Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.

1. Privacy & Digital Analytics : Yeti
or Snow Fairy?
January 22nd
2014
Aurélie Pols
Something (Digital) Analytics Europe
Chief Visionary Officer & Founder
@aureliepols

2. Expectations: no legislation, promised!
@aureliepols

3. Datenschutz, Protección de datos, Protection des données
@aureliepols

4. Current public opinion: Creepiness!
@aureliepols

5. Privacy, a human right?
Navi Pillay
Source: http://rt.com/news/germany-brazil-un-spying-resolution-394/
Source: http://www.ohchr.org/EN/Pages/WelcomePage.aspx
@aureliepols

6. The changing tide of public opinion
Source: http://
www.globalresear
ch.ca/25verdades-sobreel-caso-evomoralesedwardsnowden/
5341660
@aureliepols

7. Democracy in danger since the Patriot Act?
Source: http://minnesota.publicradio.org/
display/web/2013/01/22/daily-circuitalexis-de-tocqueville-democracy-inamerica
@aureliepols

8. This is about keeping your job
Source: http://toogoodtogodown.wordpress.com/2012/04/30/
youre-fired-which-grimsby-town-players-will-be-offered-newdeals-and-which-will-be-released/
@aureliepols
http://blog.kevinmaxwell.co.uk/2012/11/guess-what-youre-fired/

9. The confessions of a European analyst
§ Grew up in the Netherlands, Dutch passport
§ French mother tongue
§ Most of my friends of bilingual at least!
§ Have Polish & Russian origins
§ Set-up my first start-up in Belgium in 2003
§ Sold it to a UK agency, Digitas LBi (Publicis), in 2008
§ Moved to Spain in 2009
§ Created Mind Your Group (Putting Your Data to Work) + sister company Mind
Your Privacy in 2012 (yes, law firm – Data Science Protected)
@aureliepols

10. Bridging Analytics & Data Protection in Europe
§ European Convention of Human Rights, Article 8: Privacy is a fundamental
right
you don’t have to agree ;-)
§ Spain = 80% of EU Data Protection fines; strict data protection legislation,
breach notification & security protocols best practices
@aureliepols

11. Spain: 80% of data protection fines in the EU
@aureliepols

12. The Rule of Law is the foundation of Democracy
“Democracy must be built through
open societies that share information.
When there is information, there is
enlightment.
When there is debate, there are
solutions.
When there is no sharing of power, no
rule of law, no accountability, there is
abuse, corruption, subjugation and
indignation.”
Atifete Jahjaga, President of Kosovo
@aureliepols

13. The Rule of Law is the foundation of Democracy
APEC
US & UK
Continental
Common Law
law influenced
Class actions
EU
Continental Law
Fines (by DPAs: Data protection
Agencies)
Privacy
Personal Data Protection
Business focused
Citizen focused: data belongs to the
visitor/prospect/consumer/citizen
Sector based legislations: Over-arching EU Directives &
HIPPA, COPPA, VPPA, … Regulations
PII varies per state but lists Introduction of pseudo-anonymized
defined
data within the new PDP
Regulation, partially trying to avoid
* Again, you don’t have to agree!
pinning down PII exactly imho
@aureliepols

14. Privacy is a tough cookie to crack
So was probably the Declaration of
Human Rights, ask Eleanor
Roosevelt!
So called Cookie Directive, good or
bad idea?
- Very techno specific
- Doesn’t help when legislation lags
behind…
- Raised awareness?
- Clean house?
Best cookies in the world: Maison Dandoy,
Brussels, since 1829,
http://www.maisondandoy.com/en/home/,
@aureliepols

15. Rome wasn’t build in a day
Take away #1:
§ The EU & the US view Privacy &
data protection very differently and
that is fine!
§ Rome wasn’t built in one day, neither
was the traffic regulation in NY or
Madrid!
@aureliepols

16. Take away #2 related to data:
§ Time:
- Techno evolves faster than
legislation
- Privacy procedures are new to
techno players => no Privacy
culture!
§ Data is ad infinitum transferable,
without decay => new Privacy
challenges, la bande de GAFA
(CNIL)
Image source:
http://images.forum-auto.com/mesimages/770027/passage
%20cloute.jpg
@aureliepols

17. Privacy tri-partite
Joint effort by:
1. Governments &/or international
Associations => regulations,
guidelines..
2. Businesses
3. Citizens/consumers/voters
Each party wanting to defend its rights:
- Personal Data Protection & the Rule
of Law through respect of
Fundamental Rights
vs.
- Profits & hopefully Sustainability
@aureliepols
Governments
OUR
GLOBAL
SOCIETY
Citizens/
consumers/
voters
Businesses

