Date post: | 07-Jan-2017 |
Category: |
Technology |
Upload: | ghostery-inc |
View: | 757 times |
Download: | 1 times |
The Practical Impact of the General Data Protection Regulation
23 March, 2016
2
Agenda
• Introductions
• The Ghostery Story
• The General Data Protection Regulation (GDPR)
• The GDPR and Digital Advertising
• Q&A
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
3
Introductions
• Eduardo Ustaran – Partner, Hogan Lovells
• Nick Stringer – Chair of the European Interactive Digital Advertising Alliance
• Todd Ruback – Chief Privacy & Security Officer, Ghostery
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
4
Ghostery Story
• Founded in 2009 Ghostery is the industry leader in digital experience optimization and privacy solutions
PERFORMANCEGOVERNANCE PRIVACYSECURITY
MCMAd Choices
AppChoicesApp Notice
Site Notice
Ghostery Plug-In
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
5
We Make the Invisible Visible
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
6
GDPR is setting the table for the DSM to Flourish
• The GDPR is part of the Digital Single Market, a three-pronged strategy meant to tear down trade barriers and create conditions that could contribute up to €415 Billion to the European economy *
• GDPR is meant to give more control to the individual and compliance certainty to the corporation. It will create new individual rights and new corporate obligations, putting an emphasis on privacy as a core business process
• ePrivacy Directive (“cookie law) – its still around but is being reviewed to be in concert with the GDPR
* Digital Single Market, ec.europe.eu
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
7
e-Privacy Directive Review
• First stakeholder meeting April
12 and then throughout 2016• Expect EC proposal in 2017 • Needs to compliment GDPR’s
new notice and consent requirements
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Eduardo Ustaran, Partner
A practical overview of the new privacy framework
How will the EU Data Protection Regulation affect you?
Hogan Lovells | 9
• A single set of rules
• Extraterritorial reach
• Putting people in control
• Focus on practical compliance
• Stronger enforcement powers
The aim behind the EU's privacy reform
“A strong, clear and uniform legal framework.”
Hogan Lovells | 10
• January 2012 - Proposed EU Data Protection Regulation
• March 2014 - Parliament's preferred draft
• June 2015 - Council's preferred draft• 24 June 2015 - Trilogue kick-off• 15 December 2015 - GDPR agreed• Q1 2016 - Formal adoption• Q2 2016 - Official publication• 2 years + 20 days from the day of
publication:
GDPR in force and enforceable
A long legislative process
| 11Hogan Lovells
• One single law for the EU– Interpreted nationally
• Applicability based on establishment in the EU
– Economic activity in EU Member State
• Applicability based on individuals being in the EU
– Offering of goods or services to them– Monitoring of their behaviour
Geographical applicability
| 12Hogan Lovells
• Strengthening of consent– consent cannot be bundled with T&Cs – consent can be withdrawn at any time and in an easy
way – if ‘take it or leave it’ not freely given
Putting people in control of their data
• Provision of information
• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing • Right to data portability
• Right to object to the processing
• Right on automated processing
Hogan Lovells | 13
• Data protection policies• Data protection by design and by default• Record keeping obligations (controllers & processors)• Co-operation with DPAs (controllers & processors)• Data protection impact assessments • Prior consultation with DPAs in high-risk cases• Mandatory DPOs for public sector and Big Data (controllers &
processors)• Security and notification of breaches (controllers & processors)
Accountability obligations
Hogan Lovells | 14
• Life after Safe Harbor• Privacy Shield?• Binding Corporate Rules• Standard contractual clauses
– Adopted by European Commission– Adopted by DPAs
• Approved code of conduct• Approved certification mechanism• Ad-hoc contracts authorised by DPAs
International data transfers
| 15Hogan Lovells
• Still national regulators• Greater international cooperation• One-stop-shop?• Massive fines
– up to 20 million euro or – up to 4% of the total worldwide
annual turnoverwhichever is higher
Supervision and enforcement
Hogan Lovells | 16
#1 Don't panic
#2 Assess the true impact
#3 Prioritise accountability
#4 Think strategically about dataflows
#5 See it as an opportunity
Action plan
The GDPR and Digital AdvertisingNick Stringer, Chair EDAA
18
Context
• As legislators in Brussels have been framing a new data protection framework…
• …the EU ad industry had been implementing its initiative (‘AdChoices’) to enhance transparency & user control in interest-based digital advertising.
• This initiative – joined up with those in US & Canada – has been operating within a tough EU regulatory environment (ePrivacy Directive).
• The EDAA is currently assessing how the initiative may need to adapt in light of the GDPR.
• UK and EU trade bodies (e.g. IAB) are looking at GDPR implementation as a whole.
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
19
Background
• At the heart of EU initiative is an icon proving users with more information and ways to control ad preferences.
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
20
Mobile - Transparency
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
21
Mobile - Control
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Mobile web Device controls
Industry app solution
(Coming soon!)
22
Summary
• If you’re an ad business get involved!• Brands / publishers – urge ad partners to get involved!• Initiative will be important under the GDPR.• Enables businesses to ‘get ahead’ as (a) GDPR enforcement starts in
mid-2018; (b) areas of ambiguity are still to be debated.• More details at www.edaa.eu or get in touch!
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Hogan Lovells | 23
Eduardo Ustaran Todd Ruback Nick Stringer +44 20 7296 5249 917-262-2528 (US) +447957691803eduardo.ustaran@ [email protected] [email protected] hoganlovells.com
Thank You
24Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Q & A