The Practical Impact of the General Data Protection Regulation

The Practical Impact of the General Data Protection Regulation

23 March, 2016

2

Agenda

• Introductions

• The Ghostery Story

• The General Data Protection Regulation (GDPR)

• The GDPR and Digital Advertising

• Q&A

Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved

3

Introductions

• Eduardo Ustaran – Partner, Hogan Lovells

• Nick Stringer – Chair of the European Interactive Digital Advertising Alliance

• Todd Ruback – Chief Privacy & Security Officer, Ghostery


4

Ghostery Story

• Founded in 2009 Ghostery is the industry leader in digital experience optimization and privacy solutions

PERFORMANCEGOVERNANCE PRIVACYSECURITY

MCMAd Choices

AppChoicesApp Notice

Site Notice

Ghostery Plug-In


5

We Make the Invisible Visible


6

GDPR is setting the table for the DSM to Flourish

• The GDPR is part of the Digital Single Market, a three-pronged strategy meant to tear down trade barriers and create conditions that could contribute up to €415 Billion to the European economy *

• GDPR is meant to give more control to the individual and compliance certainty to the corporation. It will create new individual rights and new corporate obligations, putting an emphasis on privacy as a core business process

• ePrivacy Directive (“cookie law) – its still around but is being reviewed to be in concert with the GDPR

* Digital Single Market, ec.europe.eu


http://ec.europa.eu/priorities/digital-single-market_en

7

e-Privacy Directive Review

• First stakeholder meeting April

12 and then throughout 2016• Expect EC proposal in 2017 • Needs to compliment GDPR’s

new notice and consent requirements


Eduardo Ustaran, Partner

A practical overview of the new privacy framework

How will the EU Data Protection Regulation affect you?

Hogan Lovells | 9

• A single set of rules

• Extraterritorial reach

• Putting people in control

• Focus on practical compliance

• Stronger enforcement powers

The aim behind the EU's privacy reform

“A strong, clear and uniform legal framework.”

Hogan Lovells | 10

• January 2012 - Proposed EU Data Protection Regulation

• March 2014 - Parliament's preferred draft

• June 2015 - Council's preferred draft• 24 June 2015 - Trilogue kick-off• 15 December 2015 - GDPR agreed• Q1 2016 - Formal adoption• Q2 2016 - Official publication• 2 years + 20 days from the day of

publication:

GDPR in force and enforceable

A long legislative process

| 11Hogan Lovells

• One single law for the EU– Interpreted nationally

• Applicability based on establishment in the EU

– Economic activity in EU Member State

• Applicability based on individuals being in the EU

– Offering of goods or services to them– Monitoring of their behaviour

Geographical applicability

| 12Hogan Lovells

• Strengthening of consent– consent cannot be bundled with T&Cs – consent can be withdrawn at any time and in an easy

way – if ‘take it or leave it’ not freely given

Putting people in control of their data

• Provision of information

• Right of access

• Right to rectification

• Right to erasure

• Right to restriction of processing • Right to data portability

• Right to object to the processing

• Right on automated processing

Hogan Lovells | 13

• Data protection policies• Data protection by design and by default• Record keeping obligations (controllers & processors)• Co-operation with DPAs (controllers & processors)• Data protection impact assessments • Prior consultation with DPAs in high-risk cases• Mandatory DPOs for public sector and Big Data (controllers &

processors)• Security and notification of breaches (controllers & processors)

Accountability obligations

Hogan Lovells | 14

• Life after Safe Harbor• Privacy Shield?• Binding Corporate Rules• Standard contractual clauses

– Adopted by European Commission– Adopted by DPAs

• Approved code of conduct• Approved certification mechanism• Ad-hoc contracts authorised by DPAs

International data transfers

| 15Hogan Lovells

• Still national regulators• Greater international cooperation• One-stop-shop?• Massive fines

– up to 20 million euro or – up to 4% of the total worldwide

annual turnoverwhichever is higher

Supervision and enforcement

Hogan Lovells | 16

#1 Don't panic

#2 Assess the true impact

#3 Prioritise accountability

#4 Think strategically about dataflows

#5 See it as an opportunity

Action plan

The GDPR and Digital AdvertisingNick Stringer, Chair EDAA

18

Context

• As legislators in Brussels have been framing a new data protection framework…

• …the EU ad industry had been implementing its initiative (‘AdChoices’) to enhance transparency & user control in interest-based digital advertising.

• This initiative – joined up with those in US & Canada – has been operating within a tough EU regulatory environment (ePrivacy Directive).

• The EDAA is currently assessing how the initiative may need to adapt in light of the GDPR.

• UK and EU trade bodies (e.g. IAB) are looking at GDPR implementation as a whole.


19

Background

• At the heart of EU initiative is an icon proving users with more information and ways to control ad preferences.


20

Mobile - Transparency


21

Mobile - Control


Mobile web Device controls

Industry app solution

(Coming soon!)

22

Summary

• If you’re an ad business get involved!• Brands / publishers – urge ad partners to get involved!• Initiative will be important under the GDPR.• Enables businesses to ‘get ahead’ as (a) GDPR enforcement starts in

mid-2018; (b) areas of ambiguity are still to be debated.• More details at www.edaa.eu or get in touch!


http://www.edaa.eu/

Hogan Lovells | 23

Eduardo Ustaran Todd Ruback Nick Stringer +44 20 7296 5249 917-262-2528 (US) +447957691803eduardo.ustaran@ [email protected] [email protected] hoganlovells.com

Thank You

24Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved

Q & A

Date post:	07-Jan-2017
Category:	Technology
Upload:	ghostery-inc
View:	757 times
Download:	1 times

The Practical Impact of the General Data Protection Regulation

Technology