Legal
Compliance with spam laws is still a necessary thing, you know. And failing to follow the rules can get really, really expensive.A few weeks ago, the Australian Communications and Media Authority (ACMA), the Australian regulator of media and communications, announced that online gambling company Sportsbet will have to pay $2.5 million (AUD) in fines and that they have “committed to refund customers around $1.2 million (AUD)” to settle spam allegations.The ACMA investigation “found Sportsbet sent more than 150,000 marketing text messages and emails to over 37,000 consumers who had tried to unsubscribe. Sportsbet also sent over 3,000 marketing texts that had no unsubscribe function.”Read more about it here from the ACMA (and you can find the enforcement notices here).[ H/T: Highstakes DB ]
What’s meant by privacy policy? Why must each website have information that clearly illustrates how user data are collected, used, and managed. What are the penalties in case of failure to comply with the GDPR? Blog and website managers are becoming obsessed with GDPR compliance and the need to draft their own privacy policy. Now, why is it necessary to draft a document that clearly illustrates how data are collected and managed? Above all, what must it contain? Users happen to leave their personal data like names, surnames, and addresses on the Internet, along with many other pieces of information that identify them and track their web behavior. In recent years, the legislator has paid particular attention to behavioral data collection for profiling purposes by websites. Hence, their use is now allowed only after the user’s informed consent. The European Parliament has regulated the matter with the General Data Protection…
Google Analytics does not process personal data because IP addresses are anonymized During the legal management of third party analytical cookies (e.g. Google Analytics), you may have been reassured by IT personnel that the “masking” of IP addresses is applied, and therefore personal data is anonymized, enabling you to activate these cookies by default, without the user’s prior consent.In reality, when a site uses third party cookies, it is not enough to mask the IP (or adopt other tools that reduce the power of identification of the cookies): it is also necessary to enter into an agreement with the third party (e.g. Google) through which the latter contractually undertakes to use cookies exclusively for the provision of the service, and not to cross the information contained in them with that which is already at its disposal. If the third party is Google, you can find the appropriate data processing terms…
Data processed for profiling and marketing purposes must be deleted after 12 and 24 months respectively Among colleagues in our industry, there is a deeply rooted conviction that personal data processed for profiling and marketing purposes must be peremptorily erased 12 and 24 months after their registration, respectively. This conviction has its roots in the Italian Data Protection Authority’s “Loyalty Cards Measure” of 2005 : a measure that is still considered current, aimed at regulating certain aspects (including data retention times) related to the processing in the context of “loyalty” cards or cards that create a lasting relationship with customers for purchases and service provision.However, the above measure does not appear to be susceptible to application by analogy. Yet, many companies have understood these terms as mandatory for any processing carried out for marketing and profiling purposes, even outside the scope of “loyalty programs”. This is probably due to the…