tag:econsultancy.com,2008:/topics/legal-and-regulations Latest Legal content from Econsultancy 2016-08-02T12:30:00+01:00 tag:econsultancy.com,2008:BlogPost/68108 2016-08-02T12:30:00+01:00 2016-08-02T12:30:00+01:00 Brexit and the Digital Single Market: Three ways forward Todd Ruback <h3>Brexit, data protection and the Digital Single Market</h3> <p>The people have collectively spoken and now policy makers need to forge a path forward that honours the will of the people, while also ensuring the UK’s access to the all important EU economic market – especially the digital market and this is no easy task.</p> <p>The UK’s decision to leave the European Union comes just on the heels of the passage of the EU’s General Data Protection Regulation (GDPR), a massive piece of legislation that aims to give control over personal data back to the individual through a series of new codified rights.</p> <p>The GDPR is a pan-European law that will add certainty for companies selling their wares to EU citizens.</p> <p>More importantly, it is the foundation of the <a href="http://ec.europa.eu/priorities/digital-single-market_en">Digital Single Market</a>, a strategic European initiative that aims to create fertile conditions for European-based innovation that will add billions of Euros to the overall economy, the UK included, while creating countless jobs.</p> <p><iframe src="https://www.youtube.com/embed/mTeqrJJPkfg?wmode=transparent" width="560" height="315"></iframe></p> <p><em>As well as increasing access to goods and services, the Digital Single Market will also improve networks and drive economic growth</em></p> <p>The UK’s pending exit from the EU puts it at risk of not participating in the Digital Single Market unless another option can be implemented.</p> <p>Here are three possible paths forward, none of them straightforward, but paths nonetheless.</p> <h3>Three paths forward</h3> <p><strong>1. UK adopts GDPR</strong></p> <p>The UK can adopt the GDPR as its own national data protection legislation, but then would still be left with the dystopian act of applying – upon a politically bended knee – to the EU to be granted “adequacy” status, which is legal jargon recognising that your data protection law offers the equivalent level of protection that the GDPR provides.</p> <p>If you receive “adequacy”, as countries like Canada and Argentina have been granted, then data can flow between the two economies freely.</p> <p>At issue is whether political egos will get in the way of applying for “adequacy” designation, and that is impossible to predict.</p> <p><strong>2. Be Switzerland </strong></p> <p>A second path forward would be for the UK to follow the Swiss model and negotiate a series of critical trade agreements with the EU that will allow the UK access to the EU digital market.</p> <p>While a series of one-off trade agreements may require a lot of heavy lifting and must be done quickly, it is important to remember that reciprocal access by the EU to the UK economy, the second largest in the EU after Germany, is important to the EU.</p> <p><strong>3. EEA Membership</strong></p> <p>A third path forward may be the simplest and could represent a balanced approach that would both honour the collective will of UK citizens, while still providing access to the EU Digital Single Market.</p> <p>Namely, the UK could apply to become part of the European Economic Area (EEA), a 1994 agreement that opens the EU market to non-member states under certain situations.</p> <p>Norway is the prime example, but there are technical considerations that I am not qualified to comment on that still must be met before a country can join the EEA, and like the first option, could result in an unbalanced relationship since membership is contingent upon meeting EU mandated and monitored requirements.</p> <h3>Riveting but serious </h3> <p>The UK political theatre playing out in front of us is riveting, especially for an American privacy wonk such as myself.</p> <p>But its entertainment value is far outweighed by the economic seriousness that portent if cool heads don’t negotiate a way forward.</p> <p>I know some of these cool heads, both in London and Brussels, and am confident that they will find that path forward that honours the democratic will of the referendum, while also fostering conditions for joint economic prosperity.</p> <p>It’s in everyone’s best interest.</p> <p><em>More on Brexit and the UK's digital economy:</em></p> <ul> <li> <a href="https://econsultancy.com/blog/68003-ecommerce-in-the-uk-post-brexit-positives-negatives-opportunities/">Ecommerce in the UK post-Brexit: Positives, negatives &amp; opportunities</a> </li> <li> <a href="https://econsultancy.com/blog/68001-how-will-brexit-impact-digital-businesses-and-marketers/">How will Brexit impact digital businesses and marketers?</a> </li> <li> <a href="https://econsultancy.com/blog/68099-three-ways-uk-retailers-can-utilise-the-post-brexit-gbp-drop-to-target-international-customers/">Three ways UK retailers can utilise the post-Brexit GBP drop to target international customers</a> </li> </ul> tag:econsultancy.com,2008:BlogPost/68067 2016-07-15T14:27:00+01:00 2016-07-15T14:27:00+01:00 Is ad fraud the 21st century drug trade? Patricio Robles <p>The Senators are concerned that ad fraud, which is estimated to be costing advertisers billions annually, could eventually lead companies to pass the costs of fraud on to consumers in the form of higher prices.</p> <p>They are also concerned that as fraudsters flood the online ad market, consumers will be at greater risk of having personal information stolen and abused.  </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Here's an amazing fact: by 2025, the digital ad market could be 2nd only to drug trafficking as largest revenue source for organized crime</p> — Mark Warner (@MarkWarner) <a href="https://twitter.com/MarkWarner/status/752512068562063360">11 de julio de 2016</a> </blockquote> <h3>The role of programmatic</h3> <p>While digital ad fraud has been around in some form or another since digital ads first appeared, it appears to be becoming more lucrative and complex.</p> <p>There's more digital ad inventory than ever, and many advertisers are pouring more and more money into digital spend. At the same time, publishers and advertisers have embraced <a href="https://econsultancy.com/reports/the-cmo-s-guide-to-programmatic">programmatic</a> ad buying.</p> <p>According to Senator Mark Warner of Virginia, this makes for a dangerous combination. <a href="http://www.wsj.com/articles/senators-urge-ftc-to-examine-ad-fraud-1468231200">He told</a> the Wall Street Journal... </p> <blockquote> <p>This is a $60 billion industry, and some of the fraud numbers suggest that 10% of that is being wasted. And you’re seeing some of the same tools [we saw] in stock manipulation. This needs to be looked at.