SlideShare a Scribd company logo

ePrivacy Directive, a 10 steps framework to be as compliant as possible for marketing

Aurélie Pols, profile picture
Aurélie Pols

1. The document outlines a 10-step plan for companies to audit their digital properties and become compliant with the ePrivacy Directive regarding cookies and trackers. 2. It advises scanning websites and apps to identify cookies, pixels and trackers, then working with marketing to decide which to keep or remove. Consent mechanisms may need to be established for some trackers. 3. The classification of cookies and whether consent is needed can depend on how tools are configured, and the broader context is how data is used for direct marketing and lead generation.

Data & Analytics
Related topics:
Sales Funnel Strategies
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
#3 Cookies are not so appetizing anymore ePrivacy Directive: to be "as compliant as possible”? Brussels December 7th 2022 1
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – A plan, mainly for Ad&MarTech I 1. List digital properties: a. Websites: who manages DNS, domain name servers, at your company? b. Are there other digital properties where your company acts as a data controller? Landing pages in other tools than your content management solution (CMS)? c. Start thinking about apps in mobile 2. Scans for cookies, pixels, trackers a. Be ready for uncertainty as results vary so does classification (purpose) 3. Work with the CMO to decide which processors to keep 4. Find the DPAs for those data processors 5. Clean out the code of those unwanted trackers 2
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – A plan, mainly for Ad&MarTech II 6. Set-up a cookie policy a. Define what is required: name of cookie, duration, how to exercise rights, .. b. As with your privacy policy, give this policy a date stamp 7. Define those trackers who need consent a. Classify those necessary vs. those requiring consent b. Be prepared for additional uncertainty 8. Set-up some form of a consent mechanism – CMPs? 9. Create a process to keep these lists & DPAs dynamic 10. Audit twice a year through scanning, update cookie policy & archive 3
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Uncertainty in 7b: depends on configuration 4
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Tool set-ups matter! 5
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Why does this classification matter? 6
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Direct marketing => lead generation The cookies in ePrivacy are just one part of the story The boarder picture is about direct marketing driving leads On your website you’d want to know: 1. where they came from and 2. what they did They might fill in a form and this data is ingested into a CRM where GDPR also plays a role 7 Source: https://marketinginsidergroup.com/wp- content/uploads/2019/04/sales-pipeline.png
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Some forms drop cookies Cookies in forms can be used for fraud detection while others for marketing Suggestion work outside in: 1. From ePrivacy consent obligations 2. To forms impacted by GDPR 3. To sales support using CRM data and other lawful basis beyond consent 8
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – 2 more caveats 1. ePrivacy is more than “just” cookies, see next slide. In this context it also applies to server-to-server communications. Saying this mainly for actors talking about moving away from cookies like Google, see https://blog.google/products/chrome/update-testing-privacy- sandbox-web/ 2. Globally, such set-ups could be impacted by other legislations such as California CCPA/CPRA, which also talks of GPC, Global Privacy Control (similar to DNT and PIMS) 9
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – From the EDPS replying to the FTC "The ePrivacy Directive covers processing of personal data and the protection of privacy including provisions on: the security of networks and services; the confidentiality of communications; access to and storing information on terminal equipment; processing of traffic and location data; calling line identification; public subscriber directories. It also lays down general rules applicable to unsolicited commercial communications ("spam"). Initially, it applied only to publicly available electronic communications services (i.e. internet access provision and telephony services. Since the entry into application of Directive 2018/1972 establishing the European Electronic Communications Code on 20 December 2020, it now applies to all ‘interpersonal communications services’, i.e. services normally provided for remuneration that enable direct interpersonal and interactive exchange of information via electronic communications networks between a finite number of persons, whereby the persons initiating or participating in the communication determine its recipient(s) and does not include services which enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service; this includes also ‘number-independent interpersonal communications service’ such as instant messaging (apps).” Source: https://www.regulations.gov/comment/FTC-2022-0053-0778 10
aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – About Google Analytics • The conversations today are mainly about international data transfers following SchremsII • France, Italy, Denmark, .. Have ruled it inadequate in light of SchremsII + the fact that Google is subject to FISA/EO12333 • French CNIL set-up a list of alternatives https://www.cnil.fr/fr/cookies-et- autres-traceurs/regles/cookies-solutions-pour-les-outils-de-mesure- daudience (September 2021) • Google Analytics is being deprecated so a move to another tool is necessary, see https://support.google.com/analytics/answer/11583528?hl=en • Everybody is praying Biden’s EO will solve the issue • It won’t but what is your time frame for your company’s investments? 11
Thank you for your attention Aurelie.pols@protonmail.com 12

