The Practical Impact of the
General Data Protection
Regulation
23 March, 2016
2
Agenda
• Introductions
• The Ghostery Story
• The General Data Protection Regulation (GDPR)
• The GDPR and Digital Adver...
3
Introductions
• Eduardo Ustaran – Partner, Hogan Lovells
• Nick Stringer – Chair of the European Interactive Digital Adv...
4
Ghostery Story
• Founded in 2009 Ghostery is the industry leader in digital experience
optimization and privacy solution...
5
We Make the Invisible Visible
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
6
GDPR is setting the table for the DSM to Flourish
• The GDPR is part of the Digital Single Market, a three-pronged strat...
7
e-Privacy Directive Review
• First stakeholder meeting April 12
and then throughout 2016
• Expect EC proposal in 2017
• ...
Eduardo Ustaran, Partner
A practical overview of the new privacy framework
How will the EU Data Protection
Regulation affe...
Hogan Lovells | 9
• A single set of rules
• Extraterritorial reach
• Putting people in control
• Focus on practical compli...
Hogan Lovells | 10
• January 2012 - Proposed EU Data
Protection Regulation
• March 2014 - Parliament's preferred
draft
• J...
| 11Hogan Lovells
• One single law for the EU
– Interpreted nationally
• Applicability based on
establishment in the EU
– ...
| 12Hogan Lovells
• Strengthening of consent
– consent cannot be bundled with T&Cs
– consent can be withdrawn at any time ...
Hogan Lovells | 13
• Data protection policies
• Data protection by design and by default
• Record keeping obligations (con...
Hogan Lovells | 14
• Life after Safe Harbor
• Privacy Shield?
• Binding Corporate Rules
• Standard contractual clauses
– A...
| 15Hogan Lovells
• Still national regulators
• Greater international cooperation
• One-stop-shop?
• Massive fines
– up to...
Hogan Lovells | 16
#1 Don't panic
#2 Assess the true impact
#3 Prioritise accountability
#4 Think strategically about data...
The GDPR and Digital Advertising
Nick Stringer, Chair EDAA
18
Context
• As legislators in Brussels have been framing a new data protection
framework…
• …the EU ad industry had been ...
19
Background
• At the heart of EU initiative is an icon proving users with more information
and ways to control ad prefer...
20
Mobile - Transparency
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
21
Mobile - Control
Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Mobile web Device controls Industry...
22
Summary
• If you’re an ad business get involved!
• Brands / publishers – urge ad partners to get involved!
• Initiative...
Hogan Lovells | 23
Eduardo Ustaran Todd Ruback Nick Stringer
+44 20 7296 5249 917-262-2528 (US) +447957691803
eduardo.usta...
24Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
Q & A
Prochain SlideShare
Chargement dans…5
×

The Practical Impact of the General Data Protection Regulation

3 398 vues

Publié le

March 23, 2016

Publié dans : Technologie
  • Soyez le premier à commenter

The Practical Impact of the General Data Protection Regulation

  1. 1. The Practical Impact of the General Data Protection Regulation 23 March, 2016
  2. 2. 2 Agenda • Introductions • The Ghostery Story • The General Data Protection Regulation (GDPR) • The GDPR and Digital Advertising • Q&A Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  3. 3. 3 Introductions • Eduardo Ustaran – Partner, Hogan Lovells • Nick Stringer – Chair of the European Interactive Digital Advertising Alliance • Todd Ruback – Chief Privacy & Security Officer, Ghostery Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  4. 4. 4 Ghostery Story • Founded in 2009 Ghostery is the industry leader in digital experience optimization and privacy solutions PERFORMANCEGOVERNANCE PRIVACYSECURITY MCM Ad Choices AppChoices App Notice Site Notice Ghostery Plug-In Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  5. 5. 5 We Make the Invisible Visible Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  6. 6. 6 GDPR is setting the table for the DSM to Flourish • The GDPR is part of the Digital Single Market, a three-pronged strategy meant to tear down trade barriers and create conditions that could contribute up to €415 Billion to the European economy * • GDPR is meant to give more control to the individual and compliance certainty to the corporation. It will create new individual rights and new corporate obligations, putting an emphasis on privacy as a core business process • ePrivacy Directive (“cookie law) – its still around but is being reviewed to be in concert with the GDPR * Digital Single Market, ec.europe.eu Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  7. 7. 7 e-Privacy Directive Review • First stakeholder meeting April 12 and then throughout 2016 • Expect EC proposal in 2017 • Needs to compliment GDPR’s new notice and consent requirements Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  8. 8. Eduardo Ustaran, Partner A practical overview of the new privacy framework How will the EU Data Protection Regulation affect you?
  9. 9. Hogan Lovells | 9 • A single set of rules • Extraterritorial reach • Putting people in control • Focus on practical compliance • Stronger enforcement powers The aim behind the EU's privacy reform “A strong, clear and uniform legal framework.”
  10. 10. Hogan Lovells | 10 • January 2012 - Proposed EU Data Protection Regulation • March 2014 - Parliament's preferred draft • June 2015 - Council's preferred draft • 24 June 2015 - Trilogue kick-off • 15 December 2015 - GDPR agreed • Q1 2016 - Formal adoption • Q2 2016 - Official publication • 2 years + 20 days from the day of publication: GDPR in force and enforceable A long legislative process
  11. 11. | 11Hogan Lovells • One single law for the EU – Interpreted nationally • Applicability based on establishment in the EU – Economic activity in EU Member State • Applicability based on individuals being in the EU – Offering of goods or services to them – Monitoring of their behaviour Geographical applicability
  12. 12. | 12Hogan Lovells • Strengthening of consent – consent cannot be bundled with T&Cs – consent can be withdrawn at any time and in an easy way – if ‘take it or leave it’ not freely given Putting people in control of their data • Provision of information • Right of access • Right to rectification • Right to erasure • Right to restriction of processing • Right to data portability • Right to object to the processing • Right on automated processing
  13. 13. Hogan Lovells | 13 • Data protection policies • Data protection by design and by default • Record keeping obligations (controllers & processors) • Co-operation with DPAs (controllers & processors) • Data protection impact assessments • Prior consultation with DPAs in high-risk cases • Mandatory DPOs for public sector and Big Data (controllers & processors) • Security and notification of breaches (controllers & processors) Accountability obligations
  14. 14. Hogan Lovells | 14 • Life after Safe Harbor • Privacy Shield? • Binding Corporate Rules • Standard contractual clauses – Adopted by European Commission – Adopted by DPAs • Approved code of conduct • Approved certification mechanism • Ad-hoc contracts authorised by DPAs International data transfers
  15. 15. | 15Hogan Lovells • Still national regulators • Greater international cooperation • One-stop-shop? • Massive fines – up to 20 million euro or – up to 4% of the total worldwide annual turnover whichever is higher Supervision and enforcement
  16. 16. Hogan Lovells | 16 #1 Don't panic #2 Assess the true impact #3 Prioritise accountability #4 Think strategically about dataflows #5 See it as an opportunity Action plan
  17. 17. The GDPR and Digital Advertising Nick Stringer, Chair EDAA
  18. 18. 18 Context • As legislators in Brussels have been framing a new data protection framework… • …the EU ad industry had been implementing its initiative (‘AdChoices’) to enhance transparency & user control in interest-based digital advertising. • This initiative – joined up with those in US & Canada – has been operating within a tough EU regulatory environment (ePrivacy Directive). • The EDAA is currently assessing how the initiative may need to adapt in light of the GDPR. • UK and EU trade bodies (e.g. IAB) are looking at GDPR implementation as a whole. Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  19. 19. 19 Background • At the heart of EU initiative is an icon proving users with more information and ways to control ad preferences. Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  20. 20. 20 Mobile - Transparency Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  21. 21. 21 Mobile - Control Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved Mobile web Device controls Industry app solution (Coming soon!)
  22. 22. 22 Summary • If you’re an ad business get involved! • Brands / publishers – urge ad partners to get involved! • Initiative will be important under the GDPR. • Enables businesses to ‘get ahead’ as (a) GDPR enforcement starts in mid-2018; (b) areas of ambiguity are still to be debated. • More details at www.edaa.eu or get in touch! Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved
  23. 23. Hogan Lovells | 23 Eduardo Ustaran Todd Ruback Nick Stringer +44 20 7296 5249 917-262-2528 (US) +447957691803 eduardo.ustaran@ todd@ghostery.com nick@njstringer.com hoganlovells.com Thank You
  24. 24. 24Private & Confidential | © 2016 Ghostery, Inc. All Rights Reserved Q & A

×