SlideShare une entreprise Scribd logo

Talk at IAPP London May 2020: Competition, and why the GDPR is failing

Johnny Ryan
Johnny Ryan

Talk at IAPP London May 2020: Competition, and why the GDPR is failing

Business
1  sur  67
Télécharger pour lire hors ligne
WHAT IS NEXT? AND WHY NOTHING HAPPENED BEFORE The GDPR at Two Years Old
@johnnyryan
Part 1
COMPETITION
@johnnyryan
@johnnyryan
@johnnyryan
@johnnyryan MICRO
@johnnyryan Atomic Unit of Data Processing
@johnnyryan Not the ‘Bit’
@johnnyryan The Processing Purpose
@johnnyryan 1 O 1 O1
@johnnyryan The personal data must be ring fenced, and used only for this particular purpose. 1 O 1 O1 Each purpose must have a valid legal basis.
@johnnyryan Scope is determined by what the data subject could foresee when the data was first collected. 1 O 1 O1 1 O 1 O1
@johnnyryan 1 O 1 O1 1 O 1 O 1 O1 1 O 1 O1 1 O 1 O1 Put a company’s data under the microscope.
@johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful.
@johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for.
@johnnyryan 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 11 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for. 3. The organization has an internal data free-for-all.
@johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for. 3. The organization has an internal data free-for-all. 4. But this is vulnerable to enforcement of GDPR Article 5(1)b.
@johnnyryan 1 O 1 O 1 Many purposes. But few lawful data. @johnnyryan
No internal data free-for-alls. 1 O 1 O 1 Purpose Limitation @johnnyryan
Cascading monopolies
Market 1 Leveraging data from one market into another Grew on the merits.
Market 1 Market 2 Leveraging data from one market into another
Market 1 Market 2 Personal data Leveraging data from one market into another
Market 1 Market 2 Personal data Leveraging data from one market into another Offensive leveraging of data
Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
Market 1 Cross-use of data between processing purposes
Market 1 Cross-use of data between processing purposes Purpose 1 Purpose 2 Purpose 3 Purpose 4 Purpose 5 Purpose 6 Purpose 7 more
Market 1 Cross-use of data between processing purposes “Privacy tying” of processing purposes Purpose 1 Purpose 2 Purpose 3 Purpose 4 Purpose 5 Purpose 6 Purpose 7 more
Market 1 Market 2 Market 3 Cross-use of data between processing purposes
Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps) “HyperGlobalMegaTech” Fictitious example:
Enforcement of purpose limitation means functional separation Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps)
Enforcement of purpose limitation means functional separation Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps)
Purpose limitation =‘big tech’ kryptonite @johnnyryan
Users can pull Big tech’s brain chips.
Many companies trading personal data without any control One big company cross-using personal data beyond intended purpose, and bundling consents. RTB external data free-for-all Big tech’s internal data free-for-all
Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. 1 The market requires both internal & external GDPR enforcement
Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. 1 2 The market requires both internal & external GDPR enforcement
Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 The market requires both internal & external GDPR enforcement
4 Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Failure to enforce GDPR Article 5(1)b against big tech’s internal data free-for-all could then let big tech envelop the whole RTB market. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 The market requires both internal & external GDPR enforcement
4 Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Failure to enforce GDPR Article 5(1)b against big tech’s internal data free-for-all could then let big tech envelop the whole RTB market. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 Robust enforcement of GDPR Article 5(1)b against big tech’s internal data free-for-all would allow publishers to compete with big tech fairly. OR 4 The market requires both internal & external GDPR enforcement
(b)collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes Personal data shall be: @johnnyryan -GDPR, Article 5 (1) (b)
Part 2
The GDPR is at risk of failing. Here is why.
UKGermanyAustria Belgium Bulgaria Croatia Cyprus Denmark Estonia Finland France Hungary Ireland Italy Latvia Lithuania Lux. Netherl.MaltaCzech Republic Romania Slovakia Slovenia Spain SwedenPortugalPolandGreece 101‡ 4‡ 42641†8 21 28 3842†55† 7† 2 4 22 36‡ 4 11‡ 82 12 3,520 people work at European DPAs that regulate the private sector. But only 8.6% are specialist tech investigators.
UKGermanyAustria Belgium Bulgaria Croatia Cyprus Denmark Estonia Finland France Hungary Ireland Italy Latvia Lithuania Lux. Netherl.MaltaCzech Republic Romania Slovakia Slovenia Spain SwedenPortugalPolandGreece 101‡ 4‡ 42641†8 21 28 3842†55† 7† 2 4 22 36‡ 4 11‡ 82 12 This is the thin line policing big tech
2017 2019 2020 €16.5 €32.3 €56.1 €32.6 2018 But governments have reduced DPA budget increases since the GDPR. Total increases to DPA annual budgets, in millions of Euro, rounded. The GDPR was applied on 25 May
2010 20202000 Lead authority case load per country Twenty years of annual budgets 30 60 UK 56 cases Germany (federal € only) 92 cases Ireland 127 cases France 64 cases Luxembourg 87 cases 0 €61 MillionsofEuro,rounded. The GDPR was applied on 25 May
