Knowing me, Knowing you Managing and Using Contact Information. Philip Nolan, Partner, Head of Privacy and Data Protection Mason Hayes & Curran

Transcription

1 Knowing me, Knowing you Managing and Using Contact Information Philip Nolan, Partner, Head of Privacy and Data Protection Mason Hayes & Curran 31 January

2 Data: Your Key Asset Compliance asset protection Core to business models Understanding customers Web 2.0 Online advertising Location based services /telematics Analytics/Big Data Greentech/smart grid 2

3 Topics Learning about your network Basic Rules Current challenges Contacting your network The Future Goal = Selling to the right person at the right time 3

4 Learning About Your Network Basic Rules Fair Processing transparency Consent or legitimate interests Limited Purpose define clear purposes Not proportionate do I need this information? Retention is this data still current? Do I still need this information? 4

5 Learning About Your Network Current Issues Sensitive Personal Data Cookies Databrokers Location Based Services Screen Scraping All areas of increasing market, and regulatory, interest 5

6 Sensitive Personal Data Race, political/religious views, trade union membership, health, sex life US Presidential Campaign Healthcare Products Need explicit consent US approach may not work in EU 6

7 Cookies What are Cookies? Basis of OBA and website analytics New (2011) rules impose stringent disclosure obligations: Clear and comprehensive information which is prominently displayed and easily accessible regarding the type of cookie being used and details of its purpose; Consent, not opt-out Exception for technically required cookies. 7

8 Cookies (2) Practical compliance How intrusive are the cookies? Notice to users (pop-up vs. link) Ongoing debate re. OBA Article 29 Working Party - Prior Opt-In required DPC (FB Audit) no clear industry practice at this time If linked to personal data, also need to comply with general data protection rules December 2012 DPC letters to 80 websites 8

9 Buying Data Databrokers sell lists of contacts/leads Should be based on prior, informed, opt-in consent Lawful, but care needed Check the contract look for Reps/Warranties re. privacy compliance How did the supplier get the information? Fair processing need to inform the contact you have their personal data 9

10 Location Based Services/ Telematics Emerging trend Applying online-style analysis to the real world, e.g. store browsing; offering vouchers to nearby potential customers. Implement via RFID chips or mobile phone Specifically regulated Requires consent or anonymous data 10

11 Screen Scraping Automatically pulling data off a website Can breach fair processing principle and may lead litigation Ryanair v. Billigfluege.de Breach of Terms; IP infringement 11

12 Contacting Your Network Basic Rule B2C need prior consent (and an opt-out) B2B must offer an opt-out Practical Steps Always get consent for B2C campaigns Offer opt-out in Implement a system to record opt outs. Consequences Fine of 5,000 or (on indictment) 250,000 12

13 Future Developments: Data Protection Regulation Harmonise EU law Controversial Further regulation Recent Parliament proposals additional restrictions Council reservations Likely to come into force in 2015/2016 (If adopted) 13

14 Future Developments: Data Protection Regulation Key issues: explicit consent Restriction of legitimate interests right to be forgotten privacy by design privacy impact assessments 2% turnover fines 14

15 ASAI OBA Rules Likely to be based on ASA Rules (which come into force on 4 Feb 2013) Third Parties (i.e. ad networks) must notify users Users must be given an opportunity to opt-out Advertisers must co-operate in identifying the Third Parties Country of origin principle In addition to existing cookies rules 15

16 Concluding Thoughts Area of increasing value and importance to business, driven by technology BUT also an area of increasing regulatory attention Predication Will continue to evolve and will likely become more central to business in the coming years. 16

17 Knowing me, Knowing you Managing and Using Contact Information Philip Nolan, Partner, Head of Privacy and Data Protection Mason Hayes & Curran 31 January