Professional Documents
Culture Documents
Legal Issues in Marketing: Personal Data
Legal Issues in Marketing: Personal Data
Ability to collect, store and analyze a mass of personal data The profiles could be wrong Racial and ethnic origin, religious or political convictions or
opinions, adhesion to parties, health status, sexual life
The profiles may reveal some details that individuals prefer to hide
Sensitive data
Features, characteristics, habits, lifestyle, personal relationships, health, economic condition
More recently Biometric data Fingerprints, topography of the hand, characteristic of handwritten signature Processed lawfully, fairly and in transparent manner
Online data IP or email address, cookies Collected for specified, explicit and legitimate
Omnibus approach (EU) purposes and not further processed
Developed in the late 1970s by the US Federal Trade Commission (FTC)
Adequate, relevant and limited
Fair Information Practice Principles In response to the growing use of automated data systems Data minimization and purpose of limitation
Personal data shall be to what is necessary
(FIPPs)
Substantive principles (purpose of limitation and data quality)
Kept in a form that permits identification for no longer than necessary
Mixture of
Served as foundation for self From Directive 95/46 to Regulation 2016/279 -> Mandatory, free, specific, informed
Procedural principles (consent and access) Accurate and up to date
regulation initiatives and laws General Data Protection Regulation (GDPR) Consent is any freely given, specific, informed an Tacit or presumed consent is not
Born on the basis of FIPPs Processed in a manner that ensures security
unambiguous indication in which the DS agrees allowed (Ex: pre checked boxes)
of PD, integrity and confidentiality
OECD Privacy Guidelines of 1980 Recommended that OECD members consider these principles in internal legislation to the processing of PD (by statement or clear
Revocable, unequivocal (inaction is not
Article 8 of EU Charter of Fundamental Rights Protection of personal data The data subject has given affirmative action)
Do not have a binding nature, only provide a rough outline Either express consent or implied by a contract consent), explicit, demonstrable, valid from 16
consent for specific purposes
years onward (or parental consent)
Main rules For compliance with a legal obligation the controller is subject
Both use international Accountability Every member has one, it can check complaints, forbid non compliant behaviors, promote
What about national laws?
principles but differently codes of conduct, carry out controls on the DPIA, enforce sanctions
Supervisory Authority that develops rules in data
Many and different rules for different
Sectoral approach (USA) processing and enforces compliance One stop shop principle and Lead Supervisory Authority
industrial and business sectors
GDPR novelties Supervisory Authorities now can apply sanctions and the fines
increased (up to 20 million euros, up to 4% of yearly sales)