5 questions to Geddy Van Elburg on Digital Analytics and the EU Directive on Data Protection

Wednesday, March 27, 2013   (0 Comments)
Posted by: Anne Powell


The DAA (Digital Analytics Association) has produced a new white paper that provides a comprehensive overview of the key differences on privacy issues between the US and European countries. The white paper was authored by Geddy van Elburg, formerly co-chair of the DAA EU Special Interest Group and CEO of Ionmoon, Netherlands. Geddy shares some insights of the white paper as well as her vision on privacy compliance in the interview below.

Nicolas Malo: Hello Geddy, congratulations for making possible the publishing of the "DAA SIGEU White Paper on privacy compliance" ! To start with, could you please explain what is the DAA SIGEU and what are the objectives of this white paper?

Geddy Van Elburg: The DAA SIGEU was a group within the DAA ( Digital Analytics Association) which tried to organize the digital analysts in Europe. I must say was, because last week Matthias and I resigned as co-chairs of the SIGEU. In the next few weeks a SIG Privacy will be launched. This was necessary as Privacy is not only a European concern, but is becoming a global topic in our industry.

As on the whitepaper: Politicians, journalists and pro-privacy lobby groups know a lot about privacy, but translating this towards the Internet is another matter. Within companies there is a great lack of understanding the need and impact of the privacy laws. Especially as the EU directive lead to 27 different privacy laws, education towards international businesses is needed. In 2015 we face a EU regulation, which will replace the directive. At that moment the EU countries will have just one data protection law. Penalties of non compliance will be up towards 2% of your yearly global revenue. The whitepaper tries to provide some insights in why these laws are made and how analysts and businesses should treat their clients and visitors on this topic. The whitepaper will be renewed whenever this might become necessary. That is also a main reason to have a SIG on Privacy.

Nicolas Malo: What is exactly the "cookie law" and why is it important for the Digital Analytics industry?

Geddy Van Elburg: The "cookie law” is just a popular name of the privacy laws or actually data protection laws, which are made by the different governments in the EU countries. These are based on the EU directive on Data protection. In most countries you won’t find the word cookie in the law. At this moment the 27 different laws are dealing with the online privacy of EU citizens. What is allowed and what not. In most countries the focus on implementation and compliance is what to put on the website. Do we need an optin or an opt-out, do we just mention we use cookies, which kind of pop-up should we use. Every country treats the use of cookies differently. A GA cookie is seen as a necessary and harmless cookie in some countries while other countries ask explicit consent to place a GA cookie. The whitepaper shows some of the effects on the implicit or explicit consent on GA cookies. How this it affects companies and organisations.

Nicolas Malo: How could Digital Analysts ensure that their organizations are compliant with this law?

Geddy Van Elburg: First of all it is important to realise this data protection law is not going away. As an analyst you have to know everything there is to know about this topic. It is as important as to know what a pageview is, or a visit. it is part of your job to know this. We can’t leave this towards layers without knowledge of internet. We have to know what is allowed and what not. We know what database analysis can do, what a cookie can and can’t do. So we can understand the reach of the data protection law into our organsations. I strongly believe we should embrace a code of ethics. Education and certification will be the next steps to take. Our profession will mature and with this maturity there comes a responsibility. This is already the case in other professions.

Nicolas Malo: What is the position of the DAA SIGEU in regards to the "cookie law"?

Geddy Van Elburg: Just be compliant towards the law. As the DAA is a global organisation and data protection and privacy are treated differently in Europe and the US there is no official position on privacy. By starting a SIG on Privacy the DAA takes its responsibility by taking the topic serious and education on data protection will grow. Data protection plays a different role in the US. But also US companies who are active in Europe will face penalties when they do not comply. Last week Senator Rockefeller asked stricter regulation in the US on data protection ( on the DoNotTrack) as he does not see any improvement when this is left towards self regulation of the industry. So it will only be a matter of time, businesses in the US need to think more about privacy issues.

Nicolas Malo: What is the foreseeable future of the law in the EU?

Geddy Van Elburg: The upcoming EU regulation on data protection will be about protecting privacy of EU citizens. The law is not only about some cookies, but is also treating the issues of databases. Data portability, the right to be forgotten,how to treat data of people. In the whitepaper you can find some of the topics on this. But this is just a start. At this moment we expect the EU parliament will talk about this new law in April. When the EU regulation will pass EU Parliament it is expected to become active in 2015. So analysts and businesses alike will have plenty of time to educate and prepare themselves to be compliant. Analysts will have to educate their organisations, so we need to prepare ourselves and be ready to face this enormous challenge. I already saw some job openings of big international enterprises who are preparing themselves and asked for lawyer/analysts to prepare the organisation on this challenge.