Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

Privacy

IDPC GDPR fines ‘only adding to Meta’s woes’
By:
0

The ‘unexpectedly harsh’ penalty served out to Facebook owner Meta by Ireland’s data privacy regulator has wide-ranging consequences for the tech-giant, showing how national rulings can impact business on a global scale.

To recap, Meta has been fined EUR265 million ($275 million) by the Irish Data Protection Commission (IDPC), bringing its total data privacy fines in Europe to EUR1 billion ($1 billion);

Emma Taylor, Analyst at GlobalData, said: “Against the backdrop of mass layoffs and a rapidly sinking share price, the news of an additional fine represents another blow for Meta. Although the company claimed to have changed its policies since the data leak, the IDPC has been understandably harsh with its penalty.

“Ireland’s position in regulating Big Tech has increased, as Meta, Google, TikTok, and Twitter all now have offices there. Looking at its track record, Meta being hit with yet another fine is unsurprising. It would only be surprising if it were the last.”

Sarah Coop, Analyst at GlobalData, added: “Meta is on a losing streak. Privacy breaches damage consumer trust, which is already dwindling for Meta. Its central social media platform, Facebook, is struggling to attract younger users due to strong competition from other platforms like TikTok. The company has also reportedly lost $9.4 billion on its metaverse business unit and has recently restructured, laying off 11,000 employees.

“GDPR fines are simply collateral damage for Big Tech. While fines can be large, at up to 4% of global turnover, most Big Tech consider it the cost of doing business. However, consumer confidence will be important for the metaverse, and cybersecurity breaches and data privacy fines further taint Meta’s already tarnished reputation.”

10 ways to make privacy your competitive advantage in 2022
By:
0

New year, new start. Nigel Jones, Co-Founder of the Privacy Compliance Hub discusses why and how organisations must put privacy compliance at the heart of their strategy for 2022…

Apple has allowed iPhone users to choose whether they’re tracked by apps, DuckDuckGo is trying the same thing for Android, and even WhatsApp has updated its policy after a multi-million-pound fine. These are sure signs that ‘Big Tech’ is waking up to growing consumer concerns about data protection and recognising that privacy is fast becoming a competitive advantage.

According to Statista research, 54% of UK consumers say they’re now more concerned about their online privacy than a year ago. That backs up a previous study that revealed almost two thirds (61%) of UK consumers worry about how their personal data is being used by companies and 55% prefer to be anonymous when browsing online.

This is serious for businesses. Add increased security threats because of remote working and a new information commissioner who may be more ready to issue fines, and there are plenty of reasons to adjust approach and attitude towards privacy.

Here are my 10 top tips for putting privacy compliance front and centre in 2022.

1. Take stock of where you are

Start with an assessment of your current compliance – there are free online tools that can help you with this. This is also a good opportunity for some light housekeeping, such as checking that you’ve paid your annual data protection fee, whether you need to appoint a Data Protection Officer (and/or register that person with the Information Commissioner’s Office), and if your Record of Processing Activities (also known as an Article 30 Record), Record of Vendors and Partners and Data Retention Policy are up to date.

2. Map your data flows

It’s vital to have a clear view of the personal data that’s under your control. You need to know what data you hold, what it’s for, where it’s located, where it goes, how long you keep it for and what you do with it when you no longer need it. Data maps should cover all data processing activities and is a job for all departments. Gather representatives from all functions in one room (or on one video call) and talk it out.

3. Review existing privacy policies

Privacy notices are often copy and pasted from other sites with the names changed or drafted by legal professionals who have little idea about how the business they’re writing them for operates. Once you’ve mapped your data flows, take a look at your existing policies. Do they need to change or be updated? Don’t be afraid to start again. The objective is to be transparent about what you are doing with the readers’ personal data.

4. Consider the impact of hybrid working

Staff privacy and remote work policies may also have to be updated, in light of the shift towards hybrid working. Cybercrime has spiked in the past year, with experts pointing to weaker security due to home working. Are your employees using personal devices, saving files locally or using unsecure Wi-Fi? They could be putting your business at risk of attack.

