This document discusses court rulings related to the GDPR and privacy. It begins by noting there has not been much litigation around data protection yet, with notable cases including challenges to data retention directives and invalidation of the EU-US Safe Harbor agreement. Two typical types of cases before the European Court of Justice are discussed - those balancing public vs. individual interests, and those interpreting secondary EU law to foster accountability. Upcoming cases are mentioned that could address issues like joint responsibility of controllers and processors and validity of consent mechanisms. Processor obligations under the GDPR are also outlined.
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
The GDPR which comes into force in May 2018 includes 6 ways to assure lawfulness of processing, of which consent
and legitimate interests. The ePrivacy Regulation, a lex specialis of the GDPR, remains in draft mode, waiting for trialogue.
This presentation will explain what a risk based approach means for the advertising sector, taking the angle of media and
communication agencies, vendors of tools as well as their end clients, the advertisers.
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
Building on 3 years worth of presentations on Privacy in the digital data ecosystem for Superweek, tackling transparency and sensitive data, this one addresses data subject rights while grounding the European project into the Charter of Fundamental Rights of the European Union. It includes a word of caution with respect to legitimate interests: not an easy choice to uphold!
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
Who goes there? It’s a question as old as time that is asked at the beginning of most transactions. In order for people and organizations to do business they must first ask – Who are you? How can I trust you?
Digital identity is becoming the most important challenge to solve at the intersection of people, process, and technology. Ask people about digital identity and they might think of a password and user ID to access services. But it’s much more. Digital identity is the digital representation of you – the Facebook you, Twitter you, and Google you.
Why is digital identity challenging? Perhaps because digital identity must intertwine with existing and evolving governance and cultural norms. Notions of privacy and sharing can vary greatly from person to person and from culture to culture.
This workshop explores what it means to be you in the digital world. We’ll uncover the forces and influences that impact the digital you – for better or for worse. Attendees will gain introductory insights about how digital identities and digital relationships connect and interact within a society. Join us to learn how Canada will advance digital identity for the socio-economic good of all.
https://fwd50.com/session/demystifying-digital-identity-for-all-1-2/
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
The GDPR which comes into force in May 2018 includes 6 ways to assure lawfulness of processing, of which consent
and legitimate interests. The ePrivacy Regulation, a lex specialis of the GDPR, remains in draft mode, waiting for trialogue.
This presentation will explain what a risk based approach means for the advertising sector, taking the angle of media and
communication agencies, vendors of tools as well as their end clients, the advertisers.
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
Building on 3 years worth of presentations on Privacy in the digital data ecosystem for Superweek, tackling transparency and sensitive data, this one addresses data subject rights while grounding the European project into the Charter of Fundamental Rights of the European Union. It includes a word of caution with respect to legitimate interests: not an easy choice to uphold!
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
Who goes there? It’s a question as old as time that is asked at the beginning of most transactions. In order for people and organizations to do business they must first ask – Who are you? How can I trust you?
Digital identity is becoming the most important challenge to solve at the intersection of people, process, and technology. Ask people about digital identity and they might think of a password and user ID to access services. But it’s much more. Digital identity is the digital representation of you – the Facebook you, Twitter you, and Google you.
Why is digital identity challenging? Perhaps because digital identity must intertwine with existing and evolving governance and cultural norms. Notions of privacy and sharing can vary greatly from person to person and from culture to culture.
This workshop explores what it means to be you in the digital world. We’ll uncover the forces and influences that impact the digital you – for better or for worse. Attendees will gain introductory insights about how digital identities and digital relationships connect and interact within a society. Join us to learn how Canada will advance digital identity for the socio-economic good of all.
https://fwd50.com/session/demystifying-digital-identity-for-all-1-2/
Technical Consequences of the Data Subject's RightsAurélie Pols
In her keynote speech Aurélie will focus on data subject's rights and the technical consequences of these obligations.
As the General Data Protection Regulation (GDPR) has come into force on May 25th 2018, data subject’s rights are being re-introduced and reinforced, building the ground work for a more balanced approaches towards data uses within our increasingly digitised societies.