More Related Content

PPTX
The EU ePrivacy Directive - Navigating the UK Cookie Law
Silverpop
 
PDF
GLG webcast impact of GDPR on ad tech
Johnny Ryan
 
PDF
4Ps Cookies Legislation
Ellie_4Ps
 
PDF
EU Privacy for US Businesses - Presentation to Union Square Ventures
Rob Blamires
 
PDF
EU Privacy for US Businesses - Presentation to Union Square Ventures
Rob Blamires
 
ODP
120119 ukgc12-cookies
Peter McClymont
 
PPT
4 ps cookies
4Ps Marketing
 
PPT
Cookies Update
4Ps Marketing
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
Silverpop
 
GLG webcast impact of GDPR on ad tech
Johnny Ryan
 
4Ps Cookies Legislation
Ellie_4Ps
 
EU Privacy for US Businesses - Presentation to Union Square Ventures
Rob Blamires
 
EU Privacy for US Businesses - Presentation to Union Square Ventures
Rob Blamires
 
120119 ukgc12-cookies
Peter McClymont
 
4 ps cookies
4Ps Marketing
 
Cookies Update
4Ps Marketing
 

Similar to ePrivacy Directive, a 10 steps framework to be as compliant as possible for marketing (20)

PDF
Here comes the Cookie Monster
BANNER
 
PDF
Everything B2B Tech Marketers Need to Know About Privacy + Consent
Kiwi Creative
 
PPT
Eprivacy issues and standards -- where do we stand?
Anna Long
 
PDF
Greenlight digital marketing - when the digital cookie crumbles
Greenlight Digital
 
PDF
Your Big Data Opportunity
iCrossing
 
PDF
Privacy and Electronic Communications Regulation - Elaine McKinney
FSR Communications and Media
 
PDF
The DMA conference 2012
Rachel Aldighieri
 
PPTX
GDPR - Australian perspective - the challenge, the opportunity and your duty
Jakub Otrząsek
 
PPTX
Nick Stringer, IAB UK - Preparing for the revised ePrivacy directive
TagMan
 
PPT
DMA North: Legal Update
Rachel Aldighieri
 
PPT
DMA North: The DMA legal update
Rachel Aldighieri
 
PPT
Solved the european e privacy directive and performance marketing - Kevin E...
auexpo Conference
 
PPT
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse
agenda21
 
PPTX
2012-Oct: Effect of EU cookie law on US organisations
Phil Pearce
 
PPT
Cookie Conundrum? Article 5(3) of the EU ePrivacy Directive
Carl-Christian Buhr
 
PPTX
The somewhat awkward marriage between digital marketing and data protection (...
Bart Van Den Brande
 
PDF
Deck for Chardan conference call on ePrivacy and GDPR
Johnny Ryan
 
PDF
Acquia Webinar Deck - 9_13 .pdf
Acquia
 
PDF
Google Solutions for Brands to Build a Privacy-First Strategy
Tinuiti
 
PPTX
Travelodge GDPR Case Study
Sagittarius
 
Here comes the Cookie Monster
BANNER
 
Everything B2B Tech Marketers Need to Know About Privacy + Consent
Kiwi Creative
 
Eprivacy issues and standards -- where do we stand?
Anna Long
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight Digital
 