</p> </blockquote> <p>Warner likens the ad fraud problem to the 2008 financial crisis, and suggests that "some of the tech community has swept this under the rug," though he admits that he and other lawmakers have a lot to learn about the subject before the possibility of legislation should be put on the table.</p> <p><strong>But is ad fraud really a problem that can legitimately be compared to drug trafficking? That isn't so clear.</strong></p> <p>The industry is <a href="https://econsultancy.com/blog/67660-what-can-prevent-ad-fraud-we-ask-an-ad-tech-ceo">well aware of the issue</a>, and many parties are working to mitigate it.</p> <p>The good news is that digital advertising is one of the most accountable forms of advertising, so prudent advertisers have many opportunities to ensure that they're not being taken for a ride.</p> <p>So what explains the fact that advertisers are estimated to be spending billions on fraudulent ads that aren't being seen by real people? It's simple: in most cases, ad prices reflect advertisers' knowledge that fraud and <a href="https://econsultancy.com/blog/67076-the-rise-and-rise-of-ad-blockers-stats">ad blockers</a> will prevent 100% viewability.</p> <p>As former brand marketer Rick Webb <a href="https://econsultancy.com/blog/66712-former-brand-marketer-banner-ads-suck-but-they-re-great">explained last year</a>...</p> <blockquote> <p>We’ll spend a million bucks on a literal f**k ton of banners (I mean, just billions of the things, it’s crazy). And then we’ll do targeted brand sentiment and purchase-intent surveys using our internal peeps, online along with companies like Nielsen and Foresee, and offline with a bunch of (really quite awesome) companies you’ve never heard of. Then we’ll see whether the banners moved the needle, and if they did (and they often do), we’re happy.</p> </blockquote> <p>In other words, <a href="https://econsultancy.com/blog/67632-why-chasing-after-100-viewability-makes-no-sense-for-advertisers">100% viewability isn't required</a> to run profitable campaigns, and sophisticated advertisers are more than capable of factoring viewability into their considerations when determining how much they should pay for ads.</p> <h3>The bigger problem?</h3> <p>Obviously, this doesn't mean that ad fraud isn't a problem worth addressing, but the idea that ad fraud, and programmatic ad fraud in particular, is going to create a Wall Street-like crisis that threatens the digital advertising ecosystem seems far-fetched.</p> <p>If anything, lawmakers and regulators should be more concerned about how fraudsters <a href="https://econsultancy.com/blog/67924-is-facebook-doing-enough-to-prevent-fraudulent-ads">are using digital ads to target consumers</a>. Long-term, that is perhaps the biggest threat to digital advertising that publishers and advertisers should be most concerned about.</p> <p><em>Want to know more, why not attend <a href="http://conferences.marketingweek.com/mc/programmatic/getwiththeprogrammatic">Get With the Programmatic</a>, Marketing Week and Econsultancy's one-day conference on 21st September in London, to hear from brand and agency experts.</em></p> tag:econsultancy.com,2008:BlogPost/67923 2016-06-09T14:43:00+01:00 2016-06-09T14:43:00+01:00 Influencer marketing is becoming a joke: What can brands do about it? Patricio Robles <p>That dark side was on display for all to see recently when Scott Disick, a television personality best known for his relationship with reality TV star and socialite Kourtney Kardashian, was caught posting an ostensibly paid promotion for Bootea protein shakes.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5705/oops-blog-flyer.jpg" alt="" width="415" height="738"></p> <p>As the screenshot above demonstrates, Disick's Bootea Instagram post was about as far from authentic as is possible and not surprisingly, Disick was subsequently teased and lambasted for his embarrassing faux pas.</p> <p>Brands should take note and heed the following advice to ensure their influencer marketing campaigns don't become a joke.</p> <h3>1. Align your brand with the right influencers</h3> <p>With 16.4m Instagram followers, Scott Disick's ability to reach a large number of people is hard to dispute.</p> <p>But why would Bootea, a health and wellness brand, align itself with a celebrity who is known for his hard-partying ways and who has made headlines for his struggles with drug and alcohol abuse?</p> <p>While Disick shouldn't be shamed for those struggles, it's hard not to think that Bootea would have been better off aligning itself with influencers whose lifestyles are more consistent with its values.</p> <p>Long-term, that is a much safer bet.</p> <h3>2. Think bigger than paid posts</h3> <p>For obvious reasons, paid posts are not going away.</p> <p>But any good influencer campaign should be more thoughtful and comprehensive than paid posts that are the social web equivalent of product placement.</p> <p>The reason for this is that paid posts alone are probably not going to move the needle, especially if those paid posts are not compelling and not clearly aligned with the influencer's persona. </p> <h3>3. Trust your influencers</h3> <p>If a brand can't trust an influencer to write his or her own 140-character tweet or caption for an Instgram post, the influencer relationship needs to be reassessed.</p> <p>Influencer content, even when paid for, should at least <em>appear</em> to be somewhat authentic.</p> <p>Here, an influencer was directed to publish a post referencing a morning protein shake in the afternoon. #fail</p> <h3>4. Co-create, and demand more</h3> <p>Naturally, brands are going to want to have some say in what influencers post.</p> <p>But a brand shouldn't have to direct an influencer to write something as simple as "Keeping up with the summer workout routine..."</p> <p>Instead, they should <a href="https://econsultancy.com/reports/influencing-the-influencers-the-magic-of-co-created-content">co-create content</a> with their influencers to ensure that they stay on message without compromising the influencer's authenticity and creativity.</p> <p><img src="https://assets.econsultancy.com/images/0007/5752/disick.jpg" alt="" width="578" height="370"></p> <p>And they should demand the latter to ensure that they don't get lazy, uninspired content like the above, which is another paid post Disick published for Bootea several weeks ago.