** I know the assignment asks for a 9-12 slide presentation, but I was wondering if you could write the outline for the power point. Both the bullet points and author notes for each portion. I will do the PowerPoint presentation portion of the assignment. Thank you.
ASSIGNMENT:
You work for a small but exciting Internet of Things start-up company that develops fitness- and health-themed products for consumers. One of the latest products will be released sometime in the next year, tentatively named the Health Ring.
The Health Ring looks like a piece of jewelry. It is worn on a finger, just like any other ring. Embedded in the material is an innovative set of tiny, non-invasive sensors that can measure information about the person who wears it. This includes their heart rate, blood pressure, blood-oxygen levels, temperature, and number of steps taken. The Health Ring also senses its geolocation. Users also provide additional biographical information through an app when they register for service—including, height, weight, gender, and age—as well as an email address.
Through the companion app, which will be available on smart phones and tablets, the Health Ring compiles all of the information it collects into a fitness and well-being report, which provides the user with a proprietary score of their overall health. The app can also be used to display workout histories on a map, such as running and biking routes. All of this information is stored in a cloud computing environment that is managed by the company, and the app pulls the information down to the user’s phone or tablet when they log in. In order to provide the fitness report, the company partners with another startup company that specializes in data analytics. The analytics startup designs and maintains the algorithms and manages the data storage on the backend for your company.
The company projects that the primary revenue streams will come from sales of the Health Ring and a subscription service that unlocks premium features in the app. In addition, the company thinks that the data could be sold or licensed to members of the medical community who conduct research on the impact of fitness on personal health. Although the company is based in the U.S., it plans to sell the Health Ring within E.U. member states.
Your assignment: The company is already familiar with the U.S. Federal Trade Commission’s approach to consumer privacy, and it estimates its practices are compliant (based on the FTC’s unfair and deceptive trade practices authorities). However, it knows little about the E.U.’s approach to consumer privacy.
To help the company prepare for entering the European market, you are tasked with developing a brief slidedeck (approximately 9-12 slides, with accompanying notes explaining your rationale) to help introduce the company to the GDPR. Conduct internet research as needed, and take note of any relevant guidance issued by the European Data Protection Board. Pay special attention to GDPR Articles, 2, 4, 5, 6, 7, 9, 24, 25, 26, 28, and 30. Note that some of these articles were not assigned as part of the readings – you can find them online.
Use your judgment to focus on the aspects of the GDPR that are most important at this stage for the company. At a minimum, your slides should address the following questions:
• How does the GDPR differ from what the U.S. FTC requires under its UDAP authorities? Is meeting the FTC’s privacy “standards” sufficient to meet the GDPR’s requirements? How would you describe the similarities and differences?
• Would the Health Ring be subject to the GDPR? What specific characteristics about the product inform your reasoning?
• Based on the information provided about the Health Ring, what kinds of transparency disclosures are needed? How specific do they need to be?
• What basis for lawful processing should the company rely upon? Roughly speaking, how would you recommend the company go about this?
• What requirements, if any, does the company’s partnership with the startup analytics company trigger under the GDPR?
• If the company decides to sell or license information to medical researchers, what, if anything might that require under the GDPR?
• What, if any, changes might the GDPR require for a company’s internal operations, in terms of documentation and oversight?
• Is there any additional advice you would offer to the company about how to approach GDPR compliance?
N.B. – For purposes of this assignment, you can assume that no data from the Healthy Ring devices sold in Europe will be transmitted or processed outside of E.U. member states.