1. EU Data Protection Legislation
Risks and Opportunities
October 16, 2012
IAB Romania Forum
2. Agenda
Risks: key provisions of the proposed legislation
› possible consequences
Opportunities: what can we do?
› ways to influence the process
2
3. Risks: key provisions
Definition of personal data/data subject
› Identifiability test
› “online identifiers”
Consent
› Explicit
› Burden of proof
› Significant imbalance
› Cookies
Data portability
› Consent or contract
› Commission to develop technical standards
› Interoperability?
“Right to be forgotten”
› No new rights, just new obligations
› Obligation to try to find anyone who might have copied data
3
4. Possible consequences
If “all” data is personal
If when you use consent, it must be explicit
If you need to prove (record) that consent
Then…
“Logged in only” paradigm as a compliance strategy?
› Reduce interruption of user experience, centralize consent clicks
› Easier to identify users who have consented
› Exclude users who haven’t
Problematic because:
› Less anonymous surfing
› More data held, in more identifiable form
› Disadvantages 3rd parties and small brands
› Advantages companies that already have large registered user bases
› Brake on innovation
4
5. Opportunities: what can we do?
You can make a BIG difference
How this works
› European Parliament
› National governments
› The sooner you act, the better
Romania matters!!!
› Members of the European Parliament
› Justice minister
How to act?
› Write, ask for meetings, do events, use the media
› Empower your IAB!
› Use IAB network
Keep it simple
5