digital- data/apd-iab-findings/
10
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Independent audit? 11 Link https://iabeurope. eu/blog/iab- europe-launches- new-tcf-vendor- compliance- programme/
12
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – IAB side 13 Link https://iabeurop e.eu/blog/vendo r-compliance-in- the-tcf-what-it- is-and-what-it- isnt/
Taking a step back From the playground 14
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – It started with denial 1. Advertising IDs are not PII, right? 2. Let’s ignore the concept of purpose limitation 3. The only lawful basis that exist is consent Ø US notion of notice & choice 4. Keeping the data for ever is not an issue 5. Fairness is an impossible concept to respect Ø Let’s ignore the also US notion of discrimination (eg. FCRA) 6. Sprinkle on top some security if really, really needed 15
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Yet the law is closing in 2 main reasons according to Johnny Ryan, for those who understand how RTB works: 1. The biggest data breach in history 2. Enfrindging the purpose limitation principle ← NEW!!! 16
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – More specifically 17 Is there a week without any notice of Google enfringement?
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Translating this into GDPR lingo Back to basics: 1. Personal data is broader than PII, personally identifiable information 2. For data to be lawfully processed, a legal basis is required 1. This works per purpose ie data flow 2. Someone should tell Apple it’s not device only (ATT) 3. Data subjects have Rights 4. International data transfers are subject to conditions 18
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Words matter so much 19 Personal data - GDPR Personal information - CCPA Personally Indentifiable Information – ??? Sensitive Data – US COPPA, HIPAA, Infosec teams Special categories of Data – GDPR Financial data
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Problems of legality with RTB The initial issues with RTB are: An international broadcast of personal data to a variety of legal entities 1. If the auction is lost, 1. Are these legal entities deleting personal data? 2. Are these legal entities using those IDs for something else? (purpose limitation) 2. If the auction is won, 1. the personal data is passed onto other entities to fulfil the processing operations of 1. Delivering the ad to the chosen profile on the chosen medium (Ad network + publisher) 2. Delivering the reporting around the advertising operation 20
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Looking at it from the data subjects’ side 2 main questions arise from the data suject side: 1. Notice: how is the user notified of all the legal entities that receive her personal data? And for which purpose? 2. Rights: if the user wanted to exercise her rights to access, deletion, rectification, objection, portability and non-profiling, how would that work? Both obligations lie with the data controller ie the publisher 21
Who is responsible? Where does the risk lie? 22
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – This happened last week Munich State Court finds use of Google Fonts in violation of GDPR and grants compensation of 100€ Legitimate interest didn't apply. The website operator could have integrated the fonts directly into their website, thereby avoiding sending IP addresses to Google. Small sum and yet, this is about actual compensation! "The defendant is ordered to pay the plaintiff € 100.00 plus interest thereon in the amount of 5 percentage points above the base rate since 28.01.2021." https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/ 23
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Another example Spotify to support portability 24
Privacy fighting for engineering resources But who asks for what? Where does the risk lie? Education is essential 25
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Who gains? 26
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The worst job today? 27 Link https://iabeurope.eu/blog/wa nt-to-join-the-iab-europe- team-new-position-available- privacy-counsel/
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Conclusion • Is RTB legal? Probably not • Who takes on the risk? • Not the IAB • Not the vendors • The publishers maybe? • Who wants to punish the publishers? • …. • Question everything! • As Chris said, there are different angles. Always! Find the (risk) balance 28
Thank you for listening Aurelie.pols@protonmail.com 29

Recommended

The roadmap
The roadmapThe roadmap
The roadmap
DougHall64
 
Conversion Tracking Optionen im Vergleich
Conversion Tracking Optionen im VergleichConversion Tracking Optionen im Vergleich
Conversion Tracking Optionen im Vergleich
📊 Markus Baersch
 
The future of regulation: Principles for regulating emerging technologies
The future of regulation: Principles for regulating emerging technologiesThe future of regulation: Principles for regulating emerging technologies
The future of regulation: Principles for regulating emerging technologies
Deloitte United States
 
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
Lexing - Belgium
 
Sosiaalinen media tietosuojan näkökulmasta
Sosiaalinen media tietosuojan näkökulmastaSosiaalinen media tietosuojan näkökulmasta
Sosiaalinen media tietosuojan näkökulmasta
Harto Pönkä
 
