GDPR is Official; New Cop on the Mobile Privacy Beat


GDPR is Official; New Cop on the Mobile Privacy Beat

  • May 4, 2016 - By Todd Ruback

Today there were two big privacy events to report.

Dear Friends,

First, the General Data Protection Regulation (GDPR) is now official, beginning the two year countdown to May 25, 2018 when this pan-European data protection law will become enforceable.  There is much work to be done and only 18,000 hours to do it, so it’s not too early to begin your GDPR assessment and budget planning. Click here if you want a great summary from Hogan Lovells on how to prepare.  While many organizations will have to create new internal privacy-centric processes, Ghostery is looking at how to help you with the GDPR’s heightened notice and consent requirements.  More to come on that.    

The other big privacy news is the release of the Online Interest-Based Advertising Accountability Program’s compliance decisions involving three apps, putting the industry and mobile companies on notice that the Digital Advertising Alliance Self-Regulatory Principles are now in full force in the mobile world.  These decisions are important since they explain to app publishers how to implement their notice and choice obligations when they work with third parties who are collecting data for interest based advertising on their apps.  The cases also deal with the sensitive data issues of precise location information and the collection of PII from children under thirteen.  I strongly urge all who are affected to review these decisions so you can implement the guidance that was so kindly provided. I know that these cases will also be discussed next week at the Accountability Program’s inaugural conference,Consumer Privacy and Digital Advertising Innovation, certainly to be an informative and worthwhile conference, and I would also recommend attending CARU’s annual conference at the same place, just the day before, which will focus upon children’s advertising.

In Ghostery news, be sure to check out this timely article I recently penned about the GDPR and Privacy Shield.  Also, we received a great shout out in Brand Republic’s piece listing four things marketers should do to prepare for the GDPR. Finally, if you would like to receive the Dispatch via email every week, please sign up here and please follow me on Twitter at @CPORuback, where you can get even more insight and information on privacy and security topics.

Finally, we're happy to report that we'll be at the DAA Summit next week. Details here

Until next week,

Todd Ruback, Chief Privacy & Security Officer & VP of Legal Affairs


  • Privacy
    Preparing for the Post-Internet Age

    Preparing for the Post-Internet Age

    Last week, as the U.S. prepared for Chinese President Xi Jinping’s state visit, ostensibly to focus upon cyber-espionage, among other things, the U.S. Office of Personnel Management disclosed that hackers who had previously stolen privacy centric information from the agency also stole fingerprint data on up to 5.6 million federal employees.

    While present use of biometric data is limited, some fear greater risk to the affected individuals as biometric information, such as fingerprints, become more commonly used as an access point as we move into the Post-Internet Age of connected sensors. 

See all

See all

Our Solutions