• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

View
 

PDNYC:  Personal Cloud (Inaugural) NYC MeetUp

Page history last edited by RealEstateCafe 11 years, 7 months ago

HEATHER ZACHARY

Wilmer Hale

 

Give an overview of topics at a very high level

1.  EU (European Union) Data Privacy 

 

2.  FTC's role in regulatoring roles in US

 

3.  Specific sectors, Financial, Education, Children's apps

 

4.  

 

1.  EU (European Union) Data Privacy 

 

More restrict then US. Things we consider public information are more often private in the EU

Individual countries with the EU can layer on their own laws, eg. Anonymous sign-up on Facebook

Can apply to many US companies, even if you are not in the EU

 

If you drop a cookie on someone's computer, you may be violating privacy law in EU

 

EU is becoming even more restrictive, new laws proposed

 

2.  US:  Sectorial Privacy

Financial

Health

Children's 

Video history

 

Exception:  FTC's ability to investigate deceptive trade practices & unfair practices

Would that include dual agency?

If you privacy policy says "we don't collect and share your info"

 

FTC's "unfair definition" even scarier

eg. Collecting consumer info in public space via mobile app could be considered "unfair"?

March 20, 2012:  FTC Privacy Guidebook

Goes beyond law to "Best Practices"

 

Mobile apps used to be Wild, Wild West, could collect anything

In last two months allow, CA and other group have issued 

CA Online Privacy Protection Act:  CA Attorney General issuing $2,500 per download of App -- WOW!

Mobile App Privacy Policy:

Move away from device to ...?

 

If doing out of app advertising, get consent ahead of time?

App developers pushing back -- say CA going beyond the law.

 

FTC also published privacy guidelines

If you are going to collect mobile data, must get consent

 

FINANCIAL DATA:

GLB Act

Graham Leach Bialley Act (sp?) may apply to the data you are collecting

 

If collecting info to qualify for credit or housing, have to comply with the FCRA:  What does it stand for?

 

HEALTH DATA:

do not get close to health data without understanding of HIPA

 

CHILD RELATED:

 

VIDEO PRIVACY PROTECTION:

 

-----

 

MARC ROSSEN

MediaMath

@marcprossen

 

Work with anonymized cookie level data

Help clients understand more about consumers

 

Consumers, friends and family reflecting a lot of fear in the market place

 

Surprises me on a day to day basis -- not trying to scare people, but for consumers who do NOT understand technology, the prospect of being tracked everywhere is threatening

 

We see the upside, positive side

Lot of jobs being created

 

We should be concerned about protected children

 

Do not track

 

PII Data / Non-PII Data

PII = Personally Identifiable Individual Data

Should have extreme protection around it

I don't want people to be able to see my credit card data

 

Non-PII Data

Can be anonymized, can't be tracked back to people

Track back to zip code, at most -- so can't track individuals

 

Consumers don't realize how serious business take this privacy

Example:  Remove cookie level data after 90 days

 

IAB:  

People don't really have need for data

When you're building models in real-time, aggregating data beyond 90 days doesn't do much for you

 

When a client wants to link up behavior, the policies that oversee how we use data are SO STRICT that PII Data is anonymized?

 

My point about fear:  Don't care who the person is, we use data understand the relative value to different cookies not individuals

You don't need to know who people are to do that

 

Story:  My wife was on the computer, looking at Yahoo Mail, day after going to Nordstorm's, and she was not pleased to see an ad related to her recent purchase

 

US is known for creating free-market solutions, legislation is good and necessary for extremes -- eg. protecting consumers

But when consumers respond to things, the marketplace responds

 

Let consumers make choices -- if they don't want to be trapped, give them data opt-out on Non-PII Data

Most consumers won't go through effort to make sure their data is erased?

Most people like the fact that Amazon refers books they would like

If you turn your cookie's off, you'll lose that functionality

 

People in this space need to address fear, let people know what protections there are out there

 

=====

 

CARL KALAPESI

Boston Consulting Group

 

Working with World Economic Forum re Personal Data

Also working with executive and regulators in the public sector

Led a globe dialogue, culminated at Davos

 

Go to WEF site on Friday do download

 

Who owns personal data?

1.  I own it;  Votes:  9

2.  The organization that collected it:  4

3.  The government

4.  Combination:  I own it, as well as the site or organization that collected it

 

Repeated the same survey on Facebook

Over half of people thought / believed they owned their own data

 

WEForum Project is designed to find balance between personal ownership and other ownership

Focusing on data

1.  Security

2.  Rights and responsibilities

3.  Holding people accountable for how they use or misuse data

 

Started with principles written in 1980

How has world changed since then

 

Davos session, a month ago

AddValue

 

Described 2.5 hours brainstorm in this sketch

 

 

WEF conversation has changed pretty significantly over the past 2 years

Has moved from sideshow to main stream - getting attention at most senior level of business and government

 

CONCENSUS:  Big shifts

 

1.  Conversation has moved from data to usage

Stop thinking about data as good or bad.  Data is neutral - value is how do we manage the use of data?

