https://privacyassociation.org/conference/iapp-europe-data-protection-intensive-2015/
Just how transparent should organisations be with their customers in communicating the personal data use behind their sophisticated marketing plans? Before making tough decisions, companies must be transparent with themselves.
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
IAPP Data Protection Intensive London - Transparency in Marketing (AP part III)
1. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
Transparency
in
Marke1ng
T
o
o
l
s
A
n
a
l
y
t
i
c
s
P
e
r
m
i
s
s
i
o
n
s
2. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Customer
rela1onship
evolu1on
Slide
borrowed
from
Benjamin
Mercier
Senior
Digital
Analy1cs
Manager
Barclays
Personal
&
Corporate
Banking
eMetrics
Summit
London
Big
Data
for
Marke1ng
September
2014
3. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Marke1ng’s
shiny
new
toys
Source:
hOps://hbr.org/2014/07/the-‐rise-‐of-‐the-‐chief-‐marke1ng-‐technologist/ar/1
4. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Source:
hOp://
cdn.chiefmartec
.com/wp-‐
content/
uploads/
2015/01/
marke1ng_tech
nology_jan2015
.png
5. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Source:
hOp://www.gartner.com/
technology/research/
digital-‐marke1ng/transit-‐
map.jsp
6. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Where
each
tool
can
ü Collect
data
ü Aggregate
data
ü Share
data
ü Calculate
new
data
ü Push
data
towards
other
systems
ü …
7. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
• Adhere
to
the
Terms
of
Service,
Terms
of
Use,
…
or
not
• Align
the
use
of
these
tools
with
your
own
policies…
or
not
• Find
yourself
in
trouble
due
to
some
data
use
down
the
road..
or
not
And
your
company
could
8. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
1. When
did
Google
last
change
it’s
Privacy
Policy?
2. Is
your
company
using
for
eg.
Google
Analy1cs?
3. Bonus:
who
owns
the
data?
So
let
me
ask
you
2
simple
ques1ons
9. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
A
EU
perspec1ve
of
marke1ng
Source:
Amicus
brief
for
the
Digital
Analy1cs
Assoca1on
(DAA),
Should
you
measure
when
a
user
logs
out?
Author
Aurélie
Pols
hOp://
www.slideshare.net
/AurliePols/privacy-‐
ethics
10. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Technology
is
advancing
Digital
professionals
look
at
vendors
for
Privacy
answers
The
power
of
tool
vendors
11. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
And
set-‐up
terms
to
protect
their
(own)
liability
within
the
data
flows
You
need
to
grasp
and
make
marke1ng
understand
your
shared
liabili1es!
Source:
hOp://dynamical.biz/blog/technical-‐analy1cs/
collec1ng-‐ga-‐userid-‐into-‐ga-‐can-‐violate-‐google-‐analy1cs-‐
tos-‐75.html
Vendors
who
get
confused
13. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Remember
those
cookies?
How
those
Privacy
Policies
need
to
be
kept
up
to
date?
How
about
receiving
an
alert
when
they
aren’t
anymore?
It
would
trigger
internal
processes
for
follow-‐up
How?
Tools
to
follow
up
on
digital
14. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
How
many
mobile
and
cloud
based
apps
is
your
company
responsible
for?
Which
permissions
on
mobile
are
accessed?
BYOD:
are
company
contacts
accessed?
What
are
the
risks?
How?
Tools
to
follow
up
on
mobile
15. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
NIST’s
Privacy
Triad
Predictability:
Enabling
reliable
assump1ons
about
the
ra1onale
for
the
collec1on
of
personal
informa1on
and
the
data
ac1ons
to
be
taken
with
personal
data
Confiden1ality:
Preserving
authorized
restric1ons
on
informa1on
access
and
disclosure,
including
means
for
protec1ng
personal
Privacy
and
proprietary
informa1on
Manageability:
Providing
the
capability
for
authorized
modifica1on
of
personal
informa1on,
including
altera1on,
dele1on,
or
selec1ve
disclosure
of
personal
informa1on.
16. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
• Collabora1on
&
Responsibility
(not
only
legal)
– Privacy
training
&
escala1on
procedures
• Data
lineage
&
consent
management
– Data
origins
&
life
cycle
– Manage
individual
choices
&
consent
We’re
not
even
close!
17. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
• Change
to
the
data
value
exchange
– Maintaining
data
quality
(collected,
processed
&
used)
• Commercial
advantages
– Increased
Trust;
reduced
Brand
Erosion
due
to
unsystema1c
Privacy
management
– BeOer
data
governance,
op1mized
use
of
Data
Science
Sell
this
to
Marke1ng!
18. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Data
tension
due
to
data
leeching
Analy,cs
capabili,es
Customer
feelings
of
creepiness
Harm?
Data
quality?
19. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
Get
down
to
the
details.
Else
it’s
just
small
talk!
Source:
hOp://csrc.nist.gov/projects/
privacy_engineering/
nist_privacy_engr_objec1ves_risk_m
odel_discussion_deck.pdf
20. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
INTERESTED
IN
SCANNING
THOSE
MOBILE
APPS?
HTTP://WWW.MYPERMISSIONS.COM
Ques1ons?
Comments?
Agree?
Disagree?
Contact:
aurelie@mindyourprivacy.com
21. @aureliepols
Europe
Data
Protec1on
Intensive
–
London
2015
@aureliepols
1. What
tools
do
you
use?
2. Which
data
do
you
collect,
store
&
use
in
which
tool?
3. How
does
the
data
flow?
4. Who
has
access?
5. Which
data
do
you
create?
5
ques1ons
for
marke1ng