A tale of caution about lack of transparency and rolling heads. Pragmatic Data Privacy take-aways for an era of Digital Entanglement and fluid Privacy legislation. See superweek.hu
Turning Analysis into Action with APIs - Superweek2017Mark Edmondson
Presentation given by Peter Meyer and Mark Edmondson and Superweek 2017 in Hungary. Includes three examples of using APIs in a tag management solution to give better data to make decisions and use predictions. 1.
Radical Analytics, Superweek Hungary, January 2017Stéphane Hamel
We have been doing it all wrong… the idea was to gather business requirements from stakeholders, define KPIs, and create a solution design. The thing is… either your stakeholders (if client side) or clients (if agency) do not have a clue or they do not know how to properly articulate their needs. Do not ask them!
Instead, take the lead - be the expert; Show them the light; pave the way!
In this presentation, Stéphane Hamel, a recognized industry leader and author of the Digital Analytics Maturity Model, will propose a radical new approach to digital analytics. He will share tricks and examples that could transform the way you do your job. Utopia or Nirvana? It will be yours to decide!
AI Roles and Risk for election year 2024Aurélie Pols
Are we replacing one tyranny for another? reflexion on 10 years at Superweek, which challenges lie ahead for the digital analytics community this election year as the ink is slowly but surely drying on the AI Act.
Preparing for the AI Act - 5 years into GDPR enforcementAurélie Pols
Starting off from a recent fine from the Berlin Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) around obligations for automated decision making (art. 22 of the GDPR), this presentation will walk the audience through how teams collaborate around compliance obligations. Risk with respect to processing of personal data continues to increase since the ink dried on the GDPR in 2016. Enforcement as of 2018 has signaled a need for companies to act responsibly with their data processing operations. While data governance is surely not the sexist job of the XXI st century and data self-service is on everybody’s mind, the increased complexity of integrated data systems requires collaboration. You possibly know who your companies’ data protection officer is. Or not. Let’s talk about who could be responsible for what, how privacy-by-design consensus can be reached and where technology plays a role in preparing for an accountable, increasingly automated and risk mitigated, future.
Creative destruction & Privacy Whitewashing: where does risk lie? Aurélie Pols
Almost 5 years into GDPR enforcement, the courts and the supervisory authorities have peddled through quite some decisions and more are expected while this description is being written.
More importantly, privacy legislations globally continue to evolve, some at state levels while entire continents are taking a stance, enclosing positions on Competition, obligations for Platforms, also called Gatekeepers, and uses of ADM, ML or even AI. This presentation will highlight where risks lie for your company and what compliance should start to look like moving forward.
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...Aurélie Pols
10th European Data Protection SUMMIT Applied To Health Data
December 2022
Track #3 Cookies are not so appetising anymore
ePrivacy Directive to be as compliant as possible
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
The GDPR is here. So do you know what the courts are saying?Aurélie Pols
While the ink is dry on the final text of the GDPR since May 2016, the same can not be said for the courts. They are busier than ever with respect to data protection litigation! (there hasn't been a lot before to be honest as the legal instruments weren't as adequate)
One could say former legal student Max Schrems partially paved the way by getting the European Court of Justice (ECJ) to declare SafeHarbour invalid and today again with his not-for-profit NOYB.eu. (that's for Non of Your Business)
While we might discuss Cambridge Analitica in light of a potential class action against Facebook in Belgium, this presentation will mainly walk the audience through those case laws (Digital Rights Ireland, Google Spain, Schrems, Wirtschatfstsakademie) that are shaping the interpretation of the previous Data Protection Directive and the GDPR. Hopefully this would allow us to better understands where those clear red lines are being drawn in the sand, for now.
So, Right to be Forgotten: is it still comparable to "book burning in the Nazi period" or can we move beyond to find better ways to balance technological opportunities with societal needs, for the benefit of all?
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
GDPR and the aftermath: what are we building towards?Aurélie Pols
“Human dignity is inviolable. It must be respected and protected.” is stated within article 1 of the Charter of Fundamental Rights of the EU. This document is the result of historical evolutions in the rule of law with respect to human rights, originating in 1948 with the Declaration of Human Rights and the creation of the United Nations.
