GDPR is Coming: If Your Business is Online, Beware the New EU Privacy Regulation

Posted by:

If you sell or offer goods to EU residents, even from the U.S., it is now necessary to re-examine your data processing and privacy procedures. There is a new EU privacy law that will go into effect on May 25, 2018, with significant penalties for violations. The EU General Data Protection Regulation, or “GDPR,” covers any website, including a U.S.-based website, selling to EU residents and processing personal data of those EU residents.  Here are some basic questions and issues to address concerning your online presence:

Do you collect, store, or use Personal Data? You are subject to this regulation if your website collects, organizes, stores, disseminates, uses or otherwise processes personal data of EU residents, regardless of where your website keeps or uses such information.

“Personal Data” will likely be broadly interpreted. The GDPR defines “Personal Data” very broadly to include any information that can be used to identify an individual. This can include all sorts of data, like names, e-mail addresses, office addresses, and even IP addresses.

Can your users easily revoke consent? The GDPR takes consent seriously. The GDPR requires you to demonstrate consent was “freely given, specific, informed and unambiguous” by a “clear affirmative action” on the part of the user for the processing of personal data. When you ask for the user’s consent, you must articulate “specified, explicit, and legitimate purposes” for processing the data. Limit the data you collect to what is necessary to achieve these articulated purposes. Be extra careful if you are collecting sensitive personal data – the GDPR raises the bar for obtaining consent to process “special categories of personal data.” And make sure it is as easy for the user to withdraw consent as it is to give consent.

Can you respond quickly and effectively when the user exercises rights under the GDPR? The GDPR grants users, or “data subjects,” quite a few rights, including but not limited to knowing where and why you are taking the data and anything that happens to it, objecting to its collection or use, obtaining a copy of it, correcting or erasing it, or restricting its use. Make sure you have procedures in place to respond appropriately in the event a user exercises rights under the GDPR.

Penalties for failure to comply can be steep. Failure to comply with the GDPR can expose companies to administrative fines of up to 20 million Euros or 4% of the total worldwide annual turnover of an “undertaking” of the preceding financial year, whichever is greater. Even if you use vendors to process your data, you are still responsible for monitoring compliance. You are required to “implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”

The EU GDPR is a minefield of regulatory requirements that require a close examination of your data processing and privacy procedures. Some companies, such as Microsoft, are implementing a single system worldwide to comply with the EU’s requirements, effectively granting greater-than-required  rights to non-EU residents.  There will likely be considerable uncertainty and confusion as the GDPR requirements are implemented and enforcement begins.  Contact Conkle, Kremer & Engel to help bring your data processing and privacy procedures into compliance.

0

The Conkle Firm and Social Media Influencers at Beautycon LA 2017

Posted by:

On August 13, 2017, Conkle, Kremer & Engel attorneys Amanda Washton, Desiree Ho, Aleen Tomassian, Heather Laird and paralegal Chelsea Clark attended Beautycon in Los Angeles, both to assist clients and to observe first-hand the latest trends in the beauty industry. In addition to the thousands of youthful fans and future beauty marketing gurus in attendance, more than 100 brands and over 70 “creators” were featured at the two-day festival.

An annual gathering, Beautycon serves as a space for beauty industry participants to interact with young fans. As the popular beauty ideal moves away from the conventional toward one that is more inclusive and identity based, with the help of a talented team of influencers Beautycon advocated for authenticity – a sentiment to which all attendees could relate.

Beautycon heavily emphasized the growing trend of using social media influencers and celebrity endorsements to connect with consumers.  In exchange for a prized “like” on Instagram, many vendors gifted product samples or even full product lines.  Beautycon exemplified the partnerships that are possible between beauty businesses and social media influencers.  There were plenty of celebrities, “exclusives” and photo-ready backdrops on hand for influencers’ selfies and videos.  There were a number of forward-thinking panels on social media topics, including using beauty-oriented social media platforms to deliver positive self-esteem and diversity messages.  Beautycon demonstrated that connecting brands with social media influencers is rapidly becoming vital to the success of emerging beauty businesses.

For businesses, working with social media influencers involves a host of practical and legal issues and considerations.  Areas of concern can include contracts, copyrights, trademarks, privacy, rights of publicity, false advertising claims, regulatory issues and even trade libel and defamation, among other issues.  With continually evolving social media platforms and issues, it is essential that cosmetics and personal care products companies fully consider the implications of both their social media activities and those of the influencers they seek to help them promote their brands.  CK&E attorneys are excited to participate in dynamic events like Beautycon to help their beauty industry clients meet their needs in the shifting landscape of social media.  (And as the photos show, it doesn’t hurt to partake in a little of the fun, either.)

0