Artificial Intelligence: Have No Fear
Artificial Intelligence: Have No FearArtificial Intelligence: Have No Fear
Artificial Intelligence: Have No Fear
Boston Consulting Group
 
Bcg cii report - one consumer, many interactions - december 2018
Bcg cii report - one consumer, many interactions - december 2018Bcg cii report - one consumer, many interactions - december 2018
Bcg cii report - one consumer, many interactions - december 2018
Social Samosa
 
Win The Fight: Crush and Contain for Safer Reopening
Win The Fight: Crush and Contain for Safer Reopening Win The Fight: Crush and Contain for Safer Reopening
Win The Fight: Crush and Contain for Safer Reopening
Boston Consulting Group
 

Recommended

The roadmap
The roadmapThe roadmap
The roadmap
DougHall64
 
Conversion Tracking Optionen im Vergleich
Conversion Tracking Optionen im VergleichConversion Tracking Optionen im Vergleich
Conversion Tracking Optionen im Vergleich
📊 Markus Baersch
 
The future of regulation: Principles for regulating emerging technologies
The future of regulation: Principles for regulating emerging technologiesThe future of regulation: Principles for regulating emerging technologies
The future of regulation: Principles for regulating emerging technologies
Deloitte United States
 
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
RGPD : 5 ans après, quel bilan ? L’APD de plus en plus sévère : zoom sur les ...
Lexing - Belgium
 
Sosiaalinen media tietosuojan näkökulmasta
Sosiaalinen media tietosuojan näkökulmastaSosiaalinen media tietosuojan näkökulmasta
Sosiaalinen media tietosuojan näkökulmasta
Harto Pönkä
 
Artificial Intelligence: Have No Fear
Artificial Intelligence: Have No FearArtificial Intelligence: Have No Fear
Artificial Intelligence: Have No Fear
Boston Consulting Group
 
Bcg cii report - one consumer, many interactions - december 2018
Bcg cii report - one consumer, many interactions - december 2018Bcg cii report - one consumer, many interactions - december 2018
Bcg cii report - one consumer, many interactions - december 2018
Social Samosa
 
Win The Fight: Crush and Contain for Safer Reopening
Win The Fight: Crush and Contain for Safer Reopening Win The Fight: Crush and Contain for Safer Reopening
Win The Fight: Crush and Contain for Safer Reopening
Boston Consulting Group
 
FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2
Mariyan Dimitrov
 
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the NumbersBridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Boston Consulting Group
 
2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report
Boston Consulting Group
 
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Jess Lee
 
Fjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications IndustryFjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications Industry
accenture
 
Driving Change in Racial Equity
Driving Change in Racial Equity Driving Change in Racial Equity
Driving Change in Racial Equity
Boston Consulting Group
 
Welcome to the Digital Revolution
Welcome to the Digital RevolutionWelcome to the Digital Revolution
Welcome to the Digital Revolution
Dominique Netto
 
2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing
McKinsey & Company
 
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
Lexing - Belgium
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
accenture
 
How Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at HomeHow Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at Home
Boston Consulting Group
 
Tietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussaTietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussa
Harto Pönkä
 
Retail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey FindingsRetail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey Findings
Boston Consulting Group
 
RGPD
RGPDRGPD
RGPD
Benoît Chantre
 
ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking
Thoughtworks
 
True Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCGTrue Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCG
Gabriela Otto
 
The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022
accenture
 
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmastaEU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
Harto Pönkä
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 Days
TrustArc
 
The Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profitsThe Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profits
Boston Consulting Group
 
Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie?
Aurélie Pols
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
Aurélie Pols
 

More Related Content

What's hot

FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2
Mariyan Dimitrov
 
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the NumbersBridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Boston Consulting Group
 
2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report
Boston Consulting Group
 
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Jess Lee
 
Fjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications IndustryFjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications Industry
accenture
 
Driving Change in Racial Equity
Driving Change in Racial Equity Driving Change in Racial Equity
Driving Change in Racial Equity
Boston Consulting Group
 
Welcome to the Digital Revolution
Welcome to the Digital RevolutionWelcome to the Digital Revolution
Welcome to the Digital Revolution
Dominique Netto
 
2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing
McKinsey & Company
 
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
Lexing - Belgium
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
accenture
 
How Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at HomeHow Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at Home
Boston Consulting Group
 
Tietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussaTietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussa
Harto Pönkä
 
Retail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey FindingsRetail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey Findings
Boston Consulting Group
 
RGPD
RGPDRGPD
RGPD
Benoît Chantre
 
ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking
Thoughtworks
 
True Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCGTrue Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCG
Gabriela Otto
 
The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022
accenture
 
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmastaEU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
Harto Pönkä
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 Days
TrustArc
 
The Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profitsThe Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profits
Boston Consulting Group
 

What's hot (20)

FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2FintechOS Corporate Deck 20.2
FintechOS Corporate Deck 20.2
 
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the NumbersBridging the Trust Gap: Data Misuse and Stewardship by the Numbers
Bridging the Trust Gap: Data Misuse and Stewardship by the Numbers
 
2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report2019 CPG Growth Leaders Report
2019 CPG Growth Leaders Report
 
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
Content + Community + Commerce -- Polyvore @ Commercism by 500 Startups March...
 
Fjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications IndustryFjord Trends 2022: Communications Industry
Fjord Trends 2022: Communications Industry
 
Driving Change in Racial Equity
Driving Change in Racial Equity Driving Change in Racial Equity
Driving Change in Racial Equity
 
Welcome to the Digital Revolution
Welcome to the Digital RevolutionWelcome to the Digital Revolution
Welcome to the Digital Revolution
 
2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing2020 Women in the Workplace Participant Briefing
2020 Women in the Workplace Participant Briefing
 
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
earlegal#7 - influenceurs et marques, quels sont les contours juridiques ?
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
 
How Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at HomeHow Companies in Emerging Markets Are Winning at Home
How Companies in Emerging Markets Are Winning at Home
 
Tietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussaTietosuoja ja digitaalinen turvallisuus koulussa
Tietosuoja ja digitaalinen turvallisuus koulussa
 
Retail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey FindingsRetail Banking in the New Reality – Summary Survey Findings
Retail Banking in the New Reality – Summary Survey Findings
 
RGPD
RGPDRGPD
RGPD
 
ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking ThoughtWorks: Monetising Open Banking
ThoughtWorks: Monetising Open Banking
 
True Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCGTrue Luxury - 2014/2015 - BCG
True Luxury - 2014/2015 - BCG
 
The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022The Industrialist: Trends & Innovations - July 2022
The Industrialist: Trends & Innovations - July 2022
 
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmastaEU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
EU:n yleinen tietosuoja-asetus oppilaitosten ja opettajien näkökulmasta
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 Days
 
The Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profitsThe Great Mobility Tech Race: Winning the battle for future profits
The Great Mobility Tech Race: Winning the battle for future profits
 

Similar to For Superweek 2022: discussing risk using IAB's TCF

Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie?
Aurélie Pols
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
Aurélie Pols
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcement
Aurélie Pols
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Aurélie Pols
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club
Aurélie Pols
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
Aurélie Pols
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
Aurélie Pols
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
Aurélie Pols
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
Piwik PRO
 
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
Aurélie Pols
 
A Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyA Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer Privacy
Aurélie Pols
 
The Data Pitch call
The Data Pitch callThe Data Pitch call
The Data Pitch call
Elena Simperl
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer Trust
Aurélie Pols
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
e-SIDES.eu
 
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
Feroot
 
Data is the new oil, privacy is the new green - Eye4Travel Amsterdam
Data is the new oil, privacy is the new green - Eye4Travel AmsterdamData is the new oil, privacy is the new green - Eye4Travel Amsterdam
Data is the new oil, privacy is the new green - Eye4Travel Amsterdam
Aurélie Pols
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Burton Lee
 

Similar to For Superweek 2022: discussing risk using IAB's TCF (20)

Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie?
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcement
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
Webit Global Congress - Leaders of the Future Summit - Privacy and Data Prote...
 
A Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyA Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer Privacy
 
The Data Pitch call
The Data Pitch callThe Data Pitch call
The Data Pitch call
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse final
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer Trust
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
 
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
 
Data is the new oil, privacy is the new green - Eye4Travel Amsterdam
Data is the new oil, privacy is the new green - Eye4Travel AmsterdamData is the new oil, privacy is the new green - Eye4Travel Amsterdam
Data is the new oil, privacy is the new green - Eye4Travel Amsterdam
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
 

More from Aurélie Pols

IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
Aurélie Pols
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global Village
Aurélie Pols
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?
Aurélie Pols
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
Aurélie Pols
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?
Aurélie Pols
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)
Aurélie Pols
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Aurélie Pols
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens
Aurélie Pols
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's Rights
Aurélie Pols
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?
Aurélie Pols
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for Superweek
Aurélie Pols
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - Keynote
Aurélie Pols
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataData
Aurélie Pols
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data Science
Aurélie Pols
 
Sibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital EthicsSibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital Ethics
Aurélie Pols
 
Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?
Aurélie Pols
 
Multi-tasking teams within cyber security departments
Multi-tasking teams within cyber security departmentsMulti-tasking teams within cyber security departments
Multi-tasking teams within cyber security departments
Aurélie Pols
 
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantageBIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
Aurélie Pols
 
Get data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design conceptGet data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design concept
Aurélie Pols
 
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New GreenBig Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Aurélie Pols
 

More from Aurélie Pols (20)

IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global Village
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's Rights
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for Superweek
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - Keynote
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataData
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data Science
 
Sibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital EthicsSibos INNOTRIBE Digital Ethics
Sibos INNOTRIBE Digital Ethics
 
Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?Superweek 2016 Would You Lie to Your Physician?
Superweek 2016 Would You Lie to Your Physician?
 
Multi-tasking teams within cyber security departments
Multi-tasking teams within cyber security departmentsMulti-tasking teams within cyber security departments
Multi-tasking teams within cyber security departments
 
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantageBIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantage
 
Get data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design conceptGet data without the creepiness factor, the privacy by design concept
Get data without the creepiness factor, the privacy by design concept
 
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New GreenBig Data Big Ideas: Data is the New Oil, Privacy is the New Green
Big Data Big Ideas: Data is the New Oil, Privacy is the New Green
 

Recently uploaded

【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
NABLAS株式会社
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
nscud
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
John Andrews
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Subhajit Sahu
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
ewymefz
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
u86oixdj
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
benishzehra469
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
vcaxypu
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
axoqas
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
yhkoc
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
ahzuo
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
enxupq
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 

Recently uploaded (20)

