With the upcoming new Data Protection Act (DPA) in September 2023, the digital world is facing an exciting challenge.
Organizations, companies or individuals who operate a website are now confronted with all kinds of questions: How must the cookie banner now be set? What data may still be collected and from what point on? How transparent must one communicate? Which tools for collecting data are allowed to be used?
As an agency that deals with these issues on a daily basis, we have built up an excellent network over the years, which we brought together on Thursday, June 15 at Technopark Zurich. Not only were there presentations from different perspectives, but also the opportunity to exchange ideas with others over an aperitif.
Innovation and differentiation through the DSG
After a short welcome by the moderator Dan Fuhrimann, the founder of MD Systems, Miro Dietiker, started with an introductory presentation.
With his presentation "From DSGVO insanity to strong positioning with Swiss data protection", he described the path from the introduction of the General Data Protection Regulation (GDPR) in May 2018, which led from excessive use of cookie banners to class action lawsuits to short-circuiting and uncertainty, to the imminent introduction of the DSG in Switzerland.
He then showed how we can see the Data Protection Act as an opportunity for innovation and differentiation and not as an impediment.
"Data protection is a need of all website visitors. Let's find the way back to trust and transparency together and thus create the basis for future success!"
The presentation by Dr. Kathrin Schmid, Chief Happiness Officer at Friendly, built on these insights and used the example of web analytics to show what concrete possibilities there are to collect meaningful data without violating data protection laws. In addition to switching to an alternative to Google Analytics such as Matomo (open source), which is offered by Friendly as software as a service, it may also be sufficient to make adjustments to the existing tools in use.
"For most of the key figures that website operators want to analyze, no personal data is necessary. Switching to anonymized data is the easiest and often most sensible option!"
Patrick Boest, Solutions Architect at Platform.sh, then provided an insight into Platform.sh's global and local development strategy.
Their approach is: "GDPR everywhere".
"For our Platform as a Service solution, we proactively apply the principles of the GDPR to all personal data, regardless of its origin, setting a high standard for privacy protection."
In addition, this leads to a lower potential for data protection gaps and also to fewer country-specific adjustments, because only the deviations from the GDPR in the individual countries need to be applied and not a separate solution for each country.
Data collector vs. privacy defender
After a short break, the event continued with a more interactive part, a "data auction" led by cyberethicist Chris Buehler. The auction worked like this: All participants received either one vote for companies or one vote for individuals. Subsequently, one could bid for data categories such as email address, voice profile, amount of income, a personal sex video and likes on social media. What personal data would you defend for a large amount?
The "individuals" bought the voice profile as well as the video at auction, the "companies" secured the email address, the income data as well as the likes. Voices from the audience then explained why a certain category was worth more or less to them. This gave an impression of the data categories where there is potential for conflict between data collectors and privacy defenders, but also where the tensions are perhaps smaller than expected.
"The value we give to certain data depends heavily on our own point of view. That can lead to tensions, but it also opens up room for negotiation."
Nicolas Zahn, Digital Trust Expert and Operations Manager of the Swiss Digital Initiative, then explained how trust in digital providers can have greater significance and ultimately also a competitive advantage. The Digital Trust Label aims to provide orientation and identify trustworthy services accordingly.
"We want to demonstrate - similar to the Bio-labels that have been around for a while - to the users that they are using a secure service, and in doing so we also help organizations build trust."
The various interesting presentations ended with a presentation by Gabriella Brändli Ortiz, Head of Digital Performance Marketing, and Manfred Ruf, Head of IT at UNICEF Switzerland and Liechtenstein. The children's fund was recently awarded the Digital Trust Label and was therefore able to report in detail on the specific measures that had to be taken and how the process worked.
"While certification has been a long, sometimes arduous process, we are confident that by building trust with our donors, we can achieve better conversion."
After some concluding words by Dan Fuhrimann, who with his energy and charisma radiated the same confidence as the various speakers, most of the participants exchanged views on what they had seen and heard at the subsequent aperitif.
We would like to take this opportunity to thank all the people involved in the organization and all the participants!
Special thanks to Platform.sh for the generous contribution to the aperitif!
In addition to Miro Dietiker's presentation, we will soon publish another exciting blog post.
Links to the presentations
Video & photos by Noah Leuenberger.
