SlideShare a Scribd company logo

Web Analytics and Privacy

Piwik PRO
Piwik PRO

The document discusses how to mitigate data risks with web analytics in light of evolving privacy legislation. It outlines that if a business collects and processes personal data, it needs to follow strict privacy laws to avoid fines. It then discusses key topics around privacy for web analytics, including evolving privacy legislation like the General Data Protection Regulation (GDPR), distinguishing between personal data and personally identifiable information (PII), and using methods like the RACI model and privacy impact assessments to classify risks and assign responsibilities for data use. Color coding of green, orange and red is also suggested to classify risk levels associated with different types of customer data processing.

Data & Analytics
1 of 32
Download to read offline
Web Analytics and Privacy How to Mitigate Data Risks in the Age of Evolving Privacy Legislation
Web Analytics and Privacy The ubiquity of data is bordering on pervasive, so much that an acute tension is building between technological capabilities and ethical uses of data.
Web Analytics and Privacy If your business is a data processor, you need to follow strict privacy laws in order to avoid fines and protect your stakeholders.
Web Analytics and Privacy Here we will focus specifically on privacy for web analytics: • Evolving Privacy Legislation • Personal Data vs. Personally Identifiable Information (PII) • Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Evolving Privacy Legislation
Web Analytics and Privacy Download free PDF! You can read full discussion of the issue in our comprehensive whitepaper... ...or get an overview by exploring this brief presentation
Web Analytics and Privacy As data flows are rarely limited to a single country, the objective becomes to build flexible and sustainable analytics setups that cover all regions. Evolving Privacy Legislation
Web Analytics and Privacy Legislative misalignments can expose you to some serious monetary penalties: • Fines are typically capped at 500k € in certain countries of the EU • Upcoming General Data Protection Regulation (GDPR) is expected to allow fines up to as much as 2% to 5% of an organization’s global turnover • US class action suits can lead to exposure to loss of much larger amounts Evolving Privacy Legislation
Web Analytics and Privacy Note that GDPR is the strictest privacy law that has ever been introduced. It will have a significant impact on all businesses dealing with customers within the European Union. Evolving Privacy Legislation
Web Analytics and Privacy GDPR will come into force within two years. What are the core issues regarding Web Analytics? Evolving Privacy Legislation
Web Analytics and Privacy Profiling is defined as any form of automated processing of personal data to predict aspects concerning performance at work, economic situation, reliability, behaviour, movements and others. • GDPR concerns all companies processing personal data about EU residents. • The profiling process must be automated • The purpose of the profiling must be to evaluate personal aspects of a natural person • One cannot use an individual’s PII for profiling purposes unless such profiling is in the public interest • Explicit consent is necessary as a new legal basis for data processing • Data subjects must be informed about any profiling activities Evolving Privacy Legislation
Web Analytics and Privacy Where should you start to make sure your organization is compliant with the new law?
Web Analytics and Privacy Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the OECD have become an internationally accepted set of rules for processing personal information. They will work just fine as a starting point. Evolving Privacy Legislation
Web Analytics and Privacy OECD privacy principles: 1. Collection Limitation: Data collection should occur only with the knowledge and consent of the concerned individual (data subject). 2. Data Quality: One should only collect information which is accurate and relevant to a particular aim. 3. Individual Participation: The concerned individual should know if their information has been collected and must be able to access it if such data exists. 4. Purpose Specification: The intended use for a particular piece of information must be known at the time of collection. 5. Use Limitation: Collected data must not be used for purposes other than those specified at the time of collection. 6. Security Safeguards: Reasonable measures must be taken to protect data from unauthorized use, destruction, modification, or disclosure of personal information. 7. Openness: Individuals should be able to avail themselves of data collection and be able to contact the entity collecting this information. 8. Accountability: The data collector should be held accountable for failing to abide by any of the above rules. A dedicated person must be appointed Evolving Privacy Legislation
Web Analytics and Privacy Remember that these outlined principles are acceptable as the core of your web-analytics privacy practices, but in many cases they may not be enough. Evolving Privacy Legislation
Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII)
Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII) Knowing the legal redline related to data types is crucial for minimizing the risk of breaches or violations. PII is a US-based concept, while Europe refers to Personal Data.
Web Analytics and Privacy PII data can be linked to a particular individual, whereas Personal Data can relate to someone without identification. Personal Data vs. Personally Identifiable Information (PII)
Web Analytics and Privacy E-mail address, name or phone number constitute PII, and the use of this data to capture an individual’s behaviour may be considered an abuse under privacy regulations. Personal Data vs. Personally Identifiable Information (PII)
Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII) Aurélie Pols Taking into consideration the broad and vague definition of sensitive data, as enshrined in the European regulations, it is more practical to set up processes to detect PII following the US-based legislation. The recommended practice is therefore to use the US PII lists as a starting point to define escalation procedures and supplement such lists with context-related European practices. Mind Your Privacy
Web Analytics and Privacy Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy How can you be sure your company is fulfilling all of its data-related obligations? What methods can help you assign such responsibilities? Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy The scope of obligations for companies will depend upon the type of data they collect, process, and share. Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Responsible Who is/will be doing this task? Who is assigned to work on this task? Accountable Whose head will roll it this goes wrong? Who has authority to make a decision? Consulted Who con tell me more about this task? Are any stakeholders already identified? Informed Whose work depends on this task? Who has to be kept updated about the progress? Risk Classification of Web-Analytics and Related Processes One popular example of a responsibility-assignment method is the the RACI model, which stands for Responsible, Accountable, Consulted, and Informed.
Web Analytics and Privacy Another method useful in certain contexts, particularly the privacy aspects of data uses, is the Privacy Impact Assessment (PIA). It typically consists of workflow-based questionnaires used by companies to identify and contain risks from the beginning. Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Fluid privacy regulations, changing terms and conditions, excessive authority of legal counsel, and misunderstanding of legislation may indeed cause some companies to come to an analytical halt. Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Taking that into account, responsibility could be divided into three main areas associated with the RACI model we mentioned above. When relating this to customer relationship, data-risk classification could be seen as follows... Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Classification Description Allocation Green Carry-on, no issues here Full responsibility stays within analytics, no further consultations needed Orange Bring in an outside counsel to be on the safe date Analytics remain responsible; consult with provacy Red This is cutting edge, involves personal data and/or sensitive information and/or separate legal entitles Privacy is informed and signs off or suggests risk-mitigation solutions (saying NO is not an answer, as next time they won’t be informed) Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Or in other words, the above classification looks something like: • Green: An individual comes to a digital property and leaves a data trail. • Orange: A company wants to take a look at which individuals come back and what their technical environment is like; e.g. using cookies. • Red: A company wants to stitch digital touch-points together. Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Aurélie Pols The trick is to understand when Green, Orange, and Red protocols are best applied to optimize data-privacy management. Remember, context remains of essence to assure privacy rights are respected. Mind Your Privacy Risk Classification of Web-Analytics and Related Processes
Web Analytics and Privacy Download! If you want to learn more about mitigating data risks, read our free whitepaper written by renowned European privacy expert Aurélie Pols:
Thank You @piwikPRO /PiwikPro /piwik-pro