 

2. In terms of how we engage individuals, transparency and long privacy policies are NOT enough

Need to create a way to help people UNDERSTAND how their data is being used [and how might benefit]

 

3.  Want something more than a check-off box to control consent

Need to have more conversation about whether opt-in or opt-out preference

 

4.  Don't live in a black & white world anymore

Context goes meaning - even things like PII are no longer obvious

 

=====

 

COLIN O'MALLEY

Evidon

@micshasn

 

Involved in EU groups across Europe

Had the privilege of working with some of the smartest attorney's in the world

 

Involve in @Ghostery 

Can see who is tracking you, and lock down who is tracking you if you don't like it!  YEAH!

 

We also build compliance tools

Our job is to build pragmatic tools people can use

Particularly consent related issues on the ground

 

Work with 50-60 ad networks across the world, load about 2 billion "Ad Choice" icon ads a day

 

Practical insights:

 

1.  PII and Non-PII

Agree how little that distinction means anymore

Once was don't need to worry about non-PII, but no longer the case

 

Regulators are struggling with this...

 

Privacy by Design:  

EU moving towards "if you add a cookie to a person's device" that is a violation

 

For practitioners, need to understand you are really

 

2.  Fear - media coverage is overblown but needs attention

But still our fault

Industry continued to talk itself despite rising fears of consumers

 

If someone comes into your house, and says we're not taking anything of value burden of proof is on us

 

As an industry, need to think about the best tools to provide transparency

If you aspire to "best practices" you should have a good base layer to tweak for different jurisdictions

 

Legal and technical issues

Do Not Track / DNT gets a lot of attention

18 months in discussion, still not concensus

 

Default setting on DNT cookies will have a significant impact

 

3.  Mobile browsers becoming more powerful

Cookies not used on mobile apps now, but more powerful browsers could raise new tracking issues

 

===== 

 

Q & A:

 

Q1.  How can we develop regulations that balance need for consumer privacy without stifling competition?

 

Industry initiatives are moving forward, but there is also momentum towards EU-like restrictions

Needs to balance -- industry needs to take leadership or policy makers will

 

Alternative response:  Give people personal clouds and other apps to manage their own digital identity

Smart people in this room working on it

Main concern: How do we reach scale

How do we automate import of data

 

Corporate sector is just starting to get there

No longer telling government to get off their back, but acknowledging issue and some -- including British Petroleum -- providing solutions

Implemented a sliding scale which revealed:  What we will be able to do, what we won't be able to do

 

Q2.  

 

Start to use technology to insure that permissions flow with the data

 

Most of us don't have a clue how credit transactions take place

Solution: More transparency about transaction, combined with rising confidence that things will be OK like a credit card transaction

 

Going to cost money to implement solutions

 

It's an issue of incentives -- when an industry realizes there's a benefit in responding, they will

Consumer's don't really understand how behavioral tracking works now

Lawyer says, "people don't care?"

 

@Ghostery based on patterns, built their own pattern libary

 

=====

 

@DSearls 

 

Swift has worked for 2.5 years on DAG:  Digital Asset Grid

Open Source work ready to be picked up

 

The industry is all companies that are advertisers

 

Publishing companies are also players

 

http://WEForum.org/personaldata

 

Q3.  If personal data is the new money, how do we value it?

 

@CarlKalapesi Hard to model value

 

Only useful way of doing this is to take application 

ValueOfPersonalData.com

 

Put all of the case studies that are all out there

 

Kaiser report, for example, report on value of better care to their patients

 

@micshasan

 

Can look at single high value transactions, like high value transactions for high network individuals might be $10

 

Massively valuable in the aggregate, but minimal with pooling -- might buy you a drink in Manhattan each year?

 

We're very early in figuring out uses 

If you could value data right now, will multiple by a factor or four or five times in the next 5 years

 

@marcprossen

 

Need to look at value to industry back into value

 

Who is responsible for educating the consumer?

Is it the companies who are offering services?

 

@carlkalapesi

 

When we give consumers the ability to make meaningful choices, they will care -- see BP example

 

Unless we want to rely on the press, we as industry need to educate consumers otherwise the press will sensationalize fear

 

Example:  One scandal story about a company misusing data will wipe out benefits of expenditures to create positive impression

 

If the consumer is the stakeholder, you need to get in front of them and make the case for trust

 

Comments (0)

You don't have permission to comment on this page.