</p> <p>Note the similarity to the botched paid post, and the fact that neither post even suggests that Disick is actually using the product. There isn't a glass in sight in either photo.</p> <h3>5. Don't ignore the rules</h3> <p>Although Disick fixed his Instagram faux pas and included the hashtag #ad to identify his post as a paid advertisement, brands looking to ensure their influencer marketing campaigns don't fail should remember not to ignore <a href="https://econsultancy.com/blog/67368-what-advertisers-need-to-know-about-the-ftc-s-new-guidance-on-native-ads/">the guidances provided by the Federal Trade Commission</a> vis-à-vis advertising disclosures.</p> <p>While the FTC obviously can't take action against every violator, <a href="https://www.ftc.gov/news-events/press-releases/2016/03/lord-taylor-settles-ftc-charges-it-deceived-consumers-through">the agency recently settled</a> with Lord &amp; Taylor after alleging that the retailer, among other things, paid Instagram fashion influencers to post pictures of themselves wearing a dress it sold.</p> tag:econsultancy.com,2008:BlogPost/67924 2016-06-07T14:22:00+01:00 2016-06-07T14:22:00+01:00 Is Facebook doing enough to prevent fraudulent ads? Patricio Robles <p>As <a href="https://medium.com/@hunchly/bait-and-switch-the-failure-of-facebook-advertising-an-osint-investigation-37d693b2a858">detailed on his blog</a>, Seitz stumbled onto this subject after noticing a provactive ad related to professional hockey player Sidney Crosby. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5753/fbad-blog-flyer.png" alt="" width="347" height="347"></p> <p>Seitz observed that the URL associated with the ad, ctvnews.ca, belongs to a reputable Canadian news outlet, so he clicked on the ad.</p> <p>He found himself on a website that resembled ESPN.com, not ctvnews.ca, but the domain, espn.l1dh.com, was dubious.</p> <p>Scrolling down, Seitz found a number of ads for supplements:</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5754/fbspoof-blog-flyer.png" alt="" width="358" height="344"></p> <p>At the bottom of the page were apparent testimonials, presented in the format of an embedded Facebook Comments Plugin, but it wasn't genuine.</p> <p>Instead, Seitz discovered that the creator of the page had taken photos of real people and attributed fake comments to them.</p> <p>Seitz concluded:</p> <blockquote> <p>Clearly someone has figured out how to game the Facebook system in order to run ads that look like they lead one place (ctvnews.ca) and ultimately lead to somewhere vastly different.</p> <p>Not only that but they are repeatedly using trademarked names, terms, and false information to sell product. This violates a number of Facebook advertising policies.</p> <p>My guess is that you sign up for the “Free Trial” and you are going to get dinged once a month for life. Or worse.</p> </blockquote> <p>Using Hunchly, Seitz decided to see if he could figure out how common this was.</p> <p>He quickly identified another Facebook ad on a page he had viewed months ago, this one also appearing suspicious and being associated with the URL of a legitimate Canadian news organization. </p> <p>This ad, which also eventually led to a landing page hosted on a suspicious domain, used Google's URL shortening service, so Seitz was able to determine that in a very short period of time, the shortened URL saw 26,812 clicks, at least nearly half of which originated on Facebook.</p> <p>The worrisome implication...</p> <blockquote> <p>...fraudsters can create ads that appear to point to legitimate sites, and then drive tens of thousands of clicks through to their landing pages.</p> <p>Facebook apparently is asleep at the wheel, and sadly, I feel that the general Facebook user and consumers as a whole are being victimized because of it.</p> </blockquote> <p>In an attempt to verify this, Seitz himself set up a Facebook ad campaign for Hunchly and specified that CNN.com be the display URL.</p> <p>"Surely they must catch the fact that the destination URL is not even close to the displayed URL. Surely they must see how bad this would be for the average consumer or Facebook user."</p> <p>But that wasn't the case. To Seitz's amazement, the ad was approved.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5756/fbad2-blog-flyer.png" alt="" width="405" height="378"></p> <h3>What gives, Facebook?</h3> <p>While Seitz's proposed solution for this problem, checking to ensure that the landing page domain matches the display domain, is probably too simplistic to be viable, his investigation does raise serious questions about how well Facebook is policing ads.</p> <p>Certainly, the apparent ease with which advertisers can use display URLs referencing popular news sites is hard to understand.</p> <p>As Seitz noted,<strong> "If you tried this in Google AdWords, you would be laughed right out of your account."</strong></p> <p>One commenter suggested that the apparent fraud Seitz discovered only scratches the surface.</p> <p>"I'm afraid you have no idea how black (hint: think Archer) the black hat advertising on Facebook can go, this is not even the tip of the iceberg," he wrote.</p> <p>Others on Hacker News <a href="https://news.ycombinator.com/item?id=11839603">suggested</a> much the same thing, with one person even <a href="https://news.ycombinator.com/item?id=11841815">claiming</a> that "an affiliate acquaintance I met once bribed a Facebook employee, who set his account to autoapprove any ad he wanted.</p> <blockquote> <p>He used this to advertise Google Is Hiring: Work from Home credit card rebill offers. He told me he made $80,000 in the four days it took Facebook to discover it.</p> </blockquote> <p>Obviously, in its defense, Facebook, as one of the largest players in online advertising, has a tough job.</p> <p>Keeping up with scammers and advertisers looking to bend the rules to exploit its massive audience will realistically be an ongoing process, and Facebook isn't going to catch every black or gray hat tactic before it gets employed successfully.</p> <p>But as with any ad company, Facebook faces an inherent conflict: even though it has good reason not to let bad ads overtake its network, it still profits from them.</p> <p>The company's revenue grew a whopping 57%, from $3.3bn to $5.2bn, in the first quarter of the year, so the stakes are high. </p> <p>And with Facebook <a href="https://www.facebook.com/business/news/facebook-powered-ads-for-more-people">extending its Audience Network to show ads to non-Facebook users</a>, the stakes will soon be even higher for Facebook, legitimate advertisers and consumers alike.