But only 3% of its staff are tech specialists. Organigram of ICO staff whose roles or training are primarily technical. Head of tech. policy Head of privacy innovation Tech. adviser (secondment) Tech. adviser (secondment) Data ethics adviser Executive director Technology policy & innovation unit Group manager technology policy Group manager digital economy Principal tech. advisor Principal tech. advisor Post-doctoral fellowship in AI Senior tech. officer Senior tech. officer Team manager Group manager Cyber incident response & investigation unit Principal cyber investigations officer Principal cyber investigations officer Principal cyber investigations officer Lead technical investigations officer Lead technical investigations officer Vacancy Team manager Lead technical investigations officer The UK ICO is Europe’s biggest DPA. It has 680 staff. Its budget doubled from 2018 to 2020, to €61M. 22 people
Team manager Group manager Cyber incident response & investigation unit Principal cyber investigations officer Principal cyber investigations officer Principal cyber investigations officer Lead technical investigations officer Lead technical investigations officer Team manager 8 peopleactually conduct tech investigations at the ICO 1 vacancy +
BRAVE | Tracking on UK council websites Regulatory failure to protect the UK against RTB Timeline of ICO inaction: • January 2018 The ICO is contacted by Dr Johnny Ryan, then an industry whistle blower, about the RTB data breach. • September 2018 Brave initiates a campaign of formal GDPR complaints to stop the RTB data breach. The ICO receives Brave’s evidence in GDPR complaints from Jim Killock of the Open Rights Group and Dr Michael Veale. • June 2019 The ICO announces that RTB is currently unlawful, and gives the industry six months to clean up. • December 2019 The ICO’s six month grace period for the RTB industry ends. No substantive action is proposed by industry. • January 2020 The ICO announces it accepts the RTB industry’s gestures, and will take no immediate action to stop the continuing RTB data breach. English non-metropolitan county councilsUK local and unitary councils 198 Councils use “real-time bidding” advertising on their sites Councils without real-time bidding Councils with real-time bidding
2017 2019 2020 37% requested from government 10% actually given 79% 75% 60% 31% % increase in budget % increase in GDPR complaints received Ireland’s DPA supervises Google and Facebook in Europe. Even though increases in complaints are accelerating, 2018 56% increases to its budget are decelerating.
Annual budget (millions €) Numberoftechspecialists Spain Netherlands 60 100 120 20 40 80 0 100604020 120800 Italy Ireland UK Germany Greece France Other EU Member States This includes Länder (regional) and federal DPAs
German Länder DPAs Not included on this chart: Federal Commissioner for Data Protection and Freedom of Information (BfDi): 185 staff, 22 of these roles (including 10 vacancies) are tech specialists. BfDI is responsible for postal and telecommunications services, government departments and federal institutions. Bayern has a separate DPA that deals with the public sector. Its 44 staff include 5 tech specialists. ‡Saarland tech specialist figure is an estimate based on DPA response. 8 3 288 8 25 456 716 53 27 23 24 10 5 5 4 3 4 3 3 1 19 19 25 Baden-Württemberg Bayern Berlin Niedersachsen Hamburg Bremen Rheinland-Pfalz Brandenburg Hessen Sachsen-Anhalt Sachsen Schleswig-Holstein Vorpommern Saarland‡ Nordrhein-Westfalen Thüringen 1 465 283 5 29 49
Too few tech specialist investigators. Too few funds to defend decisions in court.
I have submitted a request to the European Commission to launch an infringement procedure against European Governments for their failure to implement the GDPR.
EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE and CONSUMERS Directorate C: Fundamental rights and Rule of Law Unit C.3: Data protection Brussels, 06.05.2020 JUST.C3/ks (2020)2747685 Dr Johnny Ryan 26 Dartmouth Road Ranelagh D06 FT98 Ireland E-mail: johnny@brave.com Dear Sir, Thank you for your letter of 27 April 2020, which has been registered as a complaint under reference numbers CHAP(2020)1136, 1137, 1138, 1140, 1141, 1142, 1143, 1144, 1145, 1146, 1147, 1148, 1149, 1150, 1151, 1152, 1153, 1154, 1155, 1156, 1157, 1158, 1160, 1161, 1162, 1163 (please quote these references in any further correspondence). Ref. Ares(2020)2393042 - 06/05/2020
National recommendations ● Far more specialist tech investigators, with competitive salaries to attract talent. ● Finance to allow DPAs to defend decisions against expensive legal appeals. EU-level recommendations ● EDPB (secretariat run by the EDPS) should establish a tech investigative unit to support national DPAs. Substantial permanent staff, and a small rotating temporary staff from national DPAs. ● European Commission should should refer Member States to the European Court of Justice if necessary.
1. NEXT: Purpose limitation = ‘big tech’ kryptonite. Cross-use of personal data makes companies vulnerable to Article 5(1)b enforcement. 2. WHY NOTHING HAPPENED BEFORE: Governments have not invested. The European Commission must see that they do.
johnny@brave.com @johnnyryan

