Is privacy still the cost of FREE? by Anthony Main

Transcript

1. Is privacy still the cost of FREE? Anthony Main

2. Key Privacy Event Timeline March 2018 Cambridge Analytica Exposed May

   2018 (2020) GDPR (UK GDPR) May 2018 Apple‘s SKAdNetwork (SKAN) Jan 2020 CCPA (California's GDPR) Dec 2020 iOS Nutrition Labels April 2021 Apples App Tracking Transparency (ATT) June 2022 iOS Account Deletion Nov 2022 Berners-Lee Vision for Web 3.0 Dec 2023 Android Data Deletion Questions 2023+ Chrome Privacy Sandbox Q2 2024 iOS Privacy Manifests Q3 2024 Android Privacy Sandbox

3. Alphabet Soup • May 2018 EU GDPR (EU) • Jan

   2020 UK GDPR (UK) • Jan 2020 CCPA (California) • Sept 2020 LGPD (Brazil) • Sept 2020 FADP (Switzerland) • Feb 2021 PDPA (Singapore) • March 2021 VCDPA (Virginia) • July 2021 POPIA (South Africa) • Sept 2021 PDPL (Saudi Arabia) • Nov 2021 PIPL (China) • April 2022 APPI (Japan) • July 2023 CTDPA (Connecticut) • Dec 2023 UCPA (Utah) • TBC CPPA (Canada) • ….so many more! DLA Piper Oct 2023 https:/ /www.dlapiperdataprotection.com/

4. Common Principles • Lawful and Fair Processing • Purpose Limitation

   • Data Minimization • Accuracy • Storage Limitation • Security • Individual Rights • Accountability • Cross-Border Data Transfers • Territorial scope ◦ Where the business is ran from ◦ Where the data is processed (and by who) ◦ Where the user is based etc

5. Isn’t PII 3.141? Sensitive PII • Full name • Social

   Security Number • Driver’s license • Mailing address • Credit card information • Passport information • Financial information • Medical records (PHI) • Biometrics • IP address (fixed) • MAC address • Username/Password • Email address • Cookies Non-sensitive PII • Zip code • Race • Gender • Date of birth • Place of birth • Religion • IP address (shared) • Social media handles • User Agent • Search History • Shopping Basket Contents • Geolocation (accuracy?)

6. Marketing (MMP) Apple App Store Google Play GAID/Referrer Installed App

   1st Party API 3rd Party SDKs/APIs Backend Data Stores Server Logs IDFA/SKAdNetwork

7. Probabilistic Data AKA Fingerprinting (officially a swear word in 2023)

   • Referral URL • IP address • Handset Info • OS and version • Device carrier • Language settings • User Preferences • Time zone • Plugins or fonts • Memory/disk size/space

8. Deterministic Data • Apple IFDA • Google GAID • Referral

   Sources • Other UTM Parameters • Other cookies ◦ Meta Pixel ◦ Google Tag Manager • 1st Party Data https:/ /thedistance.co.uk?utm_source=linkedin&utm_medium=social &utm_campaign=q4utm_term=travel+app Medium Social Source LinkedIn Campaign Q4 Term Travel App

9. But it’s my 1st Party data! And I’ll track if

   I want to! Installed App Data Requests (GET/POST) 1st Party API Process all Requests Backend Database User Profile App Related Data Server Logs IP Address Request Headers User Agent

10. Apple Privacy Changes • SKAdNetwork (now v4) • App Tracking

    Transparency (ATT) • Privacy Nutrition Labels • Privacy Manifests ◦ What, Why, If (tracking), Who else • Required Reason API • Link Tracking Protection (no more url attribution) • No more fingerprinting! Dec 2020 iOS Nutrition Labels April 2021 Apples App Tracking Transparency (ATT) June 2022 iOS Account Deletion Q2 2024 iOS Privacy Manifests

11. Google Privacy Sandbox • Topics • Protected Audience • Attribution

    Others • Reduce SPAM and Fraud • Cross-Site boundaries • Federated Credentials • Sandboxed SDKs • No more fingerprinting Dec 2023 Android Data Deletion Questions 2023+ Chrome Privacy Sandbox Q3 2024 Android Privacy Sandbox

12. Seriously, theres more? Is it no beer o’clock? Europe •

    Transparency & Consent Framework (TCF) 2.2 • ePrivacy Directive • Digital Markets Act (DMA) USA • American Data Privacy Protection Act • HIPAA (for US health data) Globally • GPC - Global Privacy Control ◦ Mozilla, NYT, DuckDuckGo, Automatic ◦ Not supported by Apple or Google

13. Sorry!