Aurélie dives into the practical perspective of how to manage these new GDPR data subject rights, what it means for your processes and IT systems and when or to what type of data they apply.
How digitization challenges our values as citizens Aurélie Pols
Aurélie will be talking about how our cherished European values that we strive to pass onto our children are being challenged through increased access to information and digitisation.
She will examine out responsibility as data subjects, citizens and parents to assure technology works for the benefit of human beings in the long run. We know that the processing of personal data should be designed to serve mankind - but what could that mean for us today and for the next generation to come?
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
(video summary at: https://conversionhotel.com/session/keynote-2019-future-of-data-governance-gdpr/)
This is an amazing woman with so much knowledge on analytics data and privacy in particular. I bumped into Aurélie Pols around 14 years ago when she was already publishing analytics content on the analytics blog of her former company (which might even be the first webanalytics agency being sold to a large firm). The blog was an inspiration for me to move away from writing about analytics for big broad marketing blogs and to start webanalisten.nl back in 2008 – a Dutch written niche blog on analytics and optimization. By then Aurélie already had 10 years of statistics and analytics experience… She moved on and did her work with Web Analytics Demystified and the Digital Analytics Association before she moved into the field of analytics & privacy. Yes, she focused on data and privacy already in 2012!
So when I saw privacy and issues with data quality among the top 10 topics the #CH2019 attendees want to learn form I immediately thought of Aurélie. She accepted the challenge to keynote at Texel, also because she was born nearby in Alkmaar. Great Aurélie is coming over – she will enlighten us on all the questions we have on data and privacy.
Cheers,
Ton Wesseling
Founder & host of The Conference formerly known as Conversion Hotel
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyAurélie Pols
Defining the SAM Pro’s Role in Data Privacy
As software and IT asset managers gather increasing amounts of data about employee use of company systems, concerns arise over employee privacy. How can the need to monitor access to software and systems be balanced with local legislation designed to protect employees' privacy rights in the work place?
This is the concern attendees at the 2014 SAM Summit London will discuss in a keynote session with European privacy and digital analytics specialist Aurélie Pols, co-founder and chief visionary officer at Mind Your Privacy.
"As more employers let workers bring their own devices to the office or access company data in the cloud from home, software asset managers are faced with a new task," says Pols. "They have to ensure that the measurements and controls put in place to secure data and license compliance, are not violating employee privacy."
An employee's right to privacy is defined in local law, posing a challenge for companies that operate throughout Europe. Spain has one of the strictest data protection laws in Europe, notes Pols, who is based in Madrid. "When it comes to fines issued by data protection authorities in Europe, Spain accounts for 80 percent of them," she says. This has turned Spain into a country where corporate lawyers, and IT managers, make sure they have the right processes in place to avoid the legal risks surrounding improper data collection and use.
The Spanish model has become the ideal to apply to client environments throughout Europe, notes Pols. " We try to find the best and most homogenous set of data governance practices that will work worldwide to ensure minimal risk—and maximum compliance."
Best practices of data use
The first data governance challenge for software and IT asset management professionals is to define what kind of data they are collecting from their workforce and how it will be used.
"Of course the software asset manager wants to track employee usage to ensure that data is not leaked or improperly accessed, but a subset of this activity is that suddenly you have data about what employees are doing," notes Pols. "This can run afoul of privacy laws unless there's close collaboration with the HR department."
Companies are now faced with the question: Do we want to use this data on employee activity, and if so, for what purpose? Do we want to use it within certain teams to assess whether certain employees are productive? Do we want to use this to assure that they are using the right processes?
"Before you measure, you need to know what and why you’re measuring," says Pols. "Although the software asset manager isn’t going to be looking at this employee data, they do need to ensure that any data collected is done in accordance with local laws."