【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 

For Superweek 2022: discussing risk using IAB's TCF

  • 1. IAB'S TCF, FROM STANDARD (?) TO UNLAWFUL PROCESSING: WHO ENDS UP WITH NON-COMPLIANCE RISKS? Founder, Aurélie Pols & Associates February 1st 2022 aurelie.pols@protonmail.com 1
  • 2. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Data Governance & Privacy Engineer Data is the New infrastructure – Privacy is the New Green – Trust is the New Currency Dutch nationality, French mother tongue, works in English, lives in Spain AURELIE POLS, DATA GOVERNANCE & PRIVACY ENGINEER • DPO for mParticle (Customer Data platform) – contractor (USA, New York) • Founder – Aurélie Pols & Associates • Expert Advisory Board (EAB) member - Panelfit (EU H2020 No 788039) • Group expert member for the Observatory on the Online Platform Economy (E03607) – EU Commission •Guest professor DPO certification courses Maastricht University, faculty of law (NL) & Solvay Business School Brussels (B) • Board Member European Center On Privacy and Security, Maastricht University (NL) • Ethics Advisory Group (EAG) – European Data Protection Supervisor (EDPS) Towards a digital ethics • Former Vice-chair P7002 – Data Privacy Process – IEEE • Speaker/writer/consiglieri: Mobile World Congress, SWSX, Strata (+ Hadoop World), IAPP, Piwik, AT Internet, industry associations, AdTech & MarTech vendors, … 2003: OX2 Co-founder Webanalytics.be 2008: Sold to Digitas LBi (Publicis) 2
  • 3. What I do for a living In case you’re wondering ;-) 3
  • 4. Interlocking liabilities & obligations People Company (Telco, Bank, Insurance..) Company (Agency, consultancy, vendor, ...) Cloud provider • Aligning contract obligations • (+ enforcement?) • Providing • Security • Privacy features • Privacy engineering B2C B2B B2B Privacy policies Consent MSA SOW T&C 4
  • 5. IAB’s TCF on RTB A little bit of history 5
  • 6. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – There’s this guy in Ireland who talks of RTB 6 Video here: https://vimeo.com/670735163
  • 7. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – He has been tackling this subject First as a publisher, then working for a browser and now at an NGO 7 Link https://iabeurope.eu/transparency-consent-framework/
  • 8. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The problem? 8 https://www.dataprotectionauthority.be/citizen/belgian-dpa-sends-its-draft-decision-in-the-iab-europe-case-to-european-counterparts
  • 9. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The “privacy freedom fighter” angle 9 Link https://www.iccl.ie/digital- data/apd-iab-findings/
  • 10. 10
  • 11. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Independent audit? 11 Link https://iabeurope. eu/blog/iab- europe-launches- new-tcf-vendor- compliance- programme/
  • 12. 12
  • 13. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – IAB side 13 Link https://iabeurop e.eu/blog/vendo r-compliance-in- the-tcf-what-it- is-and-what-it- isnt/
  • 14. Taking a step back From the playground 14
  • 15. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – It started with denial 1. Advertising IDs are not PII, right? 2. Let’s ignore the concept of purpose limitation 3. The only lawful basis that exist is consent Ø US notion of notice & choice 4. Keeping the data for ever is not an issue 5. Fairness is an impossible concept to respect Ø Let’s ignore the also US notion of discrimination (eg. FCRA) 6. Sprinkle on top some security if really, really needed 15
  • 16. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Yet the law is closing in 2 main reasons according to Johnny Ryan, for those who understand how RTB works: 1. The biggest data breach in history 2. Enfrindging the purpose limitation principle ← NEW!!! 16
  • 17. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – More specifically 17 Is there a week without any notice of Google enfringement?
  • 18. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Translating this into GDPR lingo Back to basics: 1. Personal data is broader than PII, personally identifiable information 2. For data to be lawfully processed, a legal basis is required 1. This works per purpose ie data flow 2. Someone should tell Apple it’s not device only (ATT) 3. Data subjects have Rights 4. International data transfers are subject to conditions 18
  • 19. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Words matter so much 19 Personal data - GDPR Personal information - CCPA Personally Indentifiable Information – ??? Sensitive Data – US COPPA, HIPAA, Infosec teams Special categories of Data – GDPR Financial data
  • 20. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Problems of legality with RTB The initial issues with RTB are: An international broadcast of personal data to a variety of legal entities 1. If the auction is lost, 1. Are these legal entities deleting personal data? 2. Are these legal entities using those IDs for something else? (purpose limitation) 2. If the auction is won, 1. the personal data is passed onto other entities to fulfil the processing operations of 1. Delivering the ad to the chosen profile on the chosen medium (Ad network + publisher) 2. Delivering the reporting around the advertising operation 20
  • 21. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Looking at it from the data subjects’ side 2 main questions arise from the data suject side: 1. Notice: how is the user notified of all the legal entities that receive her personal data? And for which purpose? 2. Rights: if the user wanted to exercise her rights to access, deletion, rectification, objection, portability and non-profiling, how would that work? Both obligations lie with the data controller ie the publisher 21
  • 22. Who is responsible? Where does the risk lie? 22
  • 23. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – This happened last week Munich State Court finds use of Google Fonts in violation of GDPR and grants compensation of 100€ Legitimate interest didn't apply. The website operator could have integrated the fonts directly into their website, thereby avoiding sending IP addresses to Google. Small sum and yet, this is about actual compensation! "The defendant is ordered to pay the plaintiff € 100.00 plus interest thereon in the amount of 5 percentage points above the base rate since 28.01.2021." https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/ 23
  • 24. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Another example Spotify to support portability 24
  • 25. Privacy fighting for engineering resources But who asks for what? Where does the risk lie? Education is essential 25
  • 26. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Who gains? 26
  • 27. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – The worst job today? 27 Link https://iabeurope.eu/blog/wa nt-to-join-the-iab-europe- team-new-position-available- privacy-counsel/
  • 28. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Conclusion • Is RTB legal? Probably not • Who takes on the risk? • Not the IAB • Not the vendors • The publishers maybe? • Who wants to punish the publishers? • …. • Question everything! • As Chris said, there are different angles. Always! Find the (risk) balance 28
  • 29. Thank you for listening Aurelie.pols@protonmail.com 29