With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
Yesterday, 10 January, the European Commission (EC) presented its formal proposals for the new ePrivacy Regulation. On initial analysis, the first official draft of the Regulation appears broadly similar to last month's leaked version, explored by Datonomy here. Datonomy will be providing a fuller analysis, however in the meantime the EC's Fact Sheet provides a useful starting point. The Commission's aim is to have the new Regulation adopted by 25 May 2018 when the GDPR takes effect. Olswang's Head of Digital and Data, Elle Todd, and Alex Dixie, the firm's Head of Adtech, will be taking a first look at the practical impacts of the new proposals in a webinar at 15:00 UK time on Thursday 19 January. Follow this link to register. In particular the webinar will examine:
- changes in the scope of the new regime to cover … Continue Reading ››
Last week, as part of Olswang's GDPR readiness and Talking Retail webinar series', lawyers from the firm's data protection and retail sector teams hosted a webinar looking at the implications of the GDPR on the use of data by the retail industry during an online transaction. In this session our speakers looked at the following:
- Targeted and non-targeted advertising
- Privacy policies
- Processing customer payment details
- Post purchase analysis
- Data breaches
- GDPR implementation
- Sven Schonhofen, an associate in the Commercial Team of the Munich office. He specializes in advising clients in all areas of IT law, in particular on data protection law.
- Emily Dorotheou, an associate in the Commercial Team who has experience of working on procurement, technology and logistics contracts for a variety of retail and technology clients.
In all the excitement last week over the European Parliament's approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday 11 April regarding the ePrivacy Directive. Don't worry though, here is what you need to know: What is the purpose of the consultation? The consultation forms part of the Commission's Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement, so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data. The Commission … Continue Reading ››
[Originally posted on ADTEKR.] One of the fundamental lynch pins of current behavioural advertising and targeting technology is a small, non-descript text file stored by the browser of users, the humble cookie. What started off as a piece of technology to allow cross-webpage data transfer and persistent storage of local variables has evolved into the basis of the most powerful advertising technologies across the Internet. However, with tightening regulations, consumer mistrust, lack of relevance in the mobile space and lack of cross-device support, is the day of the cookie coming to an end? Cookies are traditionally used in desktop environments where they are dropped by advertisers or publishers during the course of consumer interaction with websites. Over time, the reading and writing of such cookies across multiple websites allows advertisers to build up a profile of the consumer in question and allocate them to a specific audience segment, … Continue Reading ››
Olswang has launched ADTEKR, a weekly update on topical issues from the word of adtech, covering not only regulatory issues but key industry trends and a jargon-cruncher. Readers of Datonomy might be particularly interested to hear about the many privacy-related issues raised by this technology including:
- recent developments regarding user’s consent for device fingerprinting;
- Verizon’s use of a unique identifier header tracking tool or “zombie cookies”, which it uses on its customers’ smartphones;
- the increasing amount of fraudulently generated non-human traffic and the advertising industries response,
Datonomy can empathise with anyone tasked with making their organisation's website compliant with the cookie consent rules. Here we share our own experiences, review the latest guidance from the ICO and take a look at some of the compliance mechanisms appearing on other UK websites. Stop press – revised guidance from the ICO on implied consent The ICO marked the end of its year long enforcement amnesty by refreshing its guidance. On 25 May it launched:
- a helpful 11 minute video of Dave Evans, Group Manager at the ICO, setting out the Commissioner's enforcement stance and guidance for businesses yet to make a start on compliance;
- version 3 of its compliance guidance for website owners; and
- advice for the public on controlling cookies.