Information Security for increased usage of e-services - Masit Open Days 2010Ana Meskovska
Presentation on the 8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference.
http://www.seeita.org/
http://www.seeita.org/?conference_agenda
Data Privacy & Protection Conference - Unlocking the Value of Digital Ethics
Boussias communication presentation, Athens June 23rd 2016 http://dataprivacy.boussiasconferences.gr/default.asp?pid=12&la=1&SpeakerId=1
AI Roles and Risk for election year 2024Aurélie Pols
Are we replacing one tyranny for another? reflexion on 10 years at Superweek, which challenges lie ahead for the digital analytics community this election year as the ink is slowly but surely drying on the AI Act.
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...Aurélie Pols
The Privacy discussions started with Do Not Track (DNT) some years ago, before we all went through the nightmarish EU Cookie Directive and some kind of consent mechanism. From Cookie cliff, losing over 90% of tracking, to implicit consent; from asking for forgiveness instead of permission, the analytics community is slowly but surely getting used to Privacy, Security and Compliance discussions.
But what does this really imply?
Your role as a company collecting, processing and retargeting data is one thing.
The tools you use, their Terms and Conditions and the surrounding processes yet another.
Follow this session if you make sure that within this chain of data responsibility you are not the weak link.
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
Advertisers are collecting as much data as possible in order to sell finely targeted audiences to corporations. Privacy advocates are trying to wake up the populace to the continuous loss of civil liberties. Marketers are just trying to use the best tools to sell more stuff without alienating the public. Aurélie offers up a global view privacy rules and regulations to highlight how the upcoming European Union Personal Data Protection Regulation will influence digital analytics around the world. Then David identifies key data collection and usage issues and discusses ways to obtain the data we need while maintaining the trust and confidence of those we need to reach.
Creative destruction & Privacy Whitewashing: where does risk lie? Aurélie Pols
Almost 5 years into GDPR enforcement, the courts and the supervisory authorities have peddled through quite some decisions and more are expected while this description is being written.
More importantly, privacy legislations globally continue to evolve, some at state levels while entire continents are taking a stance, enclosing positions on Competition, obligations for Platforms, also called Gatekeepers, and uses of ADM, ML or even AI. This presentation will highlight where risks lie for your company and what compliance should start to look like moving forward.
Aurélie Pols - Retargeting & Privacy: 5 Tips to stay out of (legal) troubleMarketing Festival
Don't miss the next year of Marketing Festival Brno - http://www.marketingfestival.cz
You can also buy a video of this presentation at marketingfestival.cz
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyAurélie Pols
Introducing a basic Privacy framework of purpose and consent, this presentation continues with exploring data minimization opportunities and related internal procedures to assure this framework is respected and aligned with global regulation.
Arguing that in light of increased data collection, the very notion of PII or personal information is more than a blurry concept and that de-identification of data is not as easy as it is suggested to be, the conversation should evolve towards the particular context within which data is being used.
The question to ask then becomes “what risk does an individual face if her data is used in a particular way?”
Borrowing from Spanish information security best practices and in the light of increasing data breach regulations, the presentation examines how data flows should ideally be defined and secured in order to assure accountability through an entire data lifecycle.
Such a lifecycles must also include evolving legislative minimal and maximum data retention periods after which action needs to be taken, either through anonymization of collected and used data or through its thorough deletion.
Last but not least, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud based solutions. Each actor of this data chain has a role to play and responsibility to abide by in order to assure compliance and mitigate risk.
IAPP Data Protection Intensive London - Transparency in Marketing (AP part III)Aurélie Pols
https://privacyassociation.org/conference/iapp-europe-data-protection-intensive-2015/
Just how transparent should organisations be with their customers in communicating the personal data use behind their sophisticated marketing plans? Before making tough decisions, companies must be transparent with themselves.
Technical Consequences of the Data Subject's RightsAurélie Pols
In her keynote speech Aurélie will focus on data subject's rights and the technical consequences of these obligations.
As the General Data Protection Regulation (GDPR) has come into force on May 25th 2018, data subject’s rights are being re-introduced and reinforced, building the ground work for a more balanced approaches towards data uses within our increasingly digitised societies.
Aurélie dives into the practical perspective of how to manage these new GDPR data subject rights, what it means for your processes and IT systems and when or to what type of data they apply.