5. Empower staff through regular training

When 90% of data breaches in the UK are down to human error, having a well-trained team is essential in the fight for privacy. This isn’t just an IT project – everyone helps protect personal information. Focus on what staff really need to know about privacy in their day-to-day work and tailor each session accordingly. Customer data can often be an organisation’s most valuable asset. By making compliance familiar to employees, they’ll feel empowered to make the most of it safely.

6. Tighten up your marketing communications

The ICO handed out £1.7m in fines for marketing breaches in 2021. It’s easy for members of the public to complain if they’re not unsubscribed when they ask to be, if their data is used for something they didn’t sign up for, or if they’re contacted without giving prior permission. If you are cold emailing individuals in a business context, you must have a lawful reason for doing so, such as ‘legitimate interest’. And of course, if anyone requests to be removed from a contact list, you must remove them immediately and add them to a marketing suppression list so they’re not contacted again.

7. Be careful who you’re sharing data with

You’ve put the work in to make sure you’re taking privacy seriously. But do the partners and vendors you’re sharing customer data with take it seriously too? Make sure you only work with safe organisations that have policies in place to protect personal information, that will only act in accordance with your instructions when they process that data, and that can respond quickly to subject access requests from individuals. Ask partners to complete a risk assessment questionnaire or do due diligence on their privacy practises before working with them.

8. Encourage leaders to be proactive about privacy

Culture starts from the top and leaders need to set the tone. Be clear with the team that you care about privacy, that it’s a priority, and that good behaviour will be rewarded. Give privacy a place in the boardroom, assign responsibilities for regular updates and set targets around it. This isn’t the responsibility of lawyers, it’s the collective responsibility of the entire organisation.

9. Appoint privacy champions throughout the business

Whoever holds responsibility for privacy needs to appoint privacy champions in each department because they will need a lot of help. Luckily this is a topic that people are genuinely interested in, particularly those younger employees that have grown up with technology facilitating every part of their lives. They want to work for ethical companies that take privacy seriously. Ask for their help; you may be surprised by who puts their hand up.

10. Create a culture of privacy by design and by default

Privacy compliance isn’t a one-off project that can be ticked off, or a new year’s resolution that will be dropped by March. Organisations looking to turn privacy into a competitive advantage need to create a culture of ongoing privacy by design and default. One where every time a new product or service or process is introduced, the question is asked – what does that mean for privacy?

Nigel Jones is the co-founder of the Privacy Compliance Hub, a former Google executive and head of its legal team for Europe, the Middle East and Africa. Nigel has more than 30 years of legal experience advising companies on technology, data protection, privacy and the pragmatic steps available to cut risk, meet regulatory requirements and manage data breaches. Take your free GDPR health check today.

IAB welcomes ‘opportunities’ from third-party cookie phase-out
By:
1

The IAB has welcomed Google’s reaction to the Competition and Markets Authority’s (CMA) investigation into internet giant’s Privacy Sandbox initiative, asserting that it creates an opportunity to ‘reset’ the ad-funded web.

Back in January, the CMA launched an investigation into Google’s Privacy Sandbox in response to concerns that Google’s plans for the removal of third-party cookies from Chrome and its introduction of alternatives could impede competition in digital advertising markets.

At the time, Google welcomed the development and has described it as an “opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers”. 

Google has now announced a range of binding commitments to address the CMA’s concerns. These include: 

  • That it will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals. Google will also provide transparency around the timetable, as well as a clear notice period for changes.
  • Once third-party cookies are phased out, Google’s ad products will not access synced Chrome browsing histories (or data from other user-facing Google products) in order to track users to target or measure ads on third party web inventory.
  • As the Privacy Sandbox proposals are developed and implemented, that work will not give preferential treatment or advantage to Google’s advertising products or to Google’s own sites

You can read the full list of commitments here. The CMA has now launched a consultation on whether to accept Google’s commitments, which you can respond to by submitting written representations to Angela Nissyrios and Simon Deeble at 50972-Consultation@cma.gov.uk by 8 July 2021 at 5pm.