Your Big Data Opportunity
iCrossing
 
Privacy and Electronic Communications Regulation - Elaine McKinney
FSR Communications and Media
 
The DMA conference 2012
Rachel Aldighieri
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
Jakub Otrząsek
 
Nick Stringer, IAB UK - Preparing for the revised ePrivacy directive
TagMan
 
DMA North: Legal Update
Rachel Aldighieri
 
DMA North: The DMA legal update
Rachel Aldighieri
 
Solved the european e privacy directive and performance marketing - Kevin E...
auexpo Conference
 
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse
agenda21
 
2012-Oct: Effect of EU cookie law on US organisations
Phil Pearce
 
Cookie Conundrum? Article 5(3) of the EU ePrivacy Directive
Carl-Christian Buhr
 
The somewhat awkward marriage between digital marketing and data protection (...
Bart Van Den Brande
 
Deck for Chardan conference call on ePrivacy and GDPR
Johnny Ryan
 
Acquia Webinar Deck - 9_13 .pdf
Acquia
 
Google Solutions for Brands to Build a Privacy-First Strategy
Tinuiti
 
Travelodge GDPR Case Study
Sagittarius
 
Ad

More from Aurélie Pols (20)

PDF
AI Roles and Risk for election year 2024
Aurélie Pols
 
PDF
Preparing for the AI Act - 5 years into GDPR enforcement
Aurélie Pols
 
PDF
Creative destruction & Privacy Whitewashing: where does risk lie?
Aurélie Pols
 
PDF
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
Aurélie Pols
 
PDF
Women in STEM for IE Girl Up Club
Aurélie Pols
 
PDF
For Superweek 2022: discussing risk using IAB's TCF
Aurélie Pols
 
PDF
Interoperability in Digital will take a Global Village
Aurélie Pols
 
PDF
The GDPR is here. So do you know what the courts are saying?
Aurélie Pols
 
PDF
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
Aurélie Pols
 
PDF
GDPR and the aftermath: what are we building towards?
Aurélie Pols
 
PDF
Who Goes There? Demystifying Digital Identity for All (1/2)
Aurélie Pols
 
PDF
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Aurélie Pols
 
PDF
How digitization challenges our values as citizens
Aurélie Pols
 
PDF
Technical Consequences of the Data Subject's Rights
Aurélie Pols
 
PDF
From GDPR to ePrivacy: what does it mean to the advertising sector?
Aurélie Pols
 
PDF
State of EU legislation: GDPR & ePrivacy for Superweek
Aurélie Pols
 
PDF
The Great GDPR MyData Debate - Aurelie Pols - Keynote
Aurélie Pols
 
PDF
The Data Subject First? Decoding the GDPR at StrataData
Aurélie Pols
 
PDF
Brussels data science - Privacy Engineering for Big Data & Data Science
Aurélie Pols
 
PDF
Sibos INNOTRIBE Digital Ethics
Aurélie Pols
 
AI Roles and Risk for election year 2024
Aurélie Pols
 
Preparing for the AI Act - 5 years into GDPR enforcement
Aurélie Pols
 
Creative destruction & Privacy Whitewashing: where does risk lie?
Aurélie Pols
 
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
Aurélie Pols
 
Women in STEM for IE Girl Up Club
Aurélie Pols
 
For Superweek 2022: discussing risk using IAB's TCF
Aurélie Pols
 
Interoperability in Digital will take a Global Village
Aurélie Pols
 
The GDPR is here. So do you know what the courts are saying?
Aurélie Pols
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
Aurélie Pols
 
GDPR and the aftermath: what are we building towards?
Aurélie Pols
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Aurélie Pols
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Aurélie Pols
 