Recommended

Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
Piwik PRO
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
Piwik PRO
 
A Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
A Comparison of Analytics and Tag Management Suites by Piwik PRO and GoogleA Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
A Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
Piwik PRO
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 

Recommended

Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
Piwik PRO
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
Piwik PRO
 
A Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
A Comparison of Analytics and Tag Management Suites by Piwik PRO and GoogleA Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
A Comparison of Analytics and Tag Management Suites by Piwik PRO and Google
Piwik PRO
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
Piwik PRO
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
Precisely
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPR
John M Walsh
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
RominaMariaBaltariu
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
Rachel Aldighieri
 
Webianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkWebianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection framework
Leigh Hill
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Amazon Web Services
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
Bart Van Den Brande
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
TrustArc
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
Ravindra Babu
 

More Related Content

What's hot

GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
Piwik PRO
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
Precisely
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPR
John M Walsh
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
RominaMariaBaltariu
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
Rachel Aldighieri
 
Webianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkWebianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection framework
Leigh Hill
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Amazon Web Services
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
Bart Van Den Brande
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
TrustArc
 

What's hot (20)

GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPR
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
Webianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkWebianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection framework
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
 

Similar to Web Analytics and Privacy

A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
Ravindra Babu
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
AIIM International
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
elvinchan
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Soumodeep Nanee Kundu
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DM
abethan
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramMSpadea
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
tsaaroacademy
 
