際際滷

際際滷Share a Scribd company logo

Data Privacy Chicago May2011

Download as PPT, PDF
Tim Beadle
Tim Beadle

The document discusses privacy and cookie laws in Europe. It notes that one-third of major UK companies do not comply with opt-in rules for email marketing. It analyzes examples of websites like Tesco that make it difficult for users to update their privacy preferences. The document also discusses different types of cookies, reasons advertisers use cookies, and new EU rules around cookies and privacy. It provides tips for companies to review their cookie usage and argues the regulations will require significant changes to current practices.

1 of 23
Download to read offline
When will a Marketing Director go to Prison?
Agenda Email marketing Gaining Consent The Cookie Law Behavioural vs Contextual
E-Marketing is a fact of life On-line ad spend is now greater than the amount spent on press advertising and climbing Almost all websites now collect data from visitors Visibly Invisibly E-mail marketing is getter ever more sophisticated Social networking But does it respect privacy properly?
Only 67% of the Biggest companies comply 33% of FTSE top 250 dont comply with opt-in rules on Email* The study looked at both on-line and off-line compliance There was little difference from sector to sector Compliance worse than in 2007 (69%) Tesco Ireland just been fined *Atrium Study Nov 2010
Lets look at Privacy Heres a typical registration page Tesco.com Look very closely here
Lets look at Privacy
But Tesco then gets worse .. Privacy policy Use of your information and your preferences We will use your information to provide and personalise our service. We will also use your contact details to communicate with you. We may use your information to send you offers and news about Tesco group products and services or those of other carefully selected companies which we think may be of interest to you. We may contact you by post, email, telephone or fax for these purposes. Once you have registered to use Tesco.com, you will be provided with access to a "Contact Preferences" page that will allow you to tailor our commercial communications to your preferences. To change your contact preferences simply click "Your Account" in the top frame and click "Your Contact Preferences". If you do not want to receive commercial communications from us, please select your choices by using the boxes available on that page. But you dont get sent to the Contact Preferences page instead you have to wait for an email from Tesco in order to login.. which two hours later still hadnt arrived. Finally, when you do go back, heres what youd have to do
Its a tortuous route Click on here ..to go here Click on here .to go here And, finally click here to get to your preferences!
CADBURY
The problem of Cookies if (isset($UserID) && isset($Password)) { $query = &quot;select * from members where UserID = amp;quot;$UserIDamp;quot; and Password = amp;quot;$Passwordamp;quot;&quot;; if ( !($dbq = mysql_query($query, $dblink))) { echo &quot;Unable to query database. Please Contact <a href=amp;quot;mailto:email@addressamp;quot;>email@address</a>.&quot;; exit; } $lim = mysql_num_rows( $dbq ); if ($lim != 1) { $headers=1; //HTML headers in place echo &quot;<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>&quot;; echo &quot;<B>Invalid User ID or Password. Please Try again</B><BR>&quot;; if ($lim == 1) { //make unique session id and store it in Database $timer = md5(time()); $sid = $UserID . &quot;+&quot; . $timer;
Types of Cookie Session Persistent First party Third party Tracking Zombie (Flash)
Why do advertisers want cookies? Behavioural vs contextual Google adwords is contextual it presents ads based on my keywords Display ads on websites are contextual they are relevant to the content Im viewing Behavioural looks at what Ive browsed and where Ive been to select ads that may be relevant in THEIR view it DEPENDS on persistent Cookies And the reason they want it? Up to FOURFOLD improvement but usually 10% - 20%.
New EU Rules the problems Cookies are a potential privacy threat Some countries are effectively banning them Germany Going after Google vicariously Switzerland & France Says IP address is PII Others dont care Art 29 WP not happy relying on browser settings alone
Country Analysis
Country Analysis
Country Analysis
More consultation FTC in US is leaning towards do not track me list Browser industry looking at potential solutions Art 29WP consulting AGAIN with ad networks
Industry Solutions
Industry Solutions
Industry Solutions
So, what to do? 10 tips 1) Inaction is not an option, websites need to review their use of cookies immediately have some plans in place, even if not actually implemented 2) It is likely that the UK has now determined the direction of travel for the rest of Europe - expect the rest to jump in the same direction 3) Reliance on browser settings is not a solution currently 4) Zombie, persistent, re-spawning cookies are now dead in just about every circumstance 5) 3rd party and tracking/analytic cookies are a major problem and working out how to get consent without driving visitors to your website insane is going to be a major challenge6) The more information the cookie collects, the higher the requirement for disclosure7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW)8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc.9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
So, what to do? 6) The more information the cookie collects, the higher the requirement for disclosure 7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW )8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc. 9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room 10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
Is this the future?