Recommandé

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
Data breach and debit issues for brands
Data breach and debit issues for brandsData breach and debit issues for brands
Data breach and debit issues for brandsSaranya Narayana Moorthy
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR Annelore van der Lint
 

Recommandé

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
Data breach and debit issues for brands
Data breach and debit issues for brandsData breach and debit issues for brands
Data breach and debit issues for brandsSaranya Narayana Moorthy
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR Annelore van der Lint
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
GDPR ISOGG Guidance
GDPR ISOGG GuidanceGDPR ISOGG Guidance
GDPR ISOGG GuidanceInternational Society of Genetic Genealogy
 
Reassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerReassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerFSR Communications and Media
 
Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gerard Wilkinson
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationZero Point Development
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Aligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter PinAligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter Pinscoopnewsgroup
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarSagittarius
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Federal Information Security - Rob Potter
Federal Information Security - Rob PotterFederal Information Security - Rob Potter
Federal Information Security - Rob Potterscoopnewsgroup
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Dryden Geary
 
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...Lionel Briand
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasGeoBellas
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
GDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the BankGDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the Bank"John "Jeb"" Beckwith
 
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...TrustArc
 
CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022Johnny Ryan
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc
 

Contenu connexe

Tendances

Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gerard Wilkinson
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationZero Point Development
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Aligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter PinAligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter Pinscoopnewsgroup
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarSagittarius
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Federal Information Security - Rob Potter
Federal Information Security - Rob PotterFederal Information Security - Rob Potter
Federal Information Security - Rob Potterscoopnewsgroup
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Dryden Geary
 
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...Lionel Briand
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasGeoBellas
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
GDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the BankGDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the Bank"John "Jeb"" Beckwith
 
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...TrustArc
 

Tendances (20)

Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and Concerns
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
GDPR ISOGG Guidance
GDPR ISOGG GuidanceGDPR ISOGG Guidance
GDPR ISOGG Guidance
 
Reassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerReassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad Rosner
 
Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection Regulation
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 
Aligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter PinAligning Today's IT with the Future of Government - Peter Pin
Aligning Today's IT with the Future of Government - Peter Pin
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It Webinar
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
Federal Information Security - Rob Potter
Federal Information Security - Rob PotterFederal Information Security - Rob Potter
Federal Information Security - Rob Potter
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellas
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
GDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the BankGDPR Solutions That Won't Break the Bank
GDPR Solutions That Won't Break the Bank
 
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
TrustArc Webinar: How to Prepare Your Business for Privacy Changes in the Mid...
 