</p> tag:econsultancy.com,2008:BlogPost/67784 2016-04-27T11:06:15+01:00 2016-04-27T11:06:15+01:00 EU data laws: An update on GDPR & Privacy Shield Todd Ruback <p>The controversial Apple and FBI matter – where the FBI sought to compel Apple to unlock an old iPhone model as part of a domestic terrorism investigation – has already become old news.</p> <p>In the EU, terrorism in Brussels and Paris is forcing uncomfortable and morally difficult conversations about security, privacy, and fundamental human rights. </p> <p>While I am optimistic that we will arrive at a good place, the EU is enacting a flurry of powerful new privacy laws that will impact us all.</p> <h3>General Data Protection Regulation (GDPR)</h3> <p>On the 14<sup>th</sup> April 2016, the EU Parliament <a href="https://econsultancy.com/blog/67540-what-is-the-eu-general-data-protection-regulation-gdpr-why-should-you-care/">formally adopted the GDPR</a>; another legislative step in the multi-year process to overhaul the EU’s disparate data protection laws. </p> <p>The next step will be for the GDPR to be officially published, translated, and put to print in the Official Journal of the European Union, hopefully by June.</p> <p> Just 20 days following that, the two-year countdown to the GDPR taking effect will commence. </p> <p>As the GDPR winds its way through the end of this legislative process, it’s important to note how much work organisations will have to complete during this small two-year window. </p> <p>It will strengthen the individual’s control over their personal data by new rights that will be bestowed upon EU citizens, such as the right to data portability and the right to be forgotten (erasure).</p> <p><img src="https://assets.econsultancy.com/images/0007/4342/The_EU.jpg" alt="" width="800" height="600"></p> <p>On the flip side, organisations will have new codified obligations to honour the individual’s rights, and these obligations will force companies to create new privacy-centric business processes – no easy task in the best of times. </p> <p>For example, the quaint notion of “bundled” consent – those dense, unreadable Terms and Conditions buried in the footer of a site that say use of the website constitutes consent to the company’s data practices – is non-existent. </p> <p>In it’s place, companies are going to have to give prominent notice and obtain a user’s consent when a person visits their website.</p> <p>Other changes include more transparent privacy policies and the requirement to have processes for a person to access, review, and correct their personal data, as well as request that data can be easily transferred or taken from one service provider to another.</p> <p>All of this, and more, needs to be considered, created, tested, and put in place by the time the GDPR takes effect. That means you need to start now.</p> <p><strong>Why is this important?</strong> </p> <p>Namely because the EU’s data protection authorities have enhanced new enforcement powers that include the ability to penalise an organisation up to €20m or 4% of it’s annual global turnover, whichever is greater.</p> <h3>Privacy Shield </h3> <p>While the GDPR’s impact will be huge, at the same time, the evolution of the digital world continues to sprint forward. </p> <p>Similar to the Berlin Wall, digital borders have come crashing down; allowing for the natural flow of data between Member States but also between the EU and US, its largest trading partner. </p> <p>Both economies are in fact dependent upon this fundamental notion. </p> <p>However, the fledgling Privacy Shield – a heavily negotiated replacement to <a href="https://econsultancy.com/blog/67144-safe-harbor-2-0-an-update-on-eu-privacy-law/">the invalidated US Safe Harbor Program</a> – recently received a tepid review by the Article 29 Working Party (WP29).</p> <p><img src="https://assets.econsultancy.com/images/0007/4343/safe_harbor.png" alt="" width="351" height="144"></p> <p>The Privacy Shield at the highest level is a mechanism that allows organisations to transfer personal data about EU citizens to companies in the US. </p> <p>It’s needed because the EU, for a host of reasons, has not recognised the US as a country that has “adequate” data protection laws, although the US does in fact heavily regulate data protection through a variety of laws and robust enforcement. </p> <p>But because of this political fact, a negotiated agreement that created a mechanism needed to be put in place, thus the Safe Harbor Program (which became obsolete), and now the Privacy Shield.</p> <p>Although many thought-leaders have concluded that the Privacy Shield provides essentially equivalent levels of data protection as EU law, the WP29 has chosen a more cautious route, one that whilst not rejecting it, also doesn’t endorse it. </p> <p>I anticipate the Privacy Shield will be heavily challenged in the EU courts, but that it will ultimately prevail. </p> <p>Any other result would have a tremendous negative impact on both economies, which no reasonable person could want.</p> <h3>ePrivacy Directive </h3> <p>On the 12<sup>th</sup> April 2016, the European Commission began its comprehensive review of <a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">the ePrivacy Directive</a>. </p> <p>Some call it the cookie law, which requires companies to give notice and get consent before they use any sort of tracking technologies or analytics tools when you visit their sites. </p> <p>The Directive also restricts how telecom providers can treat or move electronic communications. The review aims to close any potential gaps between the ePrivacy Directive and the GDPR.</p> <p>As a stakeholder in the process, I am aware how important it is to get it right. </p> <p>Of concern to me is the separate notice and consent requirement the ePrivacy Directive has from the GDPR. </p> <p>But I am also confident that the distinct transparency requirements between the two laws can be merged so the consumer can be well informed and make meaningful decisions that are best for themselves.</p> tag:econsultancy.com,2008:BlogPost/67743 2016-04-15T14:14:27+01:00 2016-04-15T14:14:27+01:00 The five announcements from Facebook's F8 conference that you need to know about Patricio Robles <h3>Messenger Platform</h3> <p><a href="https://econsultancy.com/blog/67551-private-messaging-is-social-s-next-big-ad-frontier">Private messaging is social's next big ad frontier</a> and talk of <a href="https://econsultancy.com/blog/66234-is-facebook-about-to-open-messenger-to-content-producers-brands">Facebook opening its Messenger app to brands</a> has been circling for more than a year.