How digitization challenges our values as citizens Aurélie Pols
Aurélie will be talking about how our cherished European values that we strive to pass onto our children are being challenged through increased access to information and digitisation.
She will examine out responsibility as data subjects, citizens and parents to assure technology works for the benefit of human beings in the long run. We know that the processing of personal data should be designed to serve mankind - but what could that mean for us today and for the next generation to come?
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
(video summary at: https://conversionhotel.com/session/keynote-2019-future-of-data-governance-gdpr/)
This is an amazing woman with so much knowledge on analytics data and privacy in particular. I bumped into Aurélie Pols around 14 years ago when she was already publishing analytics content on the analytics blog of her former company (which might even be the first webanalytics agency being sold to a large firm). The blog was an inspiration for me to move away from writing about analytics for big broad marketing blogs and to start webanalisten.nl back in 2008 – a Dutch written niche blog on analytics and optimization. By then Aurélie already had 10 years of statistics and analytics experience… She moved on and did her work with Web Analytics Demystified and the Digital Analytics Association before she moved into the field of analytics & privacy. Yes, she focused on data and privacy already in 2012!
So when I saw privacy and issues with data quality among the top 10 topics the #CH2019 attendees want to learn form I immediately thought of Aurélie. She accepted the challenge to keynote at Texel, also because she was born nearby in Alkmaar. Great Aurélie is coming over – she will enlighten us on all the questions we have on data and privacy.
Cheers,
Ton Wesseling
Founder & host of The Conference formerly known as Conversion Hotel
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyAurélie Pols
Defining the SAM Pro’s Role in Data Privacy
As software and IT asset managers gather increasing amounts of data about employee use of company systems, concerns arise over employee privacy. How can the need to monitor access to software and systems be balanced with local legislation designed to protect employees' privacy rights in the work place?
This is the concern attendees at the 2014 SAM Summit London will discuss in a keynote session with European privacy and digital analytics specialist Aurélie Pols, co-founder and chief visionary officer at Mind Your Privacy.
"As more employers let workers bring their own devices to the office or access company data in the cloud from home, software asset managers are faced with a new task," says Pols. "They have to ensure that the measurements and controls put in place to secure data and license compliance, are not violating employee privacy."
An employee's right to privacy is defined in local law, posing a challenge for companies that operate throughout Europe. Spain has one of the strictest data protection laws in Europe, notes Pols, who is based in Madrid. "When it comes to fines issued by data protection authorities in Europe, Spain accounts for 80 percent of them," she says. This has turned Spain into a country where corporate lawyers, and IT managers, make sure they have the right processes in place to avoid the legal risks surrounding improper data collection and use.
The Spanish model has become the ideal to apply to client environments throughout Europe, notes Pols. " We try to find the best and most homogenous set of data governance practices that will work worldwide to ensure minimal risk—and maximum compliance."
Best practices of data use
The first data governance challenge for software and IT asset management professionals is to define what kind of data they are collecting from their workforce and how it will be used.
"Of course the software asset manager wants to track employee usage to ensure that data is not leaked or improperly accessed, but a subset of this activity is that suddenly you have data about what employees are doing," notes Pols. "This can run afoul of privacy laws unless there's close collaboration with the HR department."
Companies are now faced with the question: Do we want to use this data on employee activity, and if so, for what purpose? Do we want to use it within certain teams to assess whether certain employees are productive? Do we want to use this to assure that they are using the right processes?
"Before you measure, you need to know what and why you’re measuring," says Pols. "Although the software asset manager isn’t going to be looking at this employee data, they do need to ensure that any data collected is done in accordance with local laws."
Information Security for increased usage of e-services - Masit Open Days 2010Ana Meskovska
Presentation on the 8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference.
http://www.seeita.org/
http://www.seeita.org/?conference_agenda
Data Privacy & Protection Conference - Unlocking the Value of Digital Ethics
Boussias communication presentation, Athens June 23rd 2016 http://dataprivacy.boussiasconferences.gr/default.asp?pid=12&la=1&SpeakerId=1
AI Roles and Risk for election year 2024Aurélie Pols
Are we replacing one tyranny for another? reflexion on 10 years at Superweek, which challenges lie ahead for the digital analytics community this election year as the ink is slowly but surely drying on the AI Act.