An examination of the ethical considerations involved in data analytics
An examination of the ethical considerations involved in data analyticsAn examination of the ethical considerations involved in data analytics
An examination of the ethical considerations involved in data analytics
Uncodemy
 
data-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdfdata-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdf
kiruthigajawahar6
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
Sravan Ankaraju
 
What is a data protection impact assessment?
What is a data protection impact assessment?What is a data protection impact assessment?
What is a data protection impact assessment?
Infinity Legal Solutions
 

Similar to Web Analytics and Privacy (20)

A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DM
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
 
An examination of the ethical considerations involved in data analytics
An examination of the ethical considerations involved in data analyticsAn examination of the ethical considerations involved in data analytics
An examination of the ethical considerations involved in data analytics
 
data-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdfdata-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdf
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
 
What is a data protection impact assessment?
What is a data protection impact assessment?What is a data protection impact assessment?
What is a data protection impact assessment?
 

Recently uploaded

SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
theahmadsaood
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
James Polillo
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Subhajit Sahu
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
ArpitMalhotra16
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
ewymefz
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
yhkoc
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
AlejandraGmez176757
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
NABLAS株式会社
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 

Recently uploaded (20)

SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 

Web Analytics and Privacy

  • 1. Web Analytics and Privacy How to Mitigate Data Risks in the Age of Evolving Privacy Legislation
  • 2. Web Analytics and Privacy The ubiquity of data is bordering on pervasive, so much that an acute tension is building between technological capabilities and ethical uses of data.
  • 3. Web Analytics and Privacy If your business is a data processor, you need to follow strict privacy laws in order to avoid fines and protect your stakeholders.
  • 4. Web Analytics and Privacy Here we will focus specifically on privacy for web analytics: • Evolving Privacy Legislation • Personal Data vs. Personally Identifiable Information (PII) • Risk Classification of Web-Analytics and Related Processes
  • 5. Web Analytics and Privacy Evolving Privacy Legislation
  • 6. Web Analytics and Privacy Download free PDF! You can read full discussion of the issue in our comprehensive whitepaper... ...or get an overview by exploring this brief presentation
  • 7. Web Analytics and Privacy As data flows are rarely limited to a single country, the objective becomes to build flexible and sustainable analytics setups that cover all regions. Evolving Privacy Legislation
  • 8. Web Analytics and Privacy Legislative misalignments can expose you to some serious monetary penalties: • Fines are typically capped at 500k € in certain countries of the EU • Upcoming General Data Protection Regulation (GDPR) is expected to allow fines up to as much as 2% to 5% of an organization’s global turnover • US class action suits can lead to exposure to loss of much larger amounts Evolving Privacy Legislation
  • 9. Web Analytics and Privacy Note that GDPR is the strictest privacy law that has ever been introduced. It will have a significant impact on all businesses dealing with customers within the European Union. Evolving Privacy Legislation
  • 10. Web Analytics and Privacy GDPR will come into force within two years. What are the core issues regarding Web Analytics? Evolving Privacy Legislation
  • 11. Web Analytics and Privacy Profiling is defined as any form of automated processing of personal data to predict aspects concerning performance at work, economic situation, reliability, behaviour, movements and others. • GDPR concerns all companies processing personal data about EU residents. • The profiling process must be automated • The purpose of the profiling must be to evaluate personal aspects of a natural person • One cannot use an individual’s PII for profiling purposes unless such profiling is in the public interest • Explicit consent is necessary as a new legal basis for data processing • Data subjects must be informed about any profiling activities Evolving Privacy Legislation
  • 12. Web Analytics and Privacy Where should you start to make sure your organization is compliant with the new law?
  • 13. Web Analytics and Privacy Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the OECD have become an internationally accepted set of rules for processing personal information. They will work just fine as a starting point. Evolving Privacy Legislation