How digitization challenges our values as citizens
Aurélie Pols
 
Technical Consequences of the Data Subject's Rights
Aurélie Pols
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
Aurélie Pols
 
State of EU legislation: GDPR & ePrivacy for Superweek
Aurélie Pols
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
Aurélie Pols
 
The Data Subject First? Decoding the GDPR at StrataData
Aurélie Pols
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Aurélie Pols
 
Sibos INNOTRIBE Digital Ethics
Aurélie Pols
 
Ad

Recently uploaded (20)

PDF
Optimise Shopper Experiences with a Strong Data Estate.pdf
Prasad Chandane
 
PPTX
Pilar Kemerdekaan dan Identi Bangsa.pptx
RyanSyah40
 
PPTX
Steganography Project Steganography Project .pptx
ajoy54
 
PPTX
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
PPT
lectureusjsjdhdsjjshdshshddhdhddhhd1.ppt
dipa69
 
PPTX
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
PDF
Navigating the Thai Supplements Landscape.pdf
TumNana
 
PDF
REAL ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON+256765750853/0705037305
Real illuminati agent from Uganda Kampala call 0782561496/0756664682
 
PPTX
Business_Capability_Map_Collection__pptx
anandazad4
 
PPTX
DS-40-Pre-Engagement and Kickoff deck - v8.0.pptx
GuillermoIgnacioAlva
 
PPTX
Introduction to Inferential Statistics.pptx
CollegeofTeacherEduc3
 
PDF
Introduction to Data Science and Data Analysis
Suraj Patil
 
PDF
Microsoft 365 products and services descrption
KamelAbouSaleh1
 
PPTX
CYBER SECURITY the Next Warefare Tactics
AbdullahAaliyan
 
PPTX
chrmotography.pptx food anaylysis techni
nawahassan45
 
PPTX
A Complete Guide to Streamlining Business Processes
Accentfuture
 
PDF
Tetra Pak Index 2023 - The future of health and nutrition - Full report.pdf
PhmK5
 
PPTX
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
PPTX
Topic 5 Presentation 5 Lesson 5 Corporate Fin
kevinluvr
 
PPTX
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 
Optimise Shopper Experiences with a Strong Data Estate.pdf
Prasad Chandane
 
Pilar Kemerdekaan dan Identi Bangsa.pptx
RyanSyah40
 
Steganography Project Steganography Project .pptx
ajoy54
 
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
lectureusjsjdhdsjjshdshshddhdhddhhd1.ppt
dipa69
 
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
Navigating the Thai Supplements Landscape.pdf
TumNana
 
REAL ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON+256765750853/0705037305
Real illuminati agent from Uganda Kampala call 0782561496/0756664682
 
Business_Capability_Map_Collection__pptx
anandazad4
 
DS-40-Pre-Engagement and Kickoff deck - v8.0.pptx
GuillermoIgnacioAlva
 
Introduction to Inferential Statistics.pptx
CollegeofTeacherEduc3
 
Introduction to Data Science and Data Analysis
Suraj Patil
 
Microsoft 365 products and services descrption
KamelAbouSaleh1
 
CYBER SECURITY the Next Warefare Tactics
AbdullahAaliyan
 
chrmotography.pptx food anaylysis techni
nawahassan45
 
A Complete Guide to Streamlining Business Processes
Accentfuture
 
Tetra Pak Index 2023 - The future of health and nutrition - Full report.pdf
PhmK5
 
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
Topic 5 Presentation 5 Lesson 5 Corporate Fin
kevinluvr
 
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 

ePrivacy Directive, a 10 steps framework to be as compliant as possible for marketing