</p> <p>One of the biggest announcements at the F8 conference was <a href="http://newsroom.fb.com/news/2016/04/messenger-platform-at-f8/">the beta launch of Messenger Platform</a>, which allows third parties to develop <a href="https://econsultancy.com/blog/67697-does-the-rise-of-messaging-apps-mean-brands-need-a-bot-strategy">bots</a> that interact with Messenger's 900m users. </p> <p><img src="https://assets.econsultancy.com/images/0007/3950/how-to-search-for-bots-on-messenger.jpeg" alt="" width="249" height="483"></p> <p>According to David Marcus, Facebook's VP of Messaging Products...</p> <blockquote> <p>Bots can provide anything from automated subscription content like weather and traffic updates, to customized communications like receipts, shipping notifications, and live automated messages all by interacting directly with the people who want to get them.</p> </blockquote> <p>Facebook has created a number of discovery tools to help users find bots that may be of interest to them, and users will have the ability to block communications that are unwanted.</p> <p>Facebook says it has established strict review and oversight policies to ensure that brands don't abuse its <a href="https://messengerplatform.fb.com/">Messenger Platform</a>.</p> <h3>Facebook Live API</h3> <p><a href="https://econsultancy.com/blog/67712-seven-helpful-tips-for-livestreaming-success">Livestreaming</a> is the subject of a lot of buzz today, and Facebook believes that it's a meaningful trend.</p> <p>The social network <a href="https://econsultancy.com/blog/67603-what-marketers-need-to-know-about-facebook-s-livestreaming-push">is pushing to be a livestreaming leader</a>, so it's no surprise that Facebook has built a Live API, which <a href="https://media.fb.com/2016/04/12/introducing-the-facebook-live-api/">it unveiled at F8</a>.</p> <p>Thanks to the Live API, publishers wanting to broadcast directly to Facebook can work with Facebook's Media Solutions partners, and access advanced capabilities, such as the ability to mix multiple video and audio sources and to combine the Live API with Facebook's Graph API to access live video comments, reactions, and mentions in real-time.</p> <p>According to Facebook, "You can use this information to reflect viewer engagement in real time and create on-screen graphics that show live poll results, analyze comments, and enable comment moderation."</p> <p>The Live API will also allow hardware manufacturers to integrate with Facebook Live.</p> <p>Already, a number of camera manufacturers have taken advantage of this, and drone manufacturer DJI has integrated its GO app with Facebook's Live API so that drone pilots can stream their flights.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3955/facebooklivedrone-blog-flyer.jpg" alt="" width="470" height="264"></p> <h3>Account Kit</h3> <p>Use of <a href="https://econsultancy.com/blog/66711-social-login-adoption-grows-despite-privacy-concerns">social login</a> has grown significantly in recent years and Facebook is aiming to make it even easier for consumers to access third-party apps with <a href="https://developers.facebook.com/blog/post/2016/04/12/grow-your-app-with-account-kit/">Account Kit</a>, a new tool that allows individuals to sign in with just a phone number or email address, even if they don't have a Facebook account.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3956/12995596_1709301726022225_16641357_n-blog-flyer.png" alt="" width="470" height="299"></p> <p>Account Kit gives app owners the ability to customize UI and access analytics.</p> <p>Facebook also offers a backup notification option for users of its social network, which it says can help conversions...</p> <blockquote> <p>If a person chooses to sign into your app using their phone number, but doesn't receive an SMS, but does have a Facebook account, they can choose to receive a Facebook notification to complete the login process.</p> <p>We built this backup option to help increase your conversion rate by making sure people have more ways to log in if needed.</p> </blockquote> <p><a href="https://developers.facebook.com/docs/case-studies/saavn">According to</a> Facebook, music streaming app Saavn saw its daily signups grow by 33% within two months of adopting Account Kit. </p> <h3>New Sharing Tools</h3> <p><img src="https://assets.econsultancy.com/images/0007/3957/facebooksave.jpg" alt="" width="236" height="452"></p> <p><a href="https://econsultancy.com/blog/67733-the-facebook-context-collapse-how-decline-in-personal-sharing-might-affect-brands">Facebook is fighting "context collapse"</a> and to encourage more sharing, the company released a number of new sharing tools at F8.</p> <p>These include:</p> <ul> <li> <strong>Quote Sharing</strong>, which allows Facebook users to more easily share quotes they like from websites and apps.</li> <li> <strong>Hashtag Sharing</strong>, which gives users the ability to add a hashtag to content they share from apps.</li> <li>A <strong>Save Button</strong> that extends Facebook's Save functionality to third-party sites that integrate it.</li> </ul> <p>Additionally, Facebook has released <a href="https://developers.facebook.com/docs/sharing/insights">Sharing Insights</a> and an improved Sharing Debugger to help publishers better track sharing activity and manage their sharing integrations.</p> <h3>Rights Manager</h3> <p>Facebook's rise as an online video powerhouse is a double-edged sword for content owners which are increasingly grappling with copyright infringment issues on the world's largest social network.</p> <p>In an effort to address this, Facebook created <a href="https://rightsmanager.fb.com/">Rights Manager</a>, an online tool that gives content owners the ability to upload a reference library of their content, along with associated rules, so that possible violations can be identified and reported more efficiently.</p> <p>Content owners can apply for access to Rights Manager. Currently, Facebook says it is providing access based on need.</p> tag:econsultancy.com,2008:BlogPost/67540 2016-02-18T10:50:58+00:00 2016-02-18T10:50:58+00:00 What is the EU General Data Protection Regulation (GDPR) & why should you care? Nick Stringer <p>However, the next few years will see a ‘sea-change’ in privacy and data protection law: organisations face a new privacy challenge.</p> <h3><strong>Enter the EU General Data Protection Regulation (GDPR)</strong></h3> <p>Having just got used to the changes brought in by the <a href="http://www.iabuk.net/policy/briefings/updated-iab-factsheet-july-2015-the-revised-eprivacy-directive" target="_blank">revised ePrivacy Directive</a> (the so-called ‘<a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">cookie law</a>’) - replacing the ‘notice and opt out’ provisions for the use of cookies and other technologies to one based upon ‘consent’ - European policy-makers have agreed an update to the existing data protection legal framework dating back to 1995 (in the UK, the 1998 Data Protection Act).