Similaire à Talk at IAPP London May 2020: Competition, and why the GDPR is failing

TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Ray Bugg
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownAgile PR
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinFranco Coin
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxRahulGarg294918
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
GDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxGDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxkimonesinghunicomerc
 
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020Fullstaak
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
Why Data Protection Impact Assessment
Why Data Protection Impact AssessmentWhy Data Protection Impact Assessment
Why Data Protection Impact Assessmentshaabalbaghdadi
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfDarylBallesteros3
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestLilian Edwards
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 

Similaire à Talk at IAPP London May 2020: Competition, and why the GDPR is failing (20)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
 
Infographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPRInfographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPR
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptx
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
GDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxGDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptx
 
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
Why Data Protection Impact Assessment
Why Data Protection Impact AssessmentWhy Data Protection Impact Assessment
Why Data Protection Impact Assessment
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 

Plus de Johnny Ryan

Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slidesJohnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationJohnny Ryan
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Johnny Ryan
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...Johnny Ryan
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 

Plus de Johnny Ryan (20)

Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and Disinformation
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)
 

Dernier

Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 

Dernier (20)

Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 

Talk at IAPP London May 2020: Competition, and why the GDPR is failing

  • 1.
  • 2. WHAT IS NEXT? AND WHY NOTHING HAPPENED BEFORE The GDPR at Two Years Old
  • 14. @johnnyryan The personal data must be ring fenced, and used only for this particular purpose. 1 O 1 O1 Each purpose must have a valid legal basis.
  • 15. @johnnyryan Scope is determined by what the data subject could foresee when the data was first collected. 1 O 1 O1 1 O 1 O1
  • 16. @johnnyryan 1 O 1 O1 1 O 1 O 1 O1 1 O 1 O1 1 O 1 O1 Put a company’s data under the microscope.
  • 17. @johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful.
  • 18. @johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for.
  • 19. @johnnyryan 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 1 1 O 1 O 11 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for. 3. The organization has an internal data free-for-all.
  • 20. @johnnyryan 1 O 1 O 1 1. An organization collects some personal data. It is lawful. 2. The organization has many purposes that it wants to use the data for. 3. The organization has an internal data free-for-all. 4. But this is vulnerable to enforcement of GDPR Article 5(1)b.
  • 21. @johnnyryan 1 O 1 O 1 Many purposes. But few lawful data. @johnnyryan
  • 22. No internal data free-for-alls. 1 O 1 O 1 Purpose Limitation @johnnyryan
  • 23.
  • 24.
  • 26. Market 1 Leveraging data from one market into another Grew on the merits.
  • 27. Market 1 Market 2 Leveraging data from one market into another
  • 28. Market 1 Market 2 Personal data Leveraging data from one market into another
  • 29. Market 1 Market 2 Personal data Leveraging data from one market into another Offensive leveraging of data
  • 30. Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
  • 31. Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
  • 32. Market 1 Market 2 Market 3 Personal data Leveraging data from one market into another
  • 33. Market 1 Cross-use of data between processing purposes
  • 34. Market 1 Cross-use of data between processing purposes Purpose 1 Purpose 2 Purpose 3 Purpose 4 Purpose 5 Purpose 6 Purpose 7 more