IAB UK’s CEO Jon Mew said: “At the IAB, we have always been really clear that the phasing out of third-party cookies is an opportunity to reset the ad-funded web for the better, which is why we have laid out clear principles that we believe any viable User ID solutions must meet. I think that the CMA’s investigation into Privacy Sandbox and Google’s commitments to address its concerns about the potential impact on competition are an important and valuable part of this process. 

“The commitments  allow the wider industry to have confidence that Google’s proposals are being developed in a way that takes into account both competition and privacy objectives, with the benefit of regulatory oversight brought by the CMA. The phasing out of third-party cookies is the most seismic shift that the digital ad industry has ever experienced and it’s only right that developments in this space are subject to appropriate scrutiny.”

ICO issued fines of £42million last year
By:
2

The Information Commissioner’s Office (ICO) has issued a number of final civil monetary penalties in 2020, totalling £42,416,000 – The reasons for the fines included breaches of Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA). 

The data, contained in the ICO’s ‘work to recover fines’ report and analysed by the Parliament Street Think Tank, reveals a catalogue of fines issued across a variety of sectors.

The analysis shows the scale of the fines highlights the severity of the problem. A total of 17 penalties were issued last year according to official figures. The largest fine was given to British Airways in the transport and leisure sector on 16th October 2020 at a total of £20,000,000 for a breach of the Data Protection Act (DPA). This is followed by a fine of £18,400,000, issued to Marriott International Inc on 30th October 2020, also for a breach of the DPA. 

The next largest was to Ticketmaster LTD, with a fine totalling £1,250,000 for data breaches on 13th November 2020. Then, DSG Retail Ltd, CRDNN Limited and Cathay Pacific all received fines totalling £500,000. 

Additionally, CRDNN was with a £500,000 fine on 2nd March 2021 for breaches of Privacy and Electronic Communications Regulations (PECR).

The industry hit with the biggest fines was marketing with nine fines in total issued, followed by three fines issued to firms in the transport and leisure sector.

Additionally, the ICO issued three court orders for winding-up upon petitions in 2020. Trusted Futures Ltd received a penalty amount of £70,000, Superior Style Home Improvements received a penalty fee of £150,000 and Alistar Green Legal Services Ltd received a penalty fee of £90,000. All three organisations were given court orders in 2020.

Additionally, there were eight directors disqualified following ICO enforcement action in 2020. These directors have been disqualified for a number of years for conduct while acting for various companies.

Charlie Smith, Consultant Solutions Engineer, Barracuda Networks, said: “In today’s digital working environment, data security, recovery and protection is of vital importance. Unfortunately, it has become apparent that many business owners, workers and consumers are not aware of the need for backup and recovery services for their email service providers. Our own research even revealed that 40% of Office 365 users believe that Microsoft provides everything they need to protect their data and software.

“Whilst Office 365 does offer some level of security, even Microsoft suggests using a third party backup to ensure that data is fully protected and retrievable. Without it, organisations can be left prone to accidental data loss and even ransomware attacks. 

“Thus moving forward, organisations should invest in a third-party data backup solution that runs in the cloud, to enable seamless, efficient and comprehensive backup of data on a granular level – allowing lost, stolen or misplaced data to be restored without delay.”

2020 marketing predictions from SAS’ Wilson Raj
By:
0

Digital Marketing Briefing sat down with Wilson Raj, Global Director of Customer Intelligence at SAS, to pick his brains on the future of marketing, encompassing privacy, the blockchain and AI – here are his five things to watch out for in 2020:

  1. Data privacy & personalisation become C-suite priorities

In 2020, marketers will raise the personalisation bar by raising the data privacy bar. Topics such as data governance, data security and data management will be escalated to C-suite and boardroom level discussions as the balance between customer privacy and personalisation becomes a strategic differentiator for all brands.