</p> <p>Known as the <a href="http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm" target="_blank">EU General Data Protection Regulation (GDPR)</a>, it is expected to be formally agreed in the coming months although won’t actually come into force until mid-2018.</p> <p>However, after nearly four years of debate and discussion in Brussels, it introduces new aspects that will require a different approach.</p> <p>It won’t overhaul existing data protection law completely but organisations need to sit up and take note now.</p> <h3><strong>So what’s new? </strong></h3> <p>There has been a wide range of debate about the new regulation: Will it place too many restrictions on the use of data? How will the ‘open’ internet fare? Is it a ‘milestone’ for the digital world?</p> <p>The devil is in the 200+ pages of text, but there are four specific changes to be aware of now:</p> <p><strong>1. It aims to deliver 'one law across one continent’.</strong></p> <p>In updating the existing framework, the policy-makers in Brussels wanted to take into account the world we live in today where vast amounts of digital information are collected, exchanged and used every second.</p> <p>They also sought to recognise that this world is global. To this extent, the new law is what is known as a ‘Regulation’.</p> <p>So, unlike the ‘cookie law', it will apply consistently across EU markets. However, in reality, many aspects are devolved to national jurisdictions.</p> <p><strong>2. It’s scope is broad. </strong></p> <p>The drafters will argue otherwise. But, with a few exceptions, all data is now ‘personal’ whether it directly identifies an individual or not.</p> <p>Therefore, in practice, a lot more data is swept up in the regulatory net.</p> <p><strong>3. The new law’s influence stretches beyond European shores in an attempt to recognise the global nature of data. </strong></p> <p>If an organisation is processing personal data about a person who is in the EU then the rules will apply regardless of where the organisation is located. </p> <p><strong>4. The penalties for a breach have been ramped up. </strong></p> <p>For serious violations the fine is €20m or 4% of annual global turnover, whichever is higher.</p> <h3><strong>A need for consistent &amp; practical EU-wide guidance</strong></h3> <p>The political necessity to find an agreement in Brussels before Christmas contributed to many aspects of ambiguity in the final text.</p> <p>But we should be used to this from policy-makers by now and, while organisations seek legal clarity, this may not be such a bad thing given what was on the table six months ago.</p> <p>While the Regulation will be done and dusted by the middle of this year, there will be a need for consistent and practical guidance across Europe, particularly on areas such as ‘consent'.</p> <p><a href="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg"><img src="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg" alt="" width="470" height="353"></a></p> <p>Working with industry, Data Protection Authorities (DPAs), such as the UK Information Commissioner’s Office (ICO), need to produce consistent EU guidance to help deliver practical, realistic and creative ways of achieving compliance.</p> <p>The experience of the ‘cookie’ law illustrates only too well that we require something that actually works for users: improving their control without interrupting their experience.</p> <h3><strong>What about the Cookie Law? </strong></h3> <p>The revised ePrivacy Directive stays in force for now.</p> <p>However, it will need to eventually align (specifically Article 5.3 regarding cookies, etc.) with the new Regulation to ensure organisations do not face ‘double-regulation'.</p> <p>There are many different views on its future and work is already underway to review it in Brussels.</p> <h3><strong>Next steps</strong></h3> <p>It is clear is that, in the next few years, the data protection and privacy landscape is going to change.</p> <p>The ICO, the UK body that will enforce the new law, has already kicked off its implementation process and it will soon have a new section of its site dedicated to this.</p> <p>It is worth organisations following this and the ICO’s updates. Those businesses and organisations that get out in front are likely to gain the advantage.</p> tag:econsultancy.com,2008:BlogPost/67144 2015-11-05T10:28:50+00:00 2015-11-05T10:28:50+00:00 Safe Harbor 2.0? An update on EU Privacy Law Todd Ruback <p>This is an important development on a number of levels. While there are other legal mechanisms that allow for the transfer of personal data outside of the EU, the Safe Harbor Program, with over 4,000 companies participating, was clearly the most popular. </p> <p>The effect of the court’s ruling was to immediately make data transfers under this program illegal. </p> <p>While some interpret the court’s ruling as politically motivated, or as wreaking havoc on a negotiated bi-lateral agreement, I see this moment as an opportunity. </p> <p>After the Snowden revelations about the NSA’s surveillance programs, our European colleagues were kind enough to enumerate 13 specific areas for improvement of the program. </p> <p>To be fair, many of them were well reasoned and I was encouraged that the Department of Commerce was open to change. </p> <p>In fact, at the time of the court’s ruling in <a href="https://en.wikipedia.org/wiki/Max_Schrems">the Schrems case</a> it was reported that the negotiators were down to a final point or two, namely the right of EU citizens to have judicial redress against US companies, and indiscriminate governmental surveillance.</p> <p><img src="https://assets.econsultancy.com/images/0006/8703/harbor.jpg" alt="" width="500" height="375"></p> <p>The court’s ruling may be just the spur to motivate the negotiators to close the gap on these last points, and I’m confident that a new understanding will emerge.</p> <p>Lost in the noise surrounding the Schrems case is a nuanced and important point that it wasn’t the framework that was invalidated, just the program. </p> <p>That means that it is subject to change and once the negotiated points are agreed upon, then the program may back in a new and improved form. </p> <p>I am hopeful that this is exactly what will occur and if it took the European Court of Justice to help us over the finish line, then they deserve a big thank you.</p> <p>Of course no one knows if Safe Harbor 2.0, as it is already being called, will indeed be born, and even if it is it may have a completely different look and feel. </p> <p>My guess is that it will be and that we can anticipate more robust monitoring and enforcement, something the FTC has already begun, and something we can all get behind. </p> <p>Some are also speculating that the Safe Harbor seal program, where approved third party providers do annual audits, may be a thing of the past.</p> <p><img src="https://assets.econsultancy.com/images/0006/8705/safe_harbor_2.0.png" alt="" width="351" height="144"></p> <p>Also, look for EU citizens securing better access to their personal data and an easier path to obtain judicial relief, an important and valid issue. </p> <p>Finally, look for a mechanism that limits certain types of governmental surveillance. </p> <p>While nobody doubts the need for governments to access data to keep citizens safe, well-reasoned policy makers also recognise the imperative to balance access to that data with citizens’ fundamental rights to privacy.</p> <p>While I hope that Safe Harbor does indeed get revamped, it is wise to prepare a Plan B, just in case it doesn’t. </p> <p>The Working Party 29, in response to Schrems, quickly convened and issued a statement reiterating that the present program is no longer a valid way to transfer data out of the EU, while also leaving the door open for a new and improved Safe Harbor to emerge. </p> <p>However, hope is not a good strategy, so the WP29 also gave clear expectations that organisations have until January 31 2016 to put in place an alternative transfer mechanism, namely either Standard Contractual Clauses or Binding Corporate Rules, both which are already on the books as approved avenues to move data. </p> <p>Implementing a Plan B, especially as we enter the end of the year, will take significant work for any company, possibly utilising outside counsel with expertise in international data transfers. </p> <p>But it is an investment well worth it as it will force us all to review our data management practices to ensure that they are still world class and that we are in fact doing what we think and say we are doing. </p> <p>In the end, this is no bad thing. </p> tag:econsultancy.com,2008:BlogPost/67032 2015-10-13T11:40:57+01:00 2015-10-13T11:40:57+01:00 The end of the Safe Harbor Agreement: What next for digital marketing? Tim Roe <h3><strong>What did the Safe Harbor agreement actually do?</strong></h3> <p>In EU law (from which the UK Data Protection Act is drawn), a Data Controller who needs to transfer data outside of the European Economic Area must do due diligence on where they intend to send the data.</p> <p>They need to satisfy themselves that the data protection will be the same or better than provided within the EU. </p> <p>It’s quite an undertaking, because if anything goes wrong it’s down to the Data Controller to prove they took all reasonable steps to ensure the data’s safety. If they can’t do that, they could well have broken the law.</p> <p>It also counts if the personal data belongs to EU Citizens and is being gathered by a non EU organisation, like Facebook for instance.</p> <p>Enter Safe Harbor, an agreement between the EU and the US that allowed any organisation agreeing to its principles to be deemed adequate in relation to data protection.  </p> <p>The principles of this agreement were developed between 1998 and 2000, with the European Commission rubber stamping the agreement in July 2000.</p> <p>This allowed EEA businesses to export data to the US with a clean conscience. It also allows US companies to process data they have gathered on EU citizens.</p> <p>So what does a US data processor need to do to belong to this exclusive crowd of data protection stalwarts?</p> <p>It might go something like this:</p> <p><strong>US data processor:</strong>          </p> <blockquote> <p>Hey Buddy, I want to join the ‘Safe Harbor’ crowd.</p> </blockquote> <p><strong>Buddy:</strong>                          </p> <blockquote> <p>Ok, you’ve got to do something first.</p> </blockquote> <p><strong>US data processor:</strong>          </p> <blockquote> <p>Right. so what might that be then?</p> </blockquote> <p><strong>Buddy:      </strong>                    </p> <blockquote> <p>See these data protection principles? Just say you agree to them.</p> </blockquote> <p><strong>US data processor:  </strong>        </p> <blockquote> <p>Is that it?</p> </blockquote> <p><strong>Buddy:</strong>                          </p> <blockquote> <p>Yep.</p> </blockquote> <p><strong>US data processor:</strong>          </p> <blockquote> <p>Ok... in that case, yes I agree, count me in!</p> </blockquote> <p>No promises, no guarantees...</p> <h3><strong>Lack of protection</strong></h3> <p>To add to the lack of substance in the 'Safe Harbor' the Court of European Justice has ruled that the agreement is invalid due to other more fundamental reasons.</p> <p>This is because, to paraphrase the court's ruling, the US authorities’ wide ranging powers of interference and surveillance and the absence of any administrative or judicial means of redress compromise individuals’ fundamental rights to respect for private life and to effective judicial protection.  </p> <p>That suggests, that not only is EU citizens' data unsafe in the US, but US citizens are no better protected either.</p> <p>The UK Information Commissioner’s Office (ICO) has already issued a statement saying that negotiations on an updated Safe Harbor are already in an advanced stage.</p> <p>However, seeing that the Court of European Justice ruling cites a disagreement with what is a key US security policy, this process is likely to go on for some time. For now, Safe Harbor is finished.</p> <h3>What actions to take now!</h3> <p>Does this mean the end of data transfers and processing across the pond? What happens now?</p> <p>Well, apparently you don’t need to panic, because there are a number of options available for organisations that rely on transferring data to the US. Actions you could take now:</p> <ul> <li>Identify all of your personal data that goes to the US. This could be something like CRM systems or US-based service providers.</li> <li>Review the terms of the suppliers to see who relies on the Safe Harbor.</li> <li>See if you can make alternative arrangements, such as using the model contract clauses (available from the ICO website) or binding corporate rules if you are a global business.</li> </ul> <p>There are likely to be many more options and advice in the coming weeks, from organisations such as the Information Commissioner’s Office.