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...Aurélie Pols
The Privacy discussions started with Do Not Track (DNT) some years ago, before we all went through the nightmarish EU Cookie Directive and some kind of consent mechanism. From Cookie cliff, losing over 90% of tracking, to implicit consent; from asking for forgiveness instead of permission, the analytics community is slowly but surely getting used to Privacy, Security and Compliance discussions.
But what does this really imply?
Your role as a company collecting, processing and retargeting data is one thing.
The tools you use, their Terms and Conditions and the surrounding processes yet another.
Follow this session if you make sure that within this chain of data responsibility you are not the weak link.
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
Advertisers are collecting as much data as possible in order to sell finely targeted audiences to corporations. Privacy advocates are trying to wake up the populace to the continuous loss of civil liberties. Marketers are just trying to use the best tools to sell more stuff without alienating the public. Aurélie offers up a global view privacy rules and regulations to highlight how the upcoming European Union Personal Data Protection Regulation will influence digital analytics around the world. Then David identifies key data collection and usage issues and discusses ways to obtain the data we need while maintaining the trust and confidence of those we need to reach.
Creative destruction & Privacy Whitewashing: where does risk lie? Aurélie Pols
Almost 5 years into GDPR enforcement, the courts and the supervisory authorities have peddled through quite some decisions and more are expected while this description is being written.
More importantly, privacy legislations globally continue to evolve, some at state levels while entire continents are taking a stance, enclosing positions on Competition, obligations for Platforms, also called Gatekeepers, and uses of ADM, ML or even AI. This presentation will highlight where risks lie for your company and what compliance should start to look like moving forward.
Aurélie Pols - Retargeting & Privacy: 5 Tips to stay out of (legal) troubleMarketing Festival
Don't miss the next year of Marketing Festival Brno - http://www.marketingfestival.cz
You can also buy a video of this presentation at marketingfestival.cz
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyAurélie Pols
Introducing a basic Privacy framework of purpose and consent, this presentation continues with exploring data minimization opportunities and related internal procedures to assure this framework is respected and aligned with global regulation.
Arguing that in light of increased data collection, the very notion of PII or personal information is more than a blurry concept and that de-identification of data is not as easy as it is suggested to be, the conversation should evolve towards the particular context within which data is being used.
The question to ask then becomes “what risk does an individual face if her data is used in a particular way?”
Borrowing from Spanish information security best practices and in the light of increasing data breach regulations, the presentation examines how data flows should ideally be defined and secured in order to assure accountability through an entire data lifecycle.
Such a lifecycles must also include evolving legislative minimal and maximum data retention periods after which action needs to be taken, either through anonymization of collected and used data or through its thorough deletion.
Last but not least, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud based solutions. Each actor of this data chain has a role to play and responsibility to abide by in order to assure compliance and mitigate risk.
IAPP Data Protection Intensive London - Transparency in Marketing (AP part III)Aurélie Pols
https://privacyassociation.org/conference/iapp-europe-data-protection-intensive-2015/
Just how transparent should organisations be with their customers in communicating the personal data use behind their sophisticated marketing plans? Before making tough decisions, companies must be transparent with themselves.
Coexisting safely and ethically with intelligent machines is one of the central challenges of the 21st Century. It demonstrates and strengthen the need to establish ethical standards for Artificial Intelligence to help us preserve the values we cherish the most.
