1. Transparency: You need to disclose clearly the scope of personal data processing, including the purposes for which data is processed and the sources for personalized advertising. And the disclosures must be very specific, organized, and available without clicking through several links. For example, you need to tell users how long you will store their data, not just tell them how you decide whether to destroy it. A failure of transparency can be used, as by the CNIL, to justify the maximum fine.
2. Clear, Affirmative, Granular Consent: The legal basis will be consent, so you need a specific, unambiguous, granular, affirmative consent to each of the processing activities that you have transparently disclosed. Your page describing targeted advertising will mention each of the services and products included in each granular consent for each processing activity! And no pre-ticked boxes in consents! And if you thought that unticking the basic “I accept” box and then sending the unticked to “More Options” (in which a pre-ticked box or two may or may not reside), think again!
3. EU Control: Here’s a good one for the lamp: To have your lead DPA recognized as such, it has to have decision-making power over your company’s product and service development relating to the user experience and processing of personal data.
Disclaimer
While we are pleased to have you contact us by telephone, surface mail, electronic mail, or by facsimile transmission, contacting Kilpatrick Townsend & Stockton LLP or any of its attorneys does not create an attorney-client relationship. The formation of an attorney-client relationship requires consideration of multiple factors, including possible conflicts of interest. An attorney-client relationship is formed only when both you and the Firm have agreed to proceed with a defined engagement.
DO NOT CONVEY TO US ANY INFORMATION YOU REGARD AS CONFIDENTIAL UNTIL A FORMAL CLIENT-ATTORNEY RELATIONSHIP HAS BEEN ESTABLISHED.
If you do convey information, you recognize that we may review and disclose the information, and you agree that even if you regard the information as highly confidential and even if it is transmitted in a good faith effort to retain us, such a review does not preclude us from representing another client directly adverse to you, even in a matter where that information could be used against you.