</p> <p>Some service providers in the US have already issued new contracts including model contract clauses, which binds data protection on a contractual level.</p> <h3>What happens next?</h3> <p>At first glance, the demise of Safe Harbor will be little more than an inconvenience for many EU-based organisations.</p> <p>But, if you are a US service provider who relied on Safe Harbor to rubber stamp the gathering of EU citizens' data (such as social media platforms), things might not look so rosy.</p> <p>The only way of complying with the Data Protection Act would be to gain the specific and informed consent of the data subject.</p> <p>But, to be properly informed, the data subject would need to be told that their data was going to a country where the authorities’ wide ranging powers of interference and surveillance and the absence of any administrative or judicial means of redress, compromise individuals’ fundamental rights to respect for private life and to effective judicial protection. </p> <p>And if they were informed, would they consent? </p> <p>And considering the Court of European Justice ruling has questioned the data protection and security regime of the United States, then no contractual agreement will satisfy the EU data protection requirements.</p> <p>Nothing short of a complete revision of the US security regime regarding the surveillance of foreign citizens will satisfy the EU regulations.</p> <p>The EU regulations are formed on fundamental human rights, one of which is the right to a private life. That is not going to change, but it remains to be seen how far the US is prepared to compromise. </p> <p>The only certainty, is that the next few months will be very interesting.</p> tag:econsultancy.com,2008:BlogPost/66435 2015-05-12T09:15:00+01:00 2015-05-12T09:15:00+01:00 The state of online privacy Todd Ruback <p style="text-align: justify;">The speed at which new technologies have become embedded into our daily lives is amazing. Within the past five years, I’ve gone from defaulting to my laptop to my phone, and now within my phone my entry point to information is through apps. </p> <p style="text-align: justify;">What many of us don’t fully realise is that <strong>apps, just like websites, collect data on our behaviour.</strong> Apps can collect location data about where we are, as well as what apps we use and how we use them. </p> <p style="text-align: justify;">This is valuable information to apps, as it not only helps them understand and improve how they are being used, but also because digital marketing’s fastest growth segment is app based.</p> <p>While all of this is happening, laws such as the EC’s Data Protection Framework and the ePrivacy Directive – what some call the <a href="https://econsultancy.com/blog/65366-the-eu-cookie-law-what-has-it-done-for-us">'cookie law'</a> – are struggling to be relevant, and naturally so. </p> <p>They were passed in a different age, when we used desktops or laptops and smart phones were a futuristic notion. Legislation, though, is trying to catch up.</p> <p> In the EU, the Data Protection Framework, after a long process, will soon be overhauled into a pan-European Regulation, having the effect of a unified data protection law that will help to create a single EU digital economy. </p> <p>The aspiration is that such a pan-European law will lessen compliance burdens on companies and allow the cross-border flow of data to be frictionless, thus creating the foundation in the EU for companies to develop new technologies and industries. </p> <p>By creating a condition for innovation, there can be greater prosperity: more jobs, money, and tax revenue. </p> <p>That’s the theory at least. But it’s all predicated on one simple notion: that new technologies and their uses, in order to pass regulatory muster, must not ignore well established privacy principles such as a right to notice, consent, access to data, and the ability to withdraw consent, to name a few. And this is where it gets tricky. </p> <p>Well-established <a href="https://econsultancy.com/blog/64742-privacy-how-much-personal-data-are-we-willing-to-share">privacy principles</a>, because they were created in a different era, are difficult to implement technologically in a fast-changing digital age. </p> <p>Although the principles are timeless, there is not often a tool that enables companies to comply with them, thus the notion of notice and consent within the context of an ever-changing digital environment becomes a central pillar.</p> <p>A stand-alone law in the EU, the ePrivacy Directive, provides a great roadmap for us to follow. This law, also long in the tooth, was flexibly written to be technologically neutral and therefore can be extended into apps and even beyond.  </p> <p>While its original purpose was to require websites to give notice and obtain consent where tracking technologies are deployed, regulators have been quietly giving guidance that the law applies equally to apps. </p> <p>Thus, any sort of data collection in an app triggers the notice and consent requirements of the ePrivacy Directive. It’s only a matter of time before one of the EU regulators steps up and enforces the law against apps.</p> <p>The magic of the notion of notice and consent, seemingly self-evident, is that it creates trust, and not in an amorphous way. </p> <p>Consumers have been quite clear that <strong>the more transparent an organisation is about its digital practices and the more control it gives to the individual, the higher the level of consumer trust.</strong> </p> <p>And where there is trust, a company has a solid foundation with its customers and will be able to extend new services and products, and it will sell more.</p> <p>It’s important that companies, apps included, get the notion of notice and consent right because shortly the digital landscape will go through yet more change, change that is difficult to imagine from where we sit. </p> <p>I have spoken widely that we are on the threshold of the post-internet age, where we are about to morph from a world of 2bn smart phones to 50bn connected devices as part of the Internet of Things, all of which will be collecting data for some reason or another. </p> <p>We will see yet another round of laws struggling to keep up and needing to be updated, but what the before and after will have in common is the notion of transparency or notice and consent. Its not fully clear how notice and consent will be delivered in the world of tomorrow. </p> <p>What is clear is that, as well-established privacy principles, they will still be relevant and still be required.</p>