https://www.sibos.com/conference/conference-programme/digital-ethics
Earley Executive Roundtable on Data Analytics - Session 1 - The Business Pote...Earley Information Science
Business Potential of Machine Learning and Cognitive Computing. Speakers include:
– Bruce Daley Principal Analyst, Tractica (@brucedaley)
– Olly Downs, Chief Scientist/CTO, Globys (@globysinc )
– Mitchell Shuster, Data Scientist, Knowledgent (@Knowledgent)
– Patrick Heffernan, Practice Manager, TBR (@TBR_PatrickH)
Multi-tasking teams within cyber security departmentsAurélie Pols
Data Risk Mitigation Of Digital Transformation Projects explained, upon invitation #Cybercamp15 in Madrid, sponsored by INCIBE (Instituto Nacional de CiberSeguridad) & the Spanish Ministry of Industry, Energy and Tourism
Brussels data science - Privacy Engineering for Big Data & Data ScienceAurélie Pols
This presentation walks through the challenges and opportunities for data scientists and big data professionals, with a focus on Privacy, describing which future roles will be needed in order to successfully bridge the written word of the law with coded data trails. Data Science will inevitably need to jump through intricate compliance hoops that could also sound the drum of a new ethical data dawn, in light of globalisation. Or... it might not.
Orange Hills is a a specialized strategy consultancy. We support managing directors, board members and business owners of IT and service companies to develop and implement innovative strategies, services and business models.
Similar to The GDPR is here. So do you know what the courts are saying? (20)
Preparing for the AI Act - 5 years into GDPR enforcementAurélie Pols
Starting off from a recent fine from the Berlin Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) around obligations for automated decision making (art. 22 of the GDPR), this presentation will walk the audience through how teams collaborate around compliance obligations. Risk with respect to processing of personal data continues to increase since the ink dried on the GDPR in 2016. Enforcement as of 2018 has signaled a need for companies to act responsibly with their data processing operations. While data governance is surely not the sexist job of the XXI st century and data self-service is on everybody’s mind, the increased complexity of integrated data systems requires collaboration. You possibly know who your companies’ data protection officer is. Or not. Let’s talk about who could be responsible for what, how privacy-by-design consensus can be reached and where technology plays a role in preparing for an accountable, increasingly automated and risk mitigated, future.
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...Aurélie Pols
10th European Data Protection SUMMIT Applied To Health Data
December 2022
Track #3 Cookies are not so appetising anymore
ePrivacy Directive to be as compliant as possible
GDPR and the aftermath: what are we building towards?Aurélie Pols
“Human dignity is inviolable. It must be respected and protected.” is stated within article 1 of the Charter of Fundamental Rights of the EU. This document is the result of historical evolutions in the rule of law with respect to human rights, originating in 1948 with the Declaration of Human Rights and the creation of the United Nations.
Today we face global challenges, where sovereignties and personal identities are challenged, amongst others, through digitalization. The foundational values that touch upon our own dignity, as well as those of the tribes we belong to, need to be redefined in order to assure we build the societies we can proudly pass onto our children.
2018 is undoubtedly the year of Ethics. Which values should digital ethics reflect, beyond article 1 of the Charter of Fundamental Rights of the EU to assure we all move forward in the same direction?
The Great GDPR MyData Debate - Aurelie Pols - KeynoteAurélie Pols
The GDPR empowers citizens with several fundamentally new rights. This session will summarise some of those new rights with an exciting keynote and three supporting presentations. In particular we will discuss the various implementation opportunities, technical and legal challenges and form a view on how these new rights should manifest for a mydata economy. We will then enter an audience participatory debate led by the speaker panel and your GDPR Mydata hosts, finalised with 4 key questions the debate has surfaced and poll the audience views on the most likely market solutions.
https://mydata2017.org/session/gdpr-debate/
The Data Subject First? Decoding the GDPR at StrataDataAurélie Pols
Aurélie Pols draws a broad philosophical picture of the data ecosystem and then hones in on the right to data portability.
Strata keynote London may 2017, https://www.oreilly.com/ideas/the-data-subject-first
Superweek 2016 Would You Lie to Your Physician?Aurélie Pols
A tale of caution about lack of transparency and rolling heads. Pragmatic Data Privacy take-aways for an era of Digital Entanglement and fluid Privacy legislation. See superweek.hu
BIG DATA IN BUSINESS Implement and use Big Data to your organization’s advantageAurélie Pols
IE Business School - Executive Education
3-Day International Executive Program
June 22-24, 2015, Monday-Wednesday
Madrid, Spain
Session 9: Managing Privacy and Data Governance, a Risk based Approach
Big Data Big Ideas: Data is the New Oil, Privacy is the New GreenAurélie Pols
Data is a specific type of property for which legislation is not ready. Technology continues to advance at a rapid pace. What are Privacy best practices? what are Privacy and Compliance challenges facing your business using analytics? How do you turn this into a Risk exercise or an opportunity for Business Development?