2. Blockchain & advertising  

In 2020, blockchain technology combined with AI will start to gain traction to help businesses combat digital advertising fraud and waste.

3. Identity management

Identity management will be a primary goal (and struggle) for marketers in 2020.  Marketers must be able to identify and track specific digital visitors across a range of channels, devices, platforms and environments as they journey around web, tablet, mobile apps, voice assistants, and AR/VR. 

To this end, hybrid-cloud architectures will gain momentum in 2020 to provide dynamic MarTech applications with dynamic customer data, as well as offer management, decisioning engines, analytics platforms and the channels themselves in both real-time and batch capacity. 

4. Increased automation with AI

In its annual CMO survey, Deloitte found that despite marketing analytics budgets increasing over the next 3 years, perceived contributions from analytics remain weak.

In 2020, companies must turn to AI-driven automation to help operationalise those analytics if they are to remain competitive. With the deluge of data and proliferation of customer contact opportunities, it is no longer humanly possible to make the thousands of decisions required per second to deliver great CX without automation in the mix.  

5. AI & dynamic pricing

AI already helps marketers with dynamic pricing as it relates to product availability, demand and forecasting. But it can go much further in 2020. AI could further integrate with a company’s resource planning systems and supply chain inputs to access cost optimisation, inventory, and economic forecasting data to achieve both dynamic pricing and fulfillment into campaigns and customer interactions.

INFOGRAPHIC: DMA reveals global consumer privacy trends
By:
0

The Digital Marketing Association (DMA) has detailed consumer attitudes to privacy across 10 nations, encompassing attitudes, opinions and preferences and how they change depending on their location.

The research, conducted in partnership with Acxiom and Foresight Factory, found that:

  • 51% of people are ‘data pragmatists’ who exchange their data as long as there is a clear benefit.
  • 21% are ‘data unconcerned’ who do not mind how and why their data is used.
  • 23% are ‘data fundamentalists who never share their data for any reason.
  • The data pragmatists are most likely to be found in the US, Spain and Singapore, while data fundamentalists are found en mass in in Australia, Germany and The Netherlands.
  • Nearly half of all consumers would use their data to negotiate better offers.
  • 83% of consumers would like more control over their data.

The DMA concludes: “Although each nation differs in some ways, globally consumers are remarkably similar – most aspects of privacy remain the same wherever you are. Globally, the majority of consumers are pragmatists – willing to share their data so long as there is a benefit. Trading data is a common desire among consumers and data as a commodity will become more important to companies in the years to come.”

The DMA has produced a handy infographic to break down its findings and will be running a webinar on July 11th to delve deeper into the results.

Privacy concerns hindering Allo’s chance of messaging success?
By:
2

Although reports have suggested that Google’s newly launched messaging service, Allo, is already causing some privacy concerns, the multinational technology company is defiant in ensuring users can safely navigate the app – despite its integration with Google’s new artificial intelligence (AI) assistant, which requires all messages to be sent without end-to-end encryption.

As a result, not only can Google’s Assistant access and read the messages, but Google as a whole can too; as well as national security organisations. With its developers announcing back in May that Allo would include revolutionary message retention policies unheard of among other messaging apps such as iMessage and WhatsApp, industry insiders have found that all messages are linked directly to an account and stored indefinitely – failing to keep its promise of ‘transiently’ storing chat logs and making sure all conversations are not permanently placed on Google’s servers.

A Google spokesperson said in a statement: “We’ve given users transparency and control over their data in Google Allo. And our approach is simple – your chat history is saved for you until you choose to delete it.”

“You can delete single messages or entire conversations in Allo. We also provide the option to chat in Incognito mode, where messages are end-to-end encrypted and you can set a timer to automatically delete messages for your device and the person you’re chatting with’s device at a set time.”