Today we face global challenges, where sovereignties and personal identities are challenged, amongst others, through digitalization. The foundational values that touch upon our own dignity, as well as those of the tribes we belong to, need to be redefined in order to assure we build the societies we can proudly pass onto our children.
2018 is undoubtedly the year of Ethics. Which values should digital ethics reflect, beyond article 1 of the Charter of Fundamental Rights of the EU to assure we all move forward in the same direction?
Turning Analysis into Action with APIs - Superweek2017Mark Edmondson
Presentation given by Peter Meyer and Mark Edmondson and Superweek 2017 in Hungary. Includes three examples of using APIs in a tag management solution to give better data to make decisions and use predictions. 1.
Radical Analytics, Superweek Hungary, January 2017Stéphane Hamel
We have been doing it all wrong… the idea was to gather business requirements from stakeholders, define KPIs, and create a solution design. The thing is… either your stakeholders (if client side) or clients (if agency) do not have a clue or they do not know how to properly articulate their needs. Do not ask them!
Instead, take the lead - be the expert; Show them the light; pave the way!
In this presentation, Stéphane Hamel, a recognized industry leader and author of the Digital Analytics Maturity Model, will propose a radical new approach to digital analytics. He will share tricks and examples that could transform the way you do your job. Utopia or Nirvana? It will be yours to decide!
AI Roles and Risk for election year 2024Aurélie Pols
Are we replacing one tyranny for another? reflexion on 10 years at Superweek, which challenges lie ahead for the digital analytics community this election year as the ink is slowly but surely drying on the AI Act.
Preparing for the AI Act - 5 years into GDPR enforcementAurélie Pols
Starting off from a recent fine from the Berlin Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) around obligations for automated decision making (art. 22 of the GDPR), this presentation will walk the audience through how teams collaborate around compliance obligations. Risk with respect to processing of personal data continues to increase since the ink dried on the GDPR in 2016. Enforcement as of 2018 has signaled a need for companies to act responsibly with their data processing operations. While data governance is surely not the sexist job of the XXI st century and data self-service is on everybody’s mind, the increased complexity of integrated data systems requires collaboration. You possibly know who your companies’ data protection officer is. Or not. Let’s talk about who could be responsible for what, how privacy-by-design consensus can be reached and where technology plays a role in preparing for an accountable, increasingly automated and risk mitigated, future.
Creative destruction & Privacy Whitewashing: where does risk lie? Aurélie Pols
Almost 5 years into GDPR enforcement, the courts and the supervisory authorities have peddled through quite some decisions and more are expected while this description is being written.
More importantly, privacy legislations globally continue to evolve, some at state levels while entire continents are taking a stance, enclosing positions on Competition, obligations for Platforms, also called Gatekeepers, and uses of ADM, ML or even AI. This presentation will highlight where risks lie for your company and what compliance should start to look like moving forward.
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...Aurélie Pols
10th European Data Protection SUMMIT Applied To Health Data
December 2022
Track #3 Cookies are not so appetising anymore
ePrivacy Directive to be as compliant as possible
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
The GDPR is here. So do you know what the courts are saying?Aurélie Pols
While the ink is dry on the final text of the GDPR since May 2016, the same can not be said for the courts. They are busier than ever with respect to data protection litigation! (there hasn't been a lot before to be honest as the legal instruments weren't as adequate)
One could say former legal student Max Schrems partially paved the way by getting the European Court of Justice (ECJ) to declare SafeHarbour invalid and today again with his not-for-profit NOYB.eu. (that's for Non of Your Business)
While we might discuss Cambridge Analitica in light of a potential class action against Facebook in Belgium, this presentation will mainly walk the audience through those case laws (Digital Rights Ireland, Google Spain, Schrems, Wirtschatfstsakademie) that are shaping the interpretation of the previous Data Protection Directive and the GDPR. Hopefully this would allow us to better understands where those clear red lines are being drawn in the sand, for now.
So, Right to be Forgotten: is it still comparable to "book burning in the Nazi period" or can we move beyond to find better ways to balance technological opportunities with societal needs, for the benefit of all?
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
GDPR and the aftermath: what are we building towards?Aurélie Pols
“Human dignity is inviolable. It must be respected and protected.” is stated within article 1 of the Charter of Fundamental Rights of the EU. This document is the result of historical evolutions in the rule of law with respect to human rights, originating in 1948 with the Declaration of Human Rights and the creation of the United Nations.