Presented in Istanbul Turkey, May 2015 at http://smartcon.com/en/istanbul-2015-big-data-big-ideas-overview
Responsible Data Uses: Privacy, Security, Ethics & ComplianceAurélie Pols
What do these words actually mean for digital analytics?
See the forest for the trees and take away what you can do today to work towards more responsible uses of data, in light of collaborative efforts with Marcom and IT but also the folks at legal council, those in charge of security or entrusted with corporate social responsibility. Understand what the risks with legislation for our industry are in Scandinavia, Europe and globally and where to draw the line.
Privacy & Ethics: Should you measure when a user logs out?Aurélie Pols
This Amicus Brief is intended to support the digital analytics community and members of the Digital Analytics Association (DAA) with the understanding of the implications of digital measurement practices from the angle of increasing Privacy, Compliance, Ethics and Security requirements.
This document is not intended to hold any legal recommendations.
The purpose of this document is to foster reflections and discussions within the digital analytics community about vendors’ measurement practices, ways to tackle evolving global Privacy legislation and increased feelings of lack of trust that is felt by Internet users all over the world.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
ASHWINI KUMAR UPADHYAY v/s Union of India.pptxshweeta209
transfer of the P.I.L filed by lawyer Ashwini Kumar Upadhyay in Delhi High Court to Supreme Court.
on the issue of UNIFORM MARRIAGE AGE of men and women.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
2. @aureliepols aurelie@mindyourprivacy.com
Data Governance & Privacy Engineer
Data is the New infrastructure – Privacy is the New Green – Trust is the New Currency
Dutch nationality, French mother tongue, works in English, lives in Spain
AURELIE POLS,
DATA GOVERNANCE
& PRIVACY ENGINEER
• DPO for mParticle (Customer Data platform) – contractor (USA, New York)
• Chief Visionary Officer – Competing on Privacy; Founder – Aurélie Pols and Associates
• Professor of Ethics & Privacy in Big Data & Business Analytics Master – Instituto de Empresa (IE), Madrid (ES);
guest professor DPO certification courses Maastricht University, faculty of law (NL) & Solvay Business School Brussels (B)
• Board Member European Center On Privacy and Security, Maastricht University (NL)
• Ethics Advisory Group (EAG) – European Data Protection Supervisor (EDPS) Towards a digital ethics
• Former Vice-chair P7002 – Data Privacy Process – IEEE
• Speaker/writer/consiglieri: Mobile World Congress, SWSX, Strata (+ Hadoop World), IAPP, Piwik, AT Internet, industry
associations, AdTech & MarTech vendors, …
2003:
OX2 Co-founder
Webanalytics.be
2008:
Sold to Digitas LBi
(Publicis)
2
12. @aureliepols aurelie@mindyourprivacy.com
Obligations under the GDPR data ecosystem
12
Source: https://www.rizikon.oi/gdpr-compliance
Appointing a DPO –
Data Protection
Officer – or not?
Described in section
4 of the GDPR, art.
37: Designation of a
data protection
officer.
Following articles
talk of position and
tasks.
The choice remains
to appoint one even
if not directly
required: moving
beyond
compliance!
28. @aureliepols aurelie@mindyourprivacy.com
Typically 2 types of cases at the ECJ
1. Public interest vs. individual interest
• Law Enforcement Directive 2016/680
• Data Retention Directive of 2006 invalidated in 2014 in Digital Rights vs.
Seitlinger case, Tele2 Sverige & Watson, … mainly telcos and profiling, serious
crime
• Schrems vs. Facebook invalidated Safeharbour in October 2015 (adequacy,
following Snowden. Also PNR in Canada, sensitive data)
2. Interpretation of EU secondary law to foster accountability of
individuals
28