  • 35. Market 1 Cross-use of data between processing purposes “Privacy tying” of processing purposes Purpose 1 Purpose 2 Purpose 3 Purpose 4 Purpose 5 Purpose 6 Purpose 7 more
  • 36. Market 1 Market 2 Market 3 Cross-use of data between processing purposes
  • 37. Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps) “HyperGlobalMegaTech” Fictitious example:
  • 38. Enforcement of purpose limitation means functional separation Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps)
  • 39. Enforcement of purpose limitation means functional separation Market 2 (E-mail) Market 3 (Operating Systems) Market 4 (Ads on others’ sites/apps) Market 5 (Ads on own sites/apps) Market 1 (Maps)
  • 40. Purpose limitation =‘big tech’ kryptonite @johnnyryan
  • 41. Users can pull Big tech’s brain chips.
  • 42. Many companies trading personal data without any control One big company cross-using personal data beyond intended purpose, and bundling consents. RTB external data free-for-all Big tech’s internal data free-for-all
  • 43. Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. 1 The market requires both internal & external GDPR enforcement
  • 44. Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. 1 2 The market requires both internal & external GDPR enforcement
  • 45. Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 The market requires both internal & external GDPR enforcement
  • 46. 4 Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Failure to enforce GDPR Article 5(1)b against big tech’s internal data free-for-all could then let big tech envelop the whole RTB market. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 The market requires both internal & external GDPR enforcement
  • 47. 4 Big tech operates an internal data free-for-all. It cross-uses personal data from its many disparate services for its advertising business. This has created a big tech monopoly. Failure to enforce GDPR Article 5(1)b against big tech’s internal data free-for-all could then let big tech envelop the whole RTB market. Enforcement of GDPR Article 5(1)f would stop the external data free-for-all between thousands of companies in the “real-time bidding” (RTB) market. 1 2 3 Robust enforcement of GDPR Article 5(1)b against big tech’s internal data free-for-all would allow publishers to compete with big tech fairly. OR 4 The market requires both internal & external GDPR enforcement
  • 48. (b)collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes Personal data shall be: @johnnyryan -GDPR, Article 5 (1) (b)
  • 50. The GDPR is at risk of failing. Here is why.
  • 51. UKGermanyAustria Belgium Bulgaria Croatia Cyprus Denmark Estonia Finland France Hungary Ireland Italy Latvia Lithuania Lux. Netherl.MaltaCzech Republic Romania Slovakia Slovenia Spain SwedenPortugalPolandGreece 101‡ 4‡ 42641†8 21 28 3842†55† 7† 2 4 22 36‡ 4 11‡ 82 12 3,520 people work at European DPAs that regulate the private sector. But only 8.6% are specialist tech investigators.
  • 52. UKGermanyAustria Belgium Bulgaria Croatia Cyprus Denmark Estonia Finland France Hungary Ireland Italy Latvia Lithuania Lux. Netherl.MaltaCzech Republic Romania Slovakia Slovenia Spain SwedenPortugalPolandGreece 101‡ 4‡ 42641†8 21 28 3842†55† 7† 2 4 22 36‡ 4 11‡ 82 12 This is the thin line policing big tech
  • 53. 2017 2019 2020 €16.5 €32.3 €56.1 €32.6 2018 But governments have reduced DPA budget increases since the GDPR. Total increases to DPA annual budgets, in millions of Euro, rounded. The GDPR was applied on 25 May
  • 54. 2010 20202000 Lead authority case load per country Twenty years of annual budgets 30 60 UK 56 cases Germany (federal € only) 92 cases Ireland 127 cases France 64 cases Luxembourg 87 cases 0 €61 MillionsofEuro,rounded. The GDPR was applied on 25 May
  • 55. But only 3% of its staff are tech specialists. Organigram of ICO staff whose roles or training are primarily technical. Head of tech. policy Head of privacy innovation Tech. adviser (secondment) Tech. adviser (secondment) Data ethics adviser Executive director Technology policy & innovation unit Group manager technology policy Group manager digital economy Principal tech. advisor Principal tech. advisor Post-doctoral fellowship in AI Senior tech. officer Senior tech. officer Team manager Group manager Cyber incident response & investigation unit Principal cyber investigations officer Principal cyber investigations officer Principal cyber investigations officer Lead technical investigations officer Lead technical investigations officer Vacancy Team manager Lead technical investigations officer The UK ICO is Europe’s biggest DPA. It has 680 staff. Its budget doubled from 2018 to 2020, to €61M. 22 people