Today we face global challenges, where sovereignties and personal identities are challenged, amongst others, through digitalization. The foundational values that touch upon our own dignity, as well as those of the tribes we belong to, need to be redefined in order to assure we build the societies we can proudly pass onto our children.
2018 is undoubtedly the year of Ethics. Which values should digital ethics reflect, beyond article 1 of the Charter of Fundamental Rights of the EU to assure we all move forward in the same direction?
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
Who goes there? It’s a question as old as time that is asked at the beginning of most transactions. In order for people and organizations to do business they must first ask – Who are you? How can I trust you?
Digital identity is becoming the most important challenge to solve at the intersection of people, process, and technology. Ask people about digital identity and they might think of a password and user ID to access services. But it’s much more. Digital identity is the digital representation of you – the Facebook you, Twitter you, and Google you.
Why is digital identity challenging? Perhaps because digital identity must intertwine with existing and evolving governance and cultural norms. Notions of privacy and sharing can vary greatly from person to person and from culture to culture.
This workshop explores what it means to be you in the digital world. We’ll uncover the forces and influences that impact the digital you – for better or for worse. Attendees will gain introductory insights about how digital identities and digital relationships connect and interact within a society. Join us to learn how Canada will advance digital identity for the socio-economic good of all.
https://fwd50.com/session/demystifying-digital-identity-for-all-1-2/
How digitization challenges our values as citizens Aurélie Pols
Aurélie will be talking about how our cherished European values that we strive to pass onto our children are being challenged through increased access to information and digitisation.
She will examine out responsibility as data subjects, citizens and parents to assure technology works for the benefit of human beings in the long run. We know that the processing of personal data should be designed to serve mankind - but what could that mean for us today and for the next generation to come?
Technical Consequences of the Data Subject's RightsAurélie Pols
In her keynote speech Aurélie will focus on data subject's rights and the technical consequences of these obligations.
As the General Data Protection Regulation (GDPR) has come into force on May 25th 2018, data subject’s rights are being re-introduced and reinforced, building the ground work for a more balanced approaches towards data uses within our increasingly digitised societies.
Aurélie dives into the practical perspective of how to manage these new GDPR data subject rights, what it means for your processes and IT systems and when or to what type of data they apply.
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
The GDPR which comes into force in May 2018 includes 6 ways to assure lawfulness of processing, of which consent
and legitimate interests. The ePrivacy Regulation, a lex specialis of the GDPR, remains in draft mode, waiting for trialogue.
This presentation will explain what a risk based approach means for the advertising sector, taking the angle of media and
communication agencies, vendors of tools as well as their end clients, the advertisers.
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
Building on 3 years worth of presentations on Privacy in the digital data ecosystem for Superweek, tackling transparency and sensitive data, this one addresses data subject rights while grounding the European project into the Charter of Fundamental Rights of the European Union. It includes a word of caution with respect to legitimate interests: not an easy choice to uphold!
The Great GDPR MyData Debate - Aurelie Pols - KeynoteAurélie Pols
The GDPR empowers citizens with several fundamentally new rights. This session will summarise some of those new rights with an exciting keynote and three supporting presentations. In particular we will discuss the various implementation opportunities, technical and legal challenges and form a view on how these new rights should manifest for a mydata economy. We will then enter an audience participatory debate led by the speaker panel and your GDPR Mydata hosts, finalised with 4 key questions the debate has surfaced and poll the audience views on the most likely market solutions.
https://mydata2017.org/session/gdpr-debate/
The Data Subject First? Decoding the GDPR at StrataDataAurélie Pols
Aurélie Pols draws a broad philosophical picture of the data ecosystem and then hones in on the right to data portability.
Strata keynote London may 2017, https://www.oreilly.com/ideas/the-data-subject-first
Brussels data science - Privacy Engineering for Big Data & Data ScienceAurélie Pols
This presentation walks through the challenges and opportunities for data scientists and big data professionals, with a focus on Privacy, describing which future roles will be needed in order to successfully bridge the written word of the law with coded data trails. Data Science will inevitably need to jump through intricate compliance hoops that could also sound the drum of a new ethical data dawn, in light of globalisation. Or... it might not.
