Just after a few months since the European Parliament approved the final version of the new General Data Protection Regulation (GDPR), the European Commission is working on updating yet another set of privacy rules. The European Commission published a new text that, when approved, will replace the current ePrivacy Directive: the EU law that ensures confidentiality of communication and the protection of personal data in the electronic communications sector.
While the Commission plans to complete the reform process quickly enough to allow the new law to come into force in May 2018 together with the GDPR, the road ahead is long and tortuous. In fact, both the EU Councils of Ministers and the EU Parliament must agree and approve the final text.
While EU policy makers aspire to finalize a new version of the ePrivacy Directive that goes hand-in-hand with the GDPR, it’s a task for all companies to update their processes, technology, workforce's expertise, and oversight mechaninsms to comply with both sets of rules. To meet compliance requirements consistently and without redundancies, it’s crucial that firms understand what’s changing and how ahead of time. According to the proposed text, the new ePrivacy law will:
Forrester’s Consumer Privacy Segmentation defines four groups of consumers based on their attention to privacy policies and practices, as well as behaviors around safeguarding data, willingness to share personal information, level of trust in a firm's data practices, and overall tech-savviness. In the Age of the Customer, this framework helps firms understand their customers’ privacy behaviors and attitudes to ensure that they’re not jeopardizing customer trust.
To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
Countries continue moving toward the EU standard for data protection. New legislation outside of the EU often follows the EU’s lead by adopting provisions similar to those in the existing Directive 95/46/EC regulation. The slow global convergence toward the requirements outlined in the regulation continued through 2016. For example, Argentina and Japan strengthened pre-existing policies, while Nigeria passed its first comprehensive cybercrime legislation. Japan also established an independent regulatory body (“Privacy Protection Commission”) that oversees privacy issues—a requirement of both the current Directive and the superseding European General Data Protection Regulation (GDPR).
Businesses can obtain major benefits — including better customer experiences and operational excellence — from the internet of things (IoT) by extracting insights from connected objects and delivering feature-rich connected products.
The mobile mind shift requires businesses to proactively support these IoT benefits for nonstationary connected objects that exist as part of IoT solutions. In particular, the IoT forces businesses to acquaint themselves with the implications of mobility in the IoT context for connectivity, security, compliance with privacy and other regulations, and data management for mobility. This means that:
Mobile technologies are central to most IoT solutions. To date, technology managers have mostly focused on enterprise mobility management (EMM) as part of their mobile activities. This narrow focus is insufficient for IoT solutions.
Mobile IoT is not a technology revolution but a fundamental business process transformation. Mobility requires managers not only to deploy mobile technologies but also to exploit them to support specific business process requirements.
Mobile technologies set the framework for IoT solutions. Mobile has distinct implications for aspects like broadband availability, data management, security, and local data compliance. Ignoring these will undermine your IoT initiatives and return on investment.
My new report, Mobilize The Internet Of Things, provides advice and insights for businesses on addressing these mobile challenges in the context of planning for and implementing IoT solutions.
More than four years after the European Union started its journey toward new privacy rules, the EU Parliament adopted the final text of the new EU General Data Protection Regulation (GDPR) last week. The EU will complete the long and controversial process that led to the new rules next month, publishing the Regulation in the Official Journal of the European Union, but no changes can be made at this point. This leaves businesses with a two-year period in which to get ready for its implementation. Some EU countries, like France, will implement the new rules before 2018.
As a security and risk professional, you must start working now to assess what the new rules mean for your organization and make the necessary changes to technology, processes, and people. As you approach the task, keep in mind that the GDPR introduces important changes, such as:
Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study.
Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.
Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm.
And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.
Now that we’re firmly settled in the Age of the Customer, it’s time to take stock of the factors that are really going to drive business success -- or failure -- over the next few years. At Forrester, we’re betting our hats that privacy will be one a big one. In fact, we think that privacy is integral to each one of the 10 success factors in 2016.
I'm just back from two weeks in Hong Kong, where I'd been invited to give a keynote at the 10th anniversary conference of the Business Information Industry Association. Since I was there, I took the time to meet with some fantastic Forrester clients in industries ranging from travel to insurance to retail to consulting. In nearly every discussion, whether I was speaking to a BT or a marketing exec, we eventually got to the topic of the "privacy-personalization paradox."
This is an issue I've explored extensively, and have written about before. It's a challenge that marketers in the US dabble with when they're considering investments in tools like retail beacons and cross-device identity resolution. But it was enlightening to hear about the challenges that firms in APAC face: antiquated privacy laws, a dearth of third-party consumer data, and even the incredible difficulty of compiling a single customer view across their own first party data. Interestingly, though, the solution in both markets is similar: preference management.
Unless you're in a regulated industry, or headquartered in the European Union, chances are that your privacy organization has been limited to one or two lawyers, and maybe a data security expert. This small group has probably been tasked with making sure the firm is in compliance with local laws, and with writing and managing onerous and impenetrable consumer-facing privacy policies. In other words, these teams have worked to keep the company out of legal trouble.
But data privacy, collection, and use practices are becoming more visible, to regulators, to media and ultimately to individuals. And as a result, firms need a different kind of privacy organization to meet the need for transparency head-on.
So tell us, has your privacy organization changed in the past few years? Are you staffing it with new skillsets? Creating more dotted lines to teams like marketing, product development, etc? Changing from a compliance-focused organization to one poised to capitalize on privacy as a market differentiator?
If so, my colleagues, Heidi Shey, Enza Iannopollo and I would love to hear from you for current research we're working on. Reply here, or email email@example.com, and THANKS!
Trust is the most critical component to develop and maintain a healthy brand. Customers are more likely to trust experts, friends and relatives than marketing campaigns. That’s why it matters to deliver the experience you promise and to build a trusted community around your brand.
As marketers will need to use more personal data to power mobile and contextual experiences, we expect consumer distrust for brands to increase
No matter how quickly wearables and connected objects emerge in the next 10 years, mobility has already introduced a paradigm shift: the ability to collect and use data about individuals in the physical world. Mobility will change the nature of the data marketers can use and act upon. Data collected via mobile will be much more sensitive, more personal and more contextual. Via sensors on wearables or smartphones, marketers will access data on our bodies and our whereabouts in real-time. This represents a huge opportunity for marketers to power better marketing across all channels not just mobile. Mobile and connected objects will not only change the nature of the data marketers can access, it will also bring privacy concerns to the physical space and it risks breaking anonymization.
Together with my colleague Fatemeh Khatibloo, co-author of the report, we digged into our Technographics data to better understand consumers’ perceptions on mobile privacy. We also conducted many interviews to discuss with marketers, vendors, and regulators how they approach mobile data and privacy. Here below are a couple of facts we learnt: