What do these words actually mean for digital analytics?
See the forest for the trees and take away what you can do today to work towards more responsible uses of data, in light of collaborative efforts with Marcom and IT but also the folks at legal council, those in charge of security or entrusted with corporate social responsibility. Understand what the risks with legislation for our industry are in Scandinavia, Europe and globally and where to draw the line.
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Responsible Data Uses: Privacy, Security, Ethics & Compliance
1. @aureliepols Stockholm –March 2015#outfox2015
Responsible Data Uses:
Privacy, Security, Ethics & Compliance
Aurélie Pols
Pan-European digital analytics
veteran & Privacy geek
Board Member @MyPermissions
6. @aureliepols Stockholm –March 2015#outfox2015
Data = New Asset Class
• Economic asset:
– if it’s worth something,
who owns it?
• Ownership means
property:
– Property law, contract law,
etc.
• But
7. @aureliepols Stockholm –March 2015#outfox2015
DATA IS INFINITELY TRANSFERABLE
WITHOUT DECAY
#1. The specifics of Data as an Economic Asset
8. @aureliepols Stockholm –March 2015#outfox2015
Familiar property types
• House, mortgage &
cadaster
• A car looses 50% of it’s
value the day after the
purchase
• But data? What is it really?
HYPOTEK Fastighetsregistret
9. @aureliepols Stockholm –March 2015#outfox2015
Infinitely transferable without decay
• Interesting type of property
• The legal world is not ready for
• Yet harm is imaginable:
– Deaths of dissidents
– Algorithmic discrimination
– Tunneled world vision
– Identity thefts
– Cyber bullying
10. @aureliepols Stockholm –March 2015#outfox2015
DEFINING & RECOGNIZING DATA
HARMS
#2. Often forgotten legislative challenges
11. @aureliepols Stockholm –March 2015#outfox2015
Involved actors
• Legislators & governments:
– make the laws & want to be re-elected
• Businesses (employee, partner & customer data):
– growth strategies, max shareholder value
(not always)
• Citizens:
– consuming technology,
are the product if free,
co-owners of the data?
Governments
Legislators
(FTC, FCC,
FDA, EU)
Consumers
Voters Citizens
OUR
GLOBAL
SOCIETY
Businesses:
Brands
Data Service
Providers
12. @aureliepols Stockholm –March 2015#outfox2015
Data ownership? The Dutch
KPN is a
Dutch Telco
Operations
are in the
Netherlands,
Belgium &
Germany
Brands: Hi,
Simyo, Telfort
& KPN,
XS4ALL, E-
Plus & Base
(sold to
Telefonica)
17. @aureliepols Stockholm –March 2015#outfox2015
Security for digital analytics
Mainly for (not mutually exclusive):
– Access: employees, partners, APIs, … <- control &
revoke procedures? Strong passwords?
– Data transfers: between tools & devices, between
companies <- level of encryption? Liability?
– Data merging: which data set goes (or is copied)
where? <- data breach notification requirements
18. @aureliepols Stockholm –March 2015#outfox2015
COMPLIANCE IS A RISK EXERCISE
#3. Related to evolving Privacy legislation
20. @aureliepols Stockholm –March 2015#outfox2015
PII: ah but we don’t collect it!
Medical information as PII
California
Arkansas
Missouri
New Hampshire
North Dakota
Texas
Virginia
Financial information as PII
Alaska North Carolina
Iowa North Dakota
Kansas Oregon
Massachusetts South Carolina
Missouri Vermont
Nevada Wisconsin
New York* Wyoming
Passwords as PII
Georgia
Maine
Nebraska
Biometric information as PII
Iowa
Nebraska
North Carolina
Wisconsin
Source: information based on
current continuous monitoring
(partial results)
21. @aureliepols Stockholm –March 2015#outfox2015
A Global Privacy Perspective
US & UK EU ASIA
Common Law Continental Law Partially
continental
law
influenced
Class actions Fines
(by DPAs: Data Protection Agencies)
Amended New
Privacy Personal Data Protection (PDP)
Business focused Citizen focused: data belongs to the
visitor/prospect/consumer/citizen
Patchwork of sector based
legislations: HIPAA, COPPA,
VPPA, …
Over-arching EU Directives &
Regulations
PII: varies per US
state
“Personal Data” => Risk levels:
low, medium, high, extremely
high
22. @aureliepols Stockholm –March 2015#outfox2015
Low Risk
Medium Risk
(profiling)
High Risk
(sensitive)
R
i
s
k
L
e
v
e
l
Data type
Information Security Measures
Extremely High Risk
(profiling of sensitive data)PII
PII vs. Risk Levels
23. @aureliepols Stockholm –March 2015#outfox2015
Data Science concerns?
• As a Data Scientist: doing the best analysis
• As an employee: not getting my company into
trouble
• As a citizen:
– Lack of transparency <- loss of control
that could lead to discrimination
– Identity theft
– Tunneled view of the world
24. @aureliepols Stockholm –March 2015#outfox2015
What do analytics tools propose?
Let’s take Google Analytics:
• Anonymizing IP addresses
• Implementing opt-out mechanisms
• Not using cookies
• Complying with DNT
• Forcing SSL
• Disabling data sharing
Source: http://gu.illau.me/posts/privacy-and-google-analytics/
26. @aureliepols Stockholm –March 2015#outfox2015
Data tension due to data leeching
Analytics capabilities
Customer feelings
of creepiness
Harm?
Data quality?
28. @aureliepols Stockholm –March 2015#outfox2015
Rights & obligations
Roles and responsibilities Data controller must:
• Process legally &
fairly
• Collect for explicit
& legitimate
purposes
• Not excessively
• Keep data accurate
& updated
• Allow for
rectification
• Respect data
retention periods
• Protect personal
data, appropriate
to the type of data
held
29. @aureliepols Stockholm –March 2015#outfox2015
UNDERSTAND YOUR LIABILITY
WITHIN THE DATA ECOSYSTEM
#4. Minimizing Privacy related Risks?
32. @aureliepols Stockholm –March 2015#outfox2015
EU GDPR affecting Data Science
• Collaboration & Responsibility (not only legal)
– Privacy training & escalation procedures
• Data lineage & consent management
– Understanding where
the data comes from
– Manage individual
choices & consent
33. @aureliepols Stockholm –March 2015#outfox2015
EU GDPR affecting Data Science
• Change to the data value exchange
– Maintaining quality of data collected & analyzed
• Commercial advantages
– Increased Trust; reduced Brand Erosion due to
unsystematic Privacy management
– Better data governance, optimized use of Data
Science
34. @aureliepols Stockholm –March 2015#outfox2015
1 legal concept to rule them all
FIPPs: Fair information Practice Principles
Transparency
Choice
Information
review &
correction
Information
protection
Accountability