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Round table discussion of vector databases, unstructured data, ai, big data, real-time, robots and Milvus.
A lively discussion with NJ Gen AI Meetup Lead, Prasad and Procure.FYI's Co-Found
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Global Situational Awareness of A.I. and where its headedvikram sood
You can see the future first in San Francisco.
Over the past year, the talk of the town has shifted from $10 billion compute clusters to $100 billion clusters to trillion-dollar clusters. Every six months another zero is added to the boardroom plans. Behind the scenes, there’s a fierce scramble to secure every power contract still available for the rest of the decade, every voltage transformer that can possibly be procured. American big business is gearing up to pour trillions of dollars into a long-unseen mobilization of American industrial might. By the end of the decade, American electricity production will have grown tens of percent; from the shale fields of Pennsylvania to the solar farms of Nevada, hundreds of millions of GPUs will hum.
The AGI race has begun. We are building machines that can think and reason. By 2025/26, these machines will outpace college graduates. By the end of the decade, they will be smarter than you or I; we will have superintelligence, in the true sense of the word. Along the way, national security forces not seen in half a century will be un-leashed, and before long, The Project will be on. If we’re lucky, we’ll be in an all-out race with the CCP; if we’re unlucky, an all-out war.
Everyone is now talking about AI, but few have the faintest glimmer of what is about to hit them. Nvidia analysts still think 2024 might be close to the peak. Mainstream pundits are stuck on the wilful blindness of “it’s just predicting the next word”. They see only hype and business-as-usual; at most they entertain another internet-scale technological change.
Before long, the world will wake up. But right now, there are perhaps a few hundred people, most of them in San Francisco and the AI labs, that have situational awareness. Through whatever peculiar forces of fate, I have found myself amongst them. A few years ago, these people were derided as crazy—but they trusted the trendlines, which allowed them to correctly predict the AI advances of the past few years. Whether these people are also right about the next few years remains to be seen. But these are very smart people—the smartest people I have ever met—and they are the ones building this technology. Perhaps they will be an odd footnote in history, or perhaps they will go down in history like Szilard and Oppenheimer and Teller. If they are seeing the future even close to correctly, we are in for a wild ride.
Let me tell you what we see.
Learn SQL from basic queries to Advance queriesmanishkhaire30
Dive into the world of data analysis with our comprehensive guide on mastering SQL! This presentation offers a practical approach to learning SQL, focusing on real-world applications and hands-on practice. Whether you're a beginner or looking to sharpen your skills, this guide provides the tools you need to extract, analyze, and interpret data effectively.
Key Highlights:
Foundations of SQL: Understand the basics of SQL, including data retrieval, filtering, and aggregation.
Advanced Queries: Learn to craft complex queries to uncover deep insights from your data.
Data Trends and Patterns: Discover how to identify and interpret trends and patterns in your datasets.
Practical Examples: Follow step-by-step examples to apply SQL techniques in real-world scenarios.
Actionable Insights: Gain the skills to derive actionable insights that drive informed decision-making.
Join us on this journey to enhance your data analysis capabilities and unlock the full potential of SQL. Perfect for data enthusiasts, analysts, and anyone eager to harness the power of data!
#DataAnalysis #SQL #LearningSQL #DataInsights #DataScience #Analytics
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
2. @aureliepols
Monkey repor6ng on
remote-controlled data cows?
Aurélie Pols, February 2016
Superweek.hu
h-p://www.theguardian.com/technology/2016/jan/30/europe-google-facebook-technology-ethics-eu-marCn-schulz
3. @aureliepols
Let’s Play a Game:
Are you willing to give & allow storage of this data
about you?
1. My first- and last name
2. My birthdate
3. My current home address
4. My bank account info
5. All of my online searches
6. All websites I have ever visited
7. The names of everyone I communicate with (email,
Skype, app, chat, snap, call)
8. Names, phone numbers and photos of everyone I know
9. Where I am and where I’ve ever been
10. The content of all my communicaCon with others at all
Cmes
Source: not my quesCons! h-ps://www.youtube.com/watch?v=BVM]zKnSgs
6. @aureliepols
Risk averse for my children
Ø My most precious assets
Ø We share common goals
Ø And speak the same language
Could you say the same of your
Legal Counsel?