18. If data is the new oil, is Privacy the new Green?
Comparing Facebook’s Privacy policy
Source: http://mattmckeon.com/facebook-privacy/
@aureliepols

19. What’s in a word? DATA LIFECYCLE
Source:
https://vividcortex.com/blog/2013/10/30/slides-frommaking-big-data-small-at-strata
@aureliepols
Source:
http://www.simpletraining.com/
lifecycle-data-managementtraining.html

20. Bridging worlds in Digital Marketing

21. Overlap & pieces missing
Take away #3
§
Data:
-
ad infinitum
transferable
§
Legislation:
-
Breach notification
§
Common sense:
-
Procedures!
Source:
http://libraries.mit.edu/guides/subjects/
data-management/cycle.html
@aureliepols

22. The evolution of Breach notification
http://
www.informationisbeaut
iful.net/visualizations/
worlds-biggest-databreaches-hacks/
@aureliepols

23. LinkedIn Big Data feedback loop
Consent?
Anyone?
Example:
Netflix
VPPA
Source: https://www.facebook.com/photo.php?v=10151708759330687&set=vb.9445547199&type=2&theater
@aureliepols

24. Some basic Privacy terms, bouh!
PURPOSE:
What are you using the data for?
CONSENT:
Reasonable expectation of the use
of data => Transparency
Trust => Social Media reputation
(See also Breach notification for Crisis Management)
Creepy => Ethics boundary
@aureliepols

25. You: Data Controller – Tools: Data Processor, ok?
Take away #4
Review those bloody
contracts, will you?
Assure liability is
clear and that you
are covered!
Source: http://
ec.europa.eu/justice/
data-protection/datacollection/obligations/
index_en.htm
@aureliepols

26. Did Big Data kill the Privacy framework?
No, it introduced a paradigm
shift
Just like analytics is becoming
permeable through the company
Purpose
New business opportunity
through data
User consent
This is also the case for the legal
consequences of the use of data:
Employee Training & internal
debate related to what is
acceptable & what is not should
become part of business
Fair & Legal process
Data diving analysis / Big
Data
Information for approved use
@aureliepols

27. Security is only one solution to the problem
SECURITY
(TECHNOLOGY)
The guy in the middle
is a DPO: Data
Protection Officer,
required key personnel
once the EU Personal
Data Protection
Regulation passes
DATA COLLECTION
@aureliepols

28. The EU Personal Data Protection Regulation is coming
#EUDataP
Source:
www.iabeurope.eu/
files/
8813/7882/1681/
IAB_Tuesday_Web
inar_Data_Protecti
on_FINAL.pdf
ICO is an
outlier
@aureliepols

29. Without the right support, the best security crumbles
Y
URIT
SEC OLOGY)
HN
(TEC
DATA COLLECTION
@aureliepols

30. Human error causes most data breaches
Source: http://
www.cooldailyinfo
graphics.com/
post/data-andsecurity-breaches
@aureliepols

31. Bridging the analytics to the legal world
Security = Icing on the cake
SECURITY
TECHNOLOGY
Information for
approved use
Data diving analysis /
Big Data
Fair & Legal
process
New business
opportunity through
data
User consent
DATA COLLECTION
@aureliepols

32. Harmonising Security & Privacy
§ Effective Privacy management depends upon a Risk driven approach that
surpasses compliance needs
- Prepare for legislative changes
- Recognise that just because something is legal, it doesn’t mean it is a
good idea
- Consider how Privacy drives strategic advantage => USP?
§ Skill requirements & interfaces between professionals
- Identifying intersection and tackling conflict
- Finding a common language
- Developing a Privacy culture
@aureliepols
Source:
http://www.rsaconference.com/
writable/presentations/file_upload/
grc-w07-when-worlds-collideharmonising-governance-betweensecurity-and-privacy.pdf

33. Always ask yourself these 3 questions & keep your job
§ What data am I collecting?
- PII vs. non-PII
- Persönlich ↔ Pseudonym ↔
Anonym
§ Who has access to this data?
- Both persons & tools
§ Where is the data stored?
- SafeHarbor vs. Binding Corporate
Rules
@aureliepols

34. Or follow the IAB’s recommendations!
@aureliepols
@aureliepols

35. Don’t let your company turn into
@aureliepols

36. From Yeti to Snow Fairy
@aureliepols

37. From Yeti to Snow Fairy
@aureliepols

38. Snow Fairy?
@aureliepols

39. Source: http://
www.fanpop.com
/clubs/the-goodwife/images/
25049423/title/
good-wifespecial-aliciaseason-3-photo
@aureliepols

40. Thank you for your time!
Aurélie Pols
Something (Digital) Analytics Europe
Chief Visionary Officer & Founder
@aureliepols –
www.mindyourprivacy.com/uk/