08448380779 Call Girls In Friends Colony Women Seeking Men
Knowing Me, Knowing You - Managing & Using Contact Information
1. Knowing me, Knowing you – Managing and
Using Contact Information
Philip Nolan,
Partner,
Head of Privacy and Data Protection
Mason Hayes & Curran
31 January 2012
pnolan@mhc.ie/ 01 6145078
1
2. Data: Your Key Asset
Compliance → asset protection
Core to business models
→ Understanding customers
→ Web 2.0
→ Online advertising
→ Location based services /telematics
→ Analytics/Big Data
→ Greentech/smart grid
2
3. Topics
Learning about your network
→ Basic Rules
→ Current challenges
Contacting your network
The Future
Goal = Selling to the right person at the right time
3
4. Learning About Your Network – Basic Rules
“Fair Processing” → transparency
Consent or legitimate interests
Limited Purpose → define clear purposes
Not proportionate → do I need this information?
Retention → is this data still current? Do I still need this
information?
4
5. Learning About Your Network – Current Issues
Sensitive Personal Data
Cookies
Databrokers
Location Based Services
Screen Scraping
All areas of increasing market, and regulatory, interest
5
6. “Sensitive” Personal Data
→ Race, political/religious views, trade union membership,
health, sex life
→ US Presidential Campaign
→ Healthcare Products
→ Need explicit consent
→ US approach may not work in EU
6
7. Cookies
What are Cookies?
Basis of OBA and website analytics
New (2011) rules impose stringent disclosure obligations:
→ “Clear and comprehensive information” which is “prominently
displayed and easily accessible” regarding the type of cookie
being used and details of its purpose;
→ Consent, not “opt-out”
→ Exception for technically required cookies.
7
8. Cookies (2)
Practical compliance → How intrusive are the cookies?
Notice to users (pop-up vs. link)
Ongoing debate re. OBA
→ “Article 29 Working Party” - Prior Opt-In required
→ DPC (FB Audit) – no clear industry practice at this time
• If linked to personal data, also need to comply with general data
protection rules
• December 2012 → DPC letters to 80 websites
8
9. Buying Data
Databrokers sell lists of contacts/leads
Should be based on prior, informed, opt-in consent
Lawful, but care needed
Check the contract – look for Reps/Warranties re. privacy compliance
How did the supplier get the information?
Fair processing → need to inform the contact you have their personal
data
9
10. Location Based Services/ Telematics
Emerging trend
Applying online-style analysis to the real world, e.g. store browsing;
offering vouchers to nearby potential customers.
Implement via RFID chips or mobile phone
Specifically regulated
Requires consent or anonymous data
10
11. Screen Scraping
Automatically pulling data off a website
Can breach “fair processing principle” and may lead litigation
Ryanair v. Billigfluege.de
Breach of Terms; IP infringement
11
12. Contacting Your Network
• Basic Rule
→ B2C email – need prior consent (and an opt-out)
→ B2B email – must offer an opt-out
• Practical Steps
→ Always get consent for B2C campaigns
→ Offer opt-out in email
→ Implement a system to record opt outs.
• Consequences
→ Fine of €5,000 or (on indictment) €250,000
12
13. Future Developments: Data Protection Regulation
Harmonise EU law
Controversial → Further regulation
Recent Parliament proposals → additional restrictions
Council reservations
Likely to come into force in 2015/2016 (If adopted)
13
14. Future Developments: Data Protection Regulation
Key issues:
→ explicit consent
→ Restriction of “legitimate interests”
→ “right to be forgotten”
→ “privacy by design”
→ “privacy impact assessments”
→ 2% turnover fines
14
15. ASAI OBA Rules
Likely to be based on ASA Rules (which come into force on
4 Feb 2013)
→ Third Parties (i.e. ad networks) must notify users
→ Users must be given an opportunity to “opt-out”
→ Advertisers must co-operate in identifying the Third
Parties
→ Country of origin principle
In addition to existing “cookies rules”
15
16. Concluding Thoughts
Area of increasing value and importance to business, driven
by technology
BUT also an area of increasing regulatory attention
Predication → Will continue to evolve and will likely become
more central to business in the coming years.
16
17. Knowing me, Knowing you – Managing and
Using Contact Information
Philip Nolan,
Partner,
Head of Privacy and Data Protection
Mason Hayes & Curran
31 January 2012
pnolan@mhc.ie/ 01 6145078
17