7. @aureliepols
Consider before crucifying the Rule of law
1. The specifics of data as an Economic Asset:
² Data in infinitely transferable without decay
2. Oeen forgo-en LegislaCve Challenges
² Defining and recognizing Data Harms
3. Related to evolving Privacy LegislaCon
² Compliance is a Risk Exercise
4. Minimizing Privacy related Risks
² YOUR liability within the Data Ecosystem
9. @aureliepols
Fact remains: RACI matrices
Ø Legal counsel will be
held accountable
Ø Legal council should
be consulted
• Responsible
• Who is/will be doing this task?
• Who is assigned to work on this task? R
• Accountable
• Who’s head will roll if this goes wrong?
• Who has the authority? to take decision? A
• Consulted
• Anyone who can tell me more about this
task?
• Any stakeholders already idenCfied?
C
• Informed
• Anyone whose work depends on this task?
• Who has to be kept updated about the
progress?
I
10. @aureliepols
In a world of dynamic regula6on
Two fundamental Data Privacy quesCons:
1. How far is too far (for data use & transparency)?
2. Who will decide (what is acceptable)?
11. @aureliepols
If I had 1 £ for every 6me I heard…
1. Yes but we don’t collect PII
2. InternaConal data transfers? Safe Harbour!
12. @aureliepols
So what to do? 1 rules them all
Transparency
Choice
Informa6on
review &
correc6on
Informa6on
protec6on
Accountability
13. @aureliepols
There is no PII NOC list, get over it!
SensiCve
data?
A wash list of
controversial
variables!
14. @aureliepols
PII vs. Risk Levels
DIGITAL EXHAUST
Low Risk
OBA
Medium Risk
(profiling)
HIPAA
HEALTH DATA
High Risk
(sensiCve)
Risk Level
Data type
InformaCon Security Measures
Geong closer to uniquely idenCfying an individual
FCRA
CREDIT SCORING
Extremely High Risk
(profiling of sensiCve data)
US: if/then exercises
PII
15. @aureliepols
Where to start?
1. Define yourself
• Who are you in the data ecosystem?
• What are your obligaCons?
• What is expected of you?
• (Who can find out?)
16. @aureliepols
Where to start?
2. Document your Digital Entanglement
High-level mock-up of exisCng client.
Next steps:
ü Terms & sovereignCes
ü Data points & access/sharing
ü Purpose & Consent
ü Data retenCon periods
17. @aureliepols
Where to start?
3. Align your liabiliVes:
Ø What do the terms allow?
Ø Which data points are you collecCng?
Ø Which clauses are being used
(InternaConal data transfer
mechanisms: SafeHarbour)?
Ø Who has access? Data sharing
Ø …
18. @aureliepols
Where to start?
Purpose Consent
4. Don’t drop the ball on Purpose and Consent!
What happens if opt-out of email list, ?
h-ps://support.google.com/adwords/answer/
6276125?hl=en
UK: OpCcal Express bought “consented” data
from Thomas Cook
See ICO PECR: h-ps://ico.org.uk/for-
organisaCons/guide-to-pecr/introducCon/
what-are-pecr/
19. @aureliepols
Where to start?
5. Understand your risk
Ø Of legal issues: fines, class acCons
Schleswig-Holstein DPA considers SafeHarbour clauses today unacceptable +
can’t be replaced by model clauses either => is this a risk for your company?
Ø Of customer backlashes: unexpected/creepy
data uses
Target: using shopping behavior to define
pregnancy state (sensiCve data) => consent!
20. @aureliepols
Where to start?
6. Document, train & communicate
• If asked, be able to show
you’ve done your homework
• Define accountability
(data stewards) & escalaCon
procedures
• Explain & ask for help:
your company is the paVent!
22. @aureliepols
Find out where the next Data Privacy challenges lie
For you: Piwik webinar
h-ps://piwik.pro/c/privacy-webinar/
For your colleagues: IAPP webinar
h-ps://my.iapp.org/nc__event?
id=a0l1a000000nDWsAAM
23. @aureliepols
LET’S START THE DISCUSSION
Gracias por su
atención!
aurelie@mindyourprivacy.com
THANK YOU FOR LISTENING!