Sirius Legal - IgnitionOne Lunch & Learn
-
Upload
ignitionone -
Category
Law
-
view
33 -
download
0
Transcript of Sirius Legal - IgnitionOne Lunch & Learn
Sirius LegalData Driven Marketing and the EU: the Regulatory challenges aheadIgnitionOne: Data Driven Marketing: from collection to usage, 22 June 2015
Data Driven Marketing and the EU
The right to privacy between individuals
EU Privacy law does not deal with this aspect of privacyNational (civil) law
Data Driven Marketing and the EU
The right to privacy in relationship to the government
NSAPoliceTax authoritiesSpecific rules and regulations on international and national level
Data Driven Marketing and the EU
Electronic processing of personal data
Electronic processingPersonal dataUsually for commercial purposesEU Data Protection Directive 95/46/ECE-privacy Directive 2002/58
Data Driven Marketing and the EU
New balls, please…
EU Data Protection Directive 95/46/ECE-privacy Directive 2002/58Have been around for 20 yearsPrinciples no longer fit economical and technical reality
Data Driven Marketing and the EU
New balls, please…
EU is working on a new set of rulesWork in progress since 2012End is not in sight…Uniform rules based on EU Regulation (as opposed to Directive)2017 - 2018
Data Driven Marketing and the EU
Current Privacy Law
Based on EU DirectiveTransferred into national law by each member stateRules date back to the 1990’sBased on location of company and/or serverAt the time most elaborate and progressive set of rules in the world
Data Driven Marketing and the EU
Current Privacy Law
“Right to privacy” >< data processingDefinition of personal data is very largeCJEU 2015: Even IP address – browser historyImpact on data collection and big data
Data Driven Marketing and the EU
Current Privacy Law
Straight and simple:Prior “opt-in” for all processingOr implicit opt-in if “justified reasons” for processing“Free and informed” opt-inTransfer of data to third party = additional opt-in
Cfr. Analytics tools, apps, cookies, database enrichment through mailings and actions, etc.: always opt-inCfr. also social media content
Data Driven Marketing and the EU
Current Privacy Law
Rightsopposition – access – correction - information
ObligationsInformation – opt-in – data security – (export)
Data Driven Marketing and the EU
New regulation
2016 – 2017
Regulation instead of Directive: 1 text instead of 28 texts…Work in progress since January 2012Complex procedure in EU Institutions: Commission – Parliament - CouncilLobbying
Data Driven Marketing and the EU
New regulation
How the EU legislative process works…
2012 Proposal European Commission (Reding)2012-2015 Parallel track in European Parliament and European Council
Proposal Parliament: 4000 amendments (“Michel” a.o.)2015 Parallel proposal Council Work in progress2016 Proposals have to be merged into one final text…
Data Driven Marketing and the EU
EU Proposals
Heavily influenced by consumer protection activists in EPLIBE Committee (protection of civil liberties)
Result:Consumer friendly, but unrealistic for direct marketing sector, e-commerce sector, …
Data Driven Marketing and the EU
EU Proposals
For all services offered in EU (also free services, also non-EU companies)Personal data = also online identifiers, “pseudonymous data”Explicit opt-inInformation obligation (icons)Right not to be submitted to profilingWarning obligations in case of data breach“Data protection by design”“Data protection officer” One stop shopSanctions: LIBE: up to 5% of yearly turnover or 100 million euro
Data Driven Marketing and the EU
EU Proposals
Work in progress24 June 2015: 1st “trilogue” meetingCore elements expected in Sept – Oct 2015Final text expected end of 2017 – early 2018More industry focused (?)
Data Driven Marketing and the EU
EU Proposals
Explicit opt-in But opt-out or implicit opt-in has been put back in if “legitimate interest”
To be expected:Lower penalties and less strict obligationsData protection officer obligation tuned downSofter rules on profiling prohibition
Data Driven Marketing and the EU
What should you do in the meantime?
Follow up on discussion (check our website www.siriuslegal.be)Start review vendor contracts (in view of data security obligation) Start to prepare for full update of policies, contracts, business processesPut in place data breach notification procedure(Temporary) data security officerPut in place impact assessment and/or risk analyses policyCreate compliance statements for annual business reportsTrain staff
Data Driven Marketing and the EU
Cookies
EU e-privacy directive 2002/58/ECBelgium: article 129 in Telecom law since Oct 2012
Data Driven Marketing and the EU
Cookies
Always opt-in
Except for “functional” cookies:necessary for technical reasonsnecessary for communication
Data Driven Marketing and the EU
Cookies
Law is vague and leaves room for interpretation
Sector is waiting for clarifications by Privacy Commission, BIPT/IBPT or FOD Economy…
Data Driven Marketing and the EU
Cookies
Opt-in should be:Free (i.e. possible to website visit without opt-in)Explicit (requires action by visitor)Informed (prior info)Prior to placing cookiesRevocable
Data Driven Marketing and the EU
2015Netherlands soften down lawFrance holds “cookie sweep”Spain imposes high penaltiesBelgium…?
Cookies
Advice Privacy Commission 4 Feb 2015 re cookies: • Continued surfing may constitute
acceptance if sufficient information on homepage (banner – no pop-up)
• surfer may always revoke consent• cookie-policy needed with information• advertisers: contract needed with owner of
website regarding re-use of data + mention in cookie-policy
• Analytics: no exemption; no major risk
Legal update in e-commerce Expert class e-commerce 27 mei 2015
Cookies
Advice Privacy Commission 13 May 2015 re tracking & tracing:
• Website owners with social media buttons(like/share/etc.): activate only if explicit consent
• Double click
Legal update in e-commerce Expert class e-commerce 27 mei 2015
Cookies
Legal update in e-commerce
Cookies
2016 - 2017Juncker commission announces reviewStreamlining with Privacy regulation Also: technical evolution (fingerprinting, etc…)Unclear what will happen in coming years…
Media & advertisement lawCopyright - trademarks - database - software - knowhowIT, Internet, e-commerce, domain namesPrivacy & cookiesTravel & consumer protectionTax & tax planning
Sirius Legal
Thank you!
www.siriuslegal.be
Bart Van [email protected]@BartVanBesien0486 626 355Linkedin.com/in/bartvanbesien
Sirius Legal