  • 56. Team manager Group manager Cyber incident response & investigation unit Principal cyber investigations officer Principal cyber investigations officer Principal cyber investigations officer Lead technical investigations officer Lead technical investigations officer Team manager 8 peopleactually conduct tech investigations at the ICO 1 vacancy +
  • 57. BRAVE | Tracking on UK council websites Regulatory failure to protect the UK against RTB Timeline of ICO inaction: • January 2018 The ICO is contacted by Dr Johnny Ryan, then an industry whistle blower, about the RTB data breach. • September 2018 Brave initiates a campaign of formal GDPR complaints to stop the RTB data breach. The ICO receives Brave’s evidence in GDPR complaints from Jim Killock of the Open Rights Group and Dr Michael Veale. • June 2019 The ICO announces that RTB is currently unlawful, and gives the industry six months to clean up. • December 2019 The ICO’s six month grace period for the RTB industry ends. No substantive action is proposed by industry. • January 2020 The ICO announces it accepts the RTB industry’s gestures, and will take no immediate action to stop the continuing RTB data breach. English non-metropolitan county councilsUK local and unitary councils 198 Councils use “real-time bidding” advertising on their sites Councils without real-time bidding Councils with real-time bidding
  • 58. 2017 2019 2020 37% requested from government 10% actually given 79% 75% 60% 31% % increase in budget % increase in GDPR complaints received Ireland’s DPA supervises Google and Facebook in Europe. Even though increases in complaints are accelerating, 2018 56% increases to its budget are decelerating.
  • 59. Annual budget (millions €) Numberoftechspecialists Spain Netherlands 60 100 120 20 40 80 0 100604020 120800 Italy Ireland UK Germany Greece France Other EU Member States This includes Länder (regional) and federal DPAs
  • 60. German Länder DPAs Not included on this chart: Federal Commissioner for Data Protection and Freedom of Information (BfDi): 185 staff, 22 of these roles (including 10 vacancies) are tech specialists. BfDI is responsible for postal and telecommunications services, government departments and federal institutions. Bayern has a separate DPA that deals with the public sector. Its 44 staff include 5 tech specialists. ‡Saarland tech specialist figure is an estimate based on DPA response. 8 3 288 8 25 456 716 53 27 23 24 10 5 5 4 3 4 3 3 1 19 19 25 Baden-Württemberg Bayern Berlin Niedersachsen Hamburg Bremen Rheinland-Pfalz Brandenburg Hessen Sachsen-Anhalt Sachsen Schleswig-Holstein Vorpommern Saarland‡ Nordrhein-Westfalen Thüringen 1 465 283 5 29 49
  • 61. Too few tech specialist investigators. Too few funds to defend decisions in court.
  • 62.
  • 63. I have submitted a request to the European Commission to launch an infringement procedure against European Governments for their failure to implement the GDPR.
  • 64. EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE and CONSUMERS Directorate C: Fundamental rights and Rule of Law Unit C.3: Data protection Brussels, 06.05.2020 JUST.C3/ks (2020)2747685 Dr Johnny Ryan 26 Dartmouth Road Ranelagh D06 FT98 Ireland E-mail: johnny@brave.com Dear Sir, Thank you for your letter of 27 April 2020, which has been registered as a complaint under reference numbers CHAP(2020)1136, 1137, 1138, 1140, 1141, 1142, 1143, 1144, 1145, 1146, 1147, 1148, 1149, 1150, 1151, 1152, 1153, 1154, 1155, 1156, 1157, 1158, 1160, 1161, 1162, 1163 (please quote these references in any further correspondence). Ref. Ares(2020)2393042 - 06/05/2020
  • 65. National recommendations ● Far more specialist tech investigators, with competitive salaries to attract talent. ● Finance to allow DPAs to defend decisions against expensive legal appeals. EU-level recommendations ● EDPB (secretariat run by the EDPS) should establish a tech investigative unit to support national DPAs. Substantial permanent staff, and a small rotating temporary staff from national DPAs. ● European Commission should should refer Member States to the European Court of Justice if necessary.
  • 66. 1. NEXT: Purpose limitation = ‘big tech’ kryptonite. Cross-use of personal data makes companies vulnerable to Article 5(1)b enforcement. 2. WHY NOTHING HAPPENED BEFORE: Governments have not invested. The European Commission must see that they do.