  • 1. #3 Cookies are not so appetizing anymore ePrivacy Directive: to be "as compliant as possible”? Brussels December 7th 2022 1
  • 2. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – A plan, mainly for Ad&MarTech I 1. List digital properties: a. Websites: who manages DNS, domain name servers, at your company? b. Are there other digital properties where your company acts as a data controller? Landing pages in other tools than your content management solution (CMS)? c. Start thinking about apps in mobile 2. Scans for cookies, pixels, trackers a. Be ready for uncertainty as results vary so does classification (purpose) 3. Work with the CMO to decide which processors to keep 4. Find the DPAs for those data processors 5. Clean out the code of those unwanted trackers 2
  • 3. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – A plan, mainly for Ad&MarTech II 6. Set-up a cookie policy a. Define what is required: name of cookie, duration, how to exercise rights, .. b. As with your privacy policy, give this policy a date stamp 7. Define those trackers who need consent a. Classify those necessary vs. those requiring consent b. Be prepared for additional uncertainty 8. Set-up some form of a consent mechanism – CMPs? 9. Create a process to keep these lists & DPAs dynamic 10. Audit twice a year through scanning, update cookie policy & archive 3
  • 4. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Uncertainty in 7b: depends on configuration 4
  • 5. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Tool set-ups matter! 5
  • 6. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Why does this classification matter? 6
  • 7. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Direct marketing => lead generation The cookies in ePrivacy are just one part of the story The boarder picture is about direct marketing driving leads On your website you’d want to know: 1. where they came from and 2. what they did They might fill in a form and this data is ingested into a CRM where GDPR also plays a role 7 Source: https://marketinginsidergroup.com/wp- content/uploads/2019/04/sales-pipeline.png
  • 8. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – Some forms drop cookies Cookies in forms can be used for fraud detection while others for marketing Suggestion work outside in: 1. From ePrivacy consent obligations 2. To forms impacted by GDPR 3. To sales support using CRM data and other lawful basis beyond consent 8
  • 9. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – 2 more caveats 1. ePrivacy is more than “just” cookies, see next slide. In this context it also applies to server-to-server communications. Saying this mainly for actors talking about moving away from cookies like Google, see https://blog.google/products/chrome/update-testing-privacy- sandbox-web/ 2. Globally, such set-ups could be impacted by other legislations such as California CCPA/CPRA, which also talks of GPC, Global Privacy Control (similar to DNT and PIMS) 9
  • 10. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – From the EDPS replying to the FTC "The ePrivacy Directive covers processing of personal data and the protection of privacy including provisions on: the security of networks and services; the confidentiality of communications; access to and storing information on terminal equipment; processing of traffic and location data; calling line identification; public subscriber directories. It also lays down general rules applicable to unsolicited commercial communications ("spam"). Initially, it applied only to publicly available electronic communications services (i.e. internet access provision and telephony services. Since the entry into application of Directive 2018/1972 establishing the European Electronic Communications Code on 20 December 2020, it now applies to all ‘interpersonal communications services’, i.e. services normally provided for remuneration that enable direct interpersonal and interactive exchange of information via electronic communications networks between a finite number of persons, whereby the persons initiating or participating in the communication determine its recipient(s) and does not include services which enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service; this includes also ‘number-independent interpersonal communications service’ such as instant messaging (apps).” Source: https://www.regulations.gov/comment/FTC-2022-0053-0778 10
  • 11. aurelie.pols@protonmail.com © prepared by Aurélie Pols for Aurelie Pols & Associates – About Google Analytics • The conversations today are mainly about international data transfers following SchremsII • France, Italy, Denmark, .. Have ruled it inadequate in light of SchremsII + the fact that Google is subject to FISA/EO12333 • French CNIL set-up a list of alternatives https://www.cnil.fr/fr/cookies-et- autres-traceurs/regles/cookies-solutions-pour-les-outils-de-mesure- daudience (September 2021) • Google Analytics is being deprecated so a move to another tool is necessary, see https://support.google.com/analytics/answer/11583528?hl=en • Everybody is praying Biden’s EO will solve the issue • It won’t but what is your time frame for your company’s investments? 11
  • 12. Thank you for your attention Aurelie.pols@protonmail.com 12