More Related Content

Data Privacy Chicago May2011

  • 1. When will a Marketing Director go to Prison?
  • 2. Agenda Email marketing Gaining Consent The Cookie Law Behavioural vs Contextual
  • 3. E-Marketing is a fact of life On-line ad spend is now greater than the amount spent on press advertising and climbing Almost all websites now collect data from visitors Visibly Invisibly E-mail marketing is getter ever more sophisticated Social networking But does it respect privacy properly?
  • 4. Only 67% of the Biggest companies comply 33% of FTSE top 250 dont comply with opt-in rules on Email* The study looked at both on-line and off-line compliance There was little difference from sector to sector Compliance worse than in 2007 (69%) Tesco Ireland just been fined *Atrium Study Nov 2010
  • 5. Lets look at Privacy Heres a typical registration page Tesco.com Look very closely here
  • 6. Lets look at Privacy
  • 7. But Tesco then gets worse .. Privacy policy Use of your information and your preferences We will use your information to provide and personalise our service. We will also use your contact details to communicate with you. We may use your information to send you offers and news about Tesco group products and services or those of other carefully selected companies which we think may be of interest to you. We may contact you by post, email, telephone or fax for these purposes. Once you have registered to use Tesco.com, you will be provided with access to a &quot;Contact Preferences&quot; page that will allow you to tailor our commercial communications to your preferences. To change your contact preferences simply click &quot;Your Account&quot; in the top frame and click &quot;Your Contact Preferences&quot;. If you do not want to receive commercial communications from us, please select your choices by using the boxes available on that page. But you dont get sent to the Contact Preferences page instead you have to wait for an email from Tesco in order to login.. which two hours later still hadnt arrived. Finally, when you do go back, heres what youd have to do
  • 8. Its a tortuous route Click on here ..to go here Click on here .to go here And, finally click here to get to your preferences!
  • 10. The problem of Cookies if (isset($UserID) && isset($Password)) { $query = &quot;select * from members where UserID = amp;quot;$UserIDamp;quot; and Password = amp;quot;$Passwordamp;quot;&quot;; if ( !($dbq = mysql_query($query, $dblink))) { echo &quot;Unable to query database. Please Contact <a href=amp;quot;mailto:email@addressamp;quot;>email@address</a>.&quot;; exit; } $lim = mysql_num_rows( $dbq ); if ($lim != 1) { $headers=1; //HTML headers in place echo &quot;<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>&quot;; echo &quot;<B>Invalid User ID or Password. Please Try again</B><BR>&quot;; if ($lim == 1) { //make unique session id and store it in Database $timer = md5(time()); $sid = $UserID . &quot;+&quot; . $timer;
  • 11. Types of Cookie Session Persistent First party Third party Tracking Zombie (Flash)
  • 12. Why do advertisers want cookies? Behavioural vs contextual Google adwords is contextual it presents ads based on my keywords Display ads on websites are contextual they are relevant to the content Im viewing Behavioural looks at what Ive browsed and where Ive been to select ads that may be relevant in THEIR view it DEPENDS on persistent Cookies And the reason they want it? Up to FOURFOLD improvement but usually 10% - 20%.
  • 13. New EU Rules the problems Cookies are a potential privacy threat Some countries are effectively banning them Germany Going after Google vicariously Switzerland & France Says IP address is PII Others dont care Art 29 WP not happy relying on browser settings alone
  • 17. More consultation FTC in US is leaning towards do not track me list Browser industry looking at potential solutions Art 29WP consulting AGAIN with ad networks
  • 21. So, what to do? 10 tips 1) Inaction is not an option, websites need to review their use of cookies immediately have some plans in place, even if not actually implemented 2) It is likely that the UK has now determined the direction of travel for the rest of Europe - expect the rest to jump in the same direction 3) Reliance on browser settings is not a solution currently 4) Zombie, persistent, re-spawning cookies are now dead in just about every circumstance 5) 3rd party and tracking/analytic cookies are a major problem and working out how to get consent without driving visitors to your website insane is going to be a major challenge6) The more information the cookie collects, the higher the requirement for disclosure7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW)8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc.9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
  • 22. So, what to do? 6) The more information the cookie collects, the higher the requirement for disclosure 7) The way the law works means that if I, as an Englishman in England, visit a website that is in Germany, in German and that German website pops a Google Analytics cookie on my PC then they are contravening my rights just as much as if they were based in Milton Keynes (sorry Audi/VW )8) Sites cannot rely on sorting out just PCs because so many people now visit via other devices - Tablets, TVs, smartphones, games consoles etc. 9) The &quot;strictly necessary&quot; get out is going to be &quot;strictly interpreted&quot; - the guidance doesn't leave much wriggle room 10) Regulators and industry are now in new territory and right here, right now, no-one seems to have a plan
  • 23. Is this the future?

Editor's Notes

  • #10: We love the tone used in the opt-in boxes here makes it sound well worth signing up and theres no ambiguity!
  • #12: Does a Zombie cookie breach Computer Misuse Act?