  • 14. Web Analytics and Privacy OECD privacy principles: 1. Collection Limitation: Data collection should occur only with the knowledge and consent of the concerned individual (data subject). 2. Data Quality: One should only collect information which is accurate and relevant to a particular aim. 3. Individual Participation: The concerned individual should know if their information has been collected and must be able to access it if such data exists. 4. Purpose Specification: The intended use for a particular piece of information must be known at the time of collection. 5. Use Limitation: Collected data must not be used for purposes other than those specified at the time of collection. 6. Security Safeguards: Reasonable measures must be taken to protect data from unauthorized use, destruction, modification, or disclosure of personal information. 7. Openness: Individuals should be able to avail themselves of data collection and be able to contact the entity collecting this information. 8. Accountability: The data collector should be held accountable for failing to abide by any of the above rules. A dedicated person must be appointed Evolving Privacy Legislation
  • 15. Web Analytics and Privacy Remember that these outlined principles are acceptable as the core of your web-analytics privacy practices, but in many cases they may not be enough. Evolving Privacy Legislation
  • 16. Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII)
  • 17. Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII) Knowing the legal redline related to data types is crucial for minimizing the risk of breaches or violations. PII is a US-based concept, while Europe refers to Personal Data.
  • 18. Web Analytics and Privacy PII data can be linked to a particular individual, whereas Personal Data can relate to someone without identification. Personal Data vs. Personally Identifiable Information (PII)
  • 19. Web Analytics and Privacy E-mail address, name or phone number constitute PII, and the use of this data to capture an individual’s behaviour may be considered an abuse under privacy regulations. Personal Data vs. Personally Identifiable Information (PII)
  • 20. Web Analytics and Privacy Personal Data vs. Personally Identifiable Information (PII) Aurélie Pols Taking into consideration the broad and vague definition of sensitive data, as enshrined in the European regulations, it is more practical to set up processes to detect PII following the US-based legislation. The recommended practice is therefore to use the US PII lists as a starting point to define escalation procedures and supplement such lists with context-related European practices. Mind Your Privacy
  • 21. Web Analytics and Privacy Risk Classification of Web-Analytics and Related Processes
  • 22. Web Analytics and Privacy How can you be sure your company is fulfilling all of its data-related obligations? What methods can help you assign such responsibilities? Risk Classification of Web-Analytics and Related Processes
  • 23. Web Analytics and Privacy The scope of obligations for companies will depend upon the type of data they collect, process, and share. Risk Classification of Web-Analytics and Related Processes
  • 24. Web Analytics and Privacy Responsible Who is/will be doing this task? Who is assigned to work on this task? Accountable Whose head will roll it this goes wrong? Who has authority to make a decision? Consulted Who con tell me more about this task? Are any stakeholders already identified? Informed Whose work depends on this task? Who has to be kept updated about the progress? Risk Classification of Web-Analytics and Related Processes One popular example of a responsibility-assignment method is the the RACI model, which stands for Responsible, Accountable, Consulted, and Informed.
  • 25. Web Analytics and Privacy Another method useful in certain contexts, particularly the privacy aspects of data uses, is the Privacy Impact Assessment (PIA). It typically consists of workflow-based questionnaires used by companies to identify and contain risks from the beginning. Risk Classification of Web-Analytics and Related Processes
  • 26. Web Analytics and Privacy Fluid privacy regulations, changing terms and conditions, excessive authority of legal counsel, and misunderstanding of legislation may indeed cause some companies to come to an analytical halt. Risk Classification of Web-Analytics and Related Processes
  • 27. Web Analytics and Privacy Taking that into account, responsibility could be divided into three main areas associated with the RACI model we mentioned above. When relating this to customer relationship, data-risk classification could be seen as follows... Risk Classification of Web-Analytics and Related Processes
  • 28. Web Analytics and Privacy Classification Description Allocation Green Carry-on, no issues here Full responsibility stays within analytics, no further consultations needed Orange Bring in an outside counsel to be on the safe date Analytics remain responsible; consult with provacy Red This is cutting edge, involves personal data and/or sensitive information and/or separate legal entitles Privacy is informed and signs off or suggests risk-mitigation solutions (saying NO is not an answer, as next time they won’t be informed) Risk Classification of Web-Analytics and Related Processes
  • 29. Web Analytics and Privacy Or in other words, the above classification looks something like: • Green: An individual comes to a digital property and leaves a data trail. • Orange: A company wants to take a look at which individuals come back and what their technical environment is like; e.g. using cookies. • Red: A company wants to stitch digital touch-points together. Risk Classification of Web-Analytics and Related Processes
  • 30. Web Analytics and Privacy Aurélie Pols The trick is to understand when Green, Orange, and Red protocols are best applied to optimize data-privacy management. Remember, context remains of essence to assure privacy rights are respected. Mind Your Privacy Risk Classification of Web-Analytics and Related Processes
  • 31. Web Analytics and Privacy Download! If you want to learn more about mitigating data risks, read our free whitepaper written by renowned European privacy expert Aurélie Pols: