GDPR Is Coming – Are Emailers Ready?

Description
The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward. PRESENTER Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel

Please download to get full document.

View again

of 24
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information
Category:

Marketing

Publish on:

Views: 3 | Pages: 24

Extension: PDF | Download: 0

Share
Transcript
  • 1. Presentation to MediaPost Email Insider Summit GDPR IS COMING – ARE EMAILERS READY? Tuesday, April 24, 2018 Gary A. Kibel Partner Digital Media, Technology & Privacy 212.468.4918 gkibel@dglaw.com @GaryKibel © 2018 Davis & Gilbert LLP
  • 2. AGENDA 1. U.S. vs. EU – Contrasting approaches to personal data 2. Key GDPR provisions applicable to ad tech and email 3. Pending Legislation 4. Q&A GDPR is Coming – Are Emailers Ready?1
  • 3. PRIVACY
  • 4. Digital Marketing and Big Data4 QUOTES You have zero privacy anyway. Get over it. Scott McNealy, CEO, Sun Microsystems 1999 ! “ ” “ ” Men lie. Women lie. Children lie. The only three things that don't lie are data, pets, and Spandex workout clothing. Peter Shankman, PR/Author
  • 5. 5 GDPR & Ad Tech: Examining the IAB Europe Transparency & Consent Framework U.S. VS EUROPE
  • 6. 6 FTC Section 5 “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” Regulation (EU) 2016/679 of the European Parliament - General Data Protection Regulation (GDPR) Directive 2002/58/EC – (ePrivacy Directive) PRIVACY ENFORCEMENT GDPR is Coming – Are Emailers Ready?
  • 7. FEDERAL TRADE COMMISSION ACT SECTION 5 » “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” - Deception = Misrepresentations or omissions likely to mislead consumers acting reasonably under the circumstances - Unfairness = causes or is likely to cause substantial consumer injury, not reasonably avoided by the consumer, and not outweighed by countervailing benefits to consumers or competition 7 GDPR is Coming – Are Emailers Ready?
  • 8. 8 PII = Personally identifiable information » COPPA – “personal information” » HIPAA – “protected health information” » GLB – “nonpublic personal information” » State security breach notification laws Personal Data = any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR is Coming – Are Emailers Ready?
  • 9. EXPANDING SCOPE OF PERSONAL INFORMATION » FTC Consent orders – “Persistent identifiers” » COPPA Amendments 2013 – Definition of personal information expanded to include any “persistent identifier that can be used to recognize a user over time and across different websites or online services” - Carve out for “support for internal operations” • Certain internal activities would not be considered a collection of PI, as long as the information collected is not used or disclosed to contact a specific individual (e.g., site maintenance and analysis) 9 GDPR is Coming – Are Emailers Ready?
  • 10. FTC – WHAT IS PII ? Blog post – April 21, 2016 » “… we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.” 10 GDPR is Coming – Are Emailers Ready?
  • 11. 11 GDPR & Ad Tech: Examining the IAB Europe Transparency & Consent Framework GDPR APPLICABILITY TO AD TECH AND EMAIL
  • 12. GDPR FOR AD TECH » What is the GDPR? » 173 Recitals. 99 Articles. - Enforcement begins - May 25, 2018 » Why is this important? - Penalties = up to 4% of worldwide annual turnover or €20,000,000 12 GDPR is Coming – Are Emailers Ready?
  • 13. GDPR FOR AD TECH (1) Applicability / Extra-territorial scope - Applies to controllers / processors not established in the Union where: • (i) the processing relates to the offering of goods/services in the EU or (ii) monitoring of behavior of data subjects who are in the Union (2) Lawfulness of Processing - Consent - Legitimate Interest (Interests and rights and freedoms of the user are not overriding) 13 GDPR is Coming – Are Emailers Ready?
  • 14. GDPR FOR AD TECH (3) Personal Data - Definition of personal data includes: • Pseudonymous data • Online identifiers (e.g. cookie IDs) • Location data • Child - <16 (vs. <13 in U.S.) (4) Pseudonymization - “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” (5) Anonymous Data – no connection of data with an individual 14 GDPR is Coming – Are Emailers Ready?
  • 15. GDPR FOR AD TECH (6) Data Subject Access Rights - Transparency - Access / rectification - Restrict processing - Right of erasure (a/k/a right to be forgotten) - Right to restrict processing / Right to object - Data portability (7) Client / Vendor Relationships - Data Processing Agreements 15 GDPR is Coming – Are Emailers Ready?
  • 16. GDPR FOR AD TECH (8) Lots of Internal / External policies - Internal – Information Security; - Privacy Notices - User flow (9) Breach notification - 72 hours to regulatory authorities (10) Record keeping - processing activities - More 16 GDPR is Coming – Are Emailers Ready?
  • 17. HIERARCHY OF EPRIVACY AND GDPR 17 GDPR is Coming – Are Emailers Ready? Processing personal data Consent GDPR Legal Basis ePrivacy GDPR  Collection of data over the internet generally requires under ePrivacy rules  Processing of personal data requires a e.g. consent, or legitimate interest GDPR Legal Basis Storing/accessing data on device Consent
  • 18. GDPR » Radically different approach to tracking than in the United States GDPR is Coming – Are Emailers Ready?18
  • 19. PENDING LEGISLATION
  • 20. VERMONT – H.467 (DATA BROKER PROTECTION ACT) » “Data Broker” means a commercial entity that collects, assembles, or maintains personal information concerning individuals residing in Vermont who are not customers or employees of that entity for the purpose of selling or offering for sale, or other consideration, the personal information of a third party. » “Personal Information” includes information that identifies, relates to, describes or is capable of being associated with a particular individual. Includes internet usage history; profile that includes personality / characteristics » Data brokers must register with the state » Data brokers must annually report to the state on its activities » “Know your customer” » Status: In committee GDPR is Coming – Are Emailers Ready?20
  • 21. “CONSENT ACT” (2018) SENS. MARKEY (D-MA) & BLUMENTHAL (D-CT) » Notice and choice for “personally identifiable information” » Affirmative, express consent to use, disclose or access “sensitive customer proprietary information” - Includes web browsing history and application usage history » Authorizes FTC to implement regulations » No re-identification permitted » Breach notification obligation » Status: In committee GDPR is Coming – Are Emailers Ready?21
  • 22. don’t be creepy!
  • 23. Q&A To sign up and receive digital media alerts and event invitations, email gkibel@dglaw.com Gary A. Kibel Partner Digital Media, Technology & Privacy 212.468.4918 gkibel@dglaw.com @GaryKibel © 2018 Davis & Gilbert LLP
  • Related Search
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks