Grappling with GDPR: What Brands Need to Know About Data Privacy

Ratings Webinar700x264-rev-sb copyAs Europe’s General Data Protection Regulation forces companies worldwide to conform to stricter privacy standards, firms are struggling to determine how they can safely implement GDPR, protect user data from hackers, and be transparent in online advertising and communications to avoid a public backlash and/or regulatory penalty. Allie Bohm, Policy Counsel at Public Knowledge and a speaker at the August 2 Cynopsis Measurement & Data Conference, says brands need to think about their data policies “from the bottom up.”

But first, find a good lawyer. “Much of what it means to ‘implement GDPR’ is still being worked out both through regulation and through litigation in Europe, so how to safely implement GDPR is actually a challenging question,” says Bohm. “Where brands are collecting Europeans’ personal data, the best course of action would be to consult with a European lawyer who is an expert on this topic. The International Association of Privacy Professionals has a certification for ‘Information Privacy Professionals’ focused on Europe, and an attorney with this certification would be a good bet.”

As for protecting user data from hackers, “Brands should think about their data collection and retention policies practices from the bottom up, starting by asking what user data they collect,” advises Bohm. “Do they really need that user data?  And, if so, for what purposes?  How long do they need to retain the data to achieve those purposes?  What would be the costs of losing user data – both in terms of financial cost and reputational cost, as well as any other costs? In light of the answers to those questions, brands should think about what they need to do to protect user data. At a minimum, brands should adhere to the latest, state of the art data security practices.  But, in many instances, the best security policy is what’s known as ‘data minimization’ – not collecting or storing extraneous data in the first place. If brands do not have the data, they cannot lose the data and data thieves and other malicious actors seeking the data will have less of a reason to target the brands.”

Transparency in online advertising and communications is super-important to avoid a public backlash, and brands should voluntarily implement the notice and consent practices they adopt to comply with the GDPR in the United States and in the non-European countries where they operate, says Bohm. “They should find user-friendly ways to inform users of the data they collect and store, why those data are collected and stored, how long those data are retained, and with whom those data are shared.  For data points that are not necessary to complete the user-requested transaction, brands should allow users the option to not have the data collected, stored, or shared at all. To the greatest extent possible, these notice and consent points should not be buried in the depths of a privacy policy, but rather should be displayed to users in formats in which they are likely to actually observe and absorb the information and make an affirmative election. These actions will build good will among users. Also worth noting, says Bohm, is that “many users will opt-in to targeted advertising, because they find it to be time-saving and prefer to see advertisements that are relevant to their interests.”

As for avoiding regulatory penalty, it is important that brands are honest about what they do and do not do with user data. “The Federal Trade Commission has the authority to take enforcement action against companies that engage in unfair or deceptive practices,” points out Bohm. “A deceptive practice occurs when a company says that it is doing one thing, but actually does another. So, if a brand claims that it will delete user information upon a user’s request or that it does not collect certain data, it must, in fact, delete the data upon request or decline to collect the particular data, respectively. The FTC uses its unfairness authority much more sparingly, but to ensure compliance, companies should make sure to avoid actions that (a) cause (or are likely to cause) ‘substantial injury’ to users, (b) where there is no way the user could reasonably avoid the harm, and (c) there are no countervailing benefits of the action to the user.”  

The Cynsiders column is a platform for industry leaders to reach out to colleagues, followers, and the public at large. In their own words and in targeted Q&As, columnists address breaking news, issues of the day, and the larger changes going on in the ever-evolving world of television, video and digital. Cynsiders columns live on Cynopsis’ main page and are promoted across all daily newsletters. We welcome readers’ comments, queries, and column ideas at [email protected].

Related Stories

12/11/24: Cynopsis Jobs

shake hands

Wednesday December 11, 2024 COUNSEL, LEGAL & BUSINESS AFFAIRS >> MLB NETWORK/SECAUCUS, NJ: Responsible for a variety of matters, including services agreements, production related agreements, talent agreements, software and other technology related agreements, licensing and programming agreements, third party rights clearances, distribution agreements, contract summaries, confidentiality, and general contract matters. Full info

Cynopsis 12/11/24: Matt Gaetz lands at far-right OAN

Matt Gaetz lands at far-right OAN

A CYNOPSIS MESSAGE FROM GREAT AMERICAN MEDIA Great American Family Breaks into Top 25 in Just Three Years Great American Family’s rapid growth is fueled by the success of Great American Christmas, making us one of only 11 networks to see a rise in viewership this November. Welcome Home to the most authentic Christmas celebration […]

Cynopsis 12/10/24: John Wren set to head combined Omnicom/IPG

John Wren set to head combined Omnicom/IPG

Tuesday December 10, 2024    IN THE NEWS Omnicom Group, the world’s third-largest advertising company, has agreed to acquire the fourth-largest, Interpublic Group. The combined company would be the world’s largest ad agency, surpassing WPP, with $25 billion in revenue and over 100,000 employees. The company would retain the Omnicom name, as well as John […]

Cynopsis 12/09/24: Time’s running out for TikTok

Time's running out for TikTok

Monday December 9, 2024    IN THE NEWS A federal appeals court on Friday upheld the sell-or-ban law that calls for TikTok to shed its Chinese ownership. “The First Amendment exists to protect free speech in the United States,” wrote Judge Douglas Ginsburg for the court. “Here the Government acted solely to protect that freedom […]

CynCity

Cynsiders