Published 2018-04-25

Meet Ingvild Næss: Schibsted´s Chief Privacy Officer

Schibsted has an important role in society. We are committed to being a trusted digital partner, contributing to best practices within data privacy and security.

Meet our Chief Privacy Officer, Ingvild and hear how Schibsted works to protect your data, as well as what regulations such as GDPR mean to you as a user.

Read the full interview below.

What does a “Chief Privacy Officer” in Schibsted work with?

“My role is to oversee the development and implementation of policies designed to protect personal data in line with our customers´expectations and legal requirements. It is important for my team to work closely with our businesses across all of Schibsted, making sure that we have a comprehensive and current expertise of both corporate operations and privacy laws.”

What does data privacy mean for me as a user of Schibsted services?

“We live in a continuously developing data-driven society. The development of smarter services, homes and cities, also means that users of these services contribute with personal data to make your daily activities easier. Within this development, we as a company play a central role. Schibsted has an important commitment to protect your privacy. We believe in being open and transparent on how we collect and use data, and in this regard we have an important responsibility in creating intuitive and seamless solutions that empower our customers when it comes to both understanding and controlling usage of their data.”

Can I trust that Schibsted manages data about me in a safe manner?

“It is our most important responsibility to manage data in a safe, user-friendly and responsible way. We use data to continuously offer the best digital services for our customers. We continuously review measures and practices to ensure that data is handled in accordance with our users´ expectations, applicable laws and work close with peers, data privacy experts and regulators in all our markets.”

“It is a complex area where the details really matter. What we should do and our users expectations vary hugely between different kinds of data and for which purposes we use it. Take retention time for data as an example. The need and our users´expectations for how long we store data varies widely, from data that users expect us to have as long as they have an active relationship to us, like ads the user has in his/her archive on one of our marketplaces, to data about the users clicks on the other side that will be stored for short time. We have extensive routines in place and continuously work to improve to get the details right.”

Does Schibsted sell data about me to third parties?

“Schibsted does not sell information about our users to third parties. We sell segmented ads. Let´s say that you leave data traces on one of our web pages, e.g. by clicking on something. It is only you and Schibsted who knows this. This is not data that we sell to third parties. But what we do is to use this data – to build aggregated groups, or segments of users. This can typically be users located in a specific city, male/female, interested in cars etc. The overall goal with this is offering relevant products and services. Which means better relevancy for all parties; the users and the advertisers.“

Can I control if my data is included in «aggregated» data, and sold to i.e advertisers?

“We are rolling out efficient options for users to control this, and the ability to turn off use of data for aggregated target groups, across Schibsted companies. In relation to this it is important to underline that the advertisers never know which users who see an ad, i.e. who they are. The advertisers only have access to aggregated numbers and campaign reports. And, by turning off the possibility to being part of segmented groups, offers can also be less relevant for you as a user”.

What is GDPR and what does it mean for me as a private person?

“The General Data Protection Regulation (GDPR ) is an EU regulation with the aim of ensuring data protection and privacy for all individuals within the European Union and European Economic Area. GDPR will apply to all companies handling data about you as an European citizen, regardless of where the companies are established; Europe, USA or elsewhere in the world. We look forward to the official launch of GDPR in May and are well prepared. I would say a pillar in GDPR is user empowerment. This is a well established value for Schibsted. GDPR sets forth that each user owns her/his own data and gives users rights in that respect; to information, to control options, to access to data and to deletion of data etc. This is empowering users.”

Does that mean I can control usage of my own data?

“Yes you can. This is a key element of the GDPR. Also, we see that more and more users are focused on this right. We see a potential for having engaging dialogues with our users around their digital self; where we help them understand who they are online, and provide control options.”

How will GDPR affect society as a whole?

“GDPR will help ensure standards as to how companies, including Schibsted, manages data privacy. A good example is the transparency requirement, that makes all companies handling data, ensure a thorough assessment of what kind of third parties they want to have a relationship with. As I see it, we in Schibsted have a clear advantage in the fact that we have direct relationships with the end users. Which means we can have a direct dialogue when creating customer-friendly and relevant solutions.”

Can I delete all data that Schibsted has on me today?

“Yes you can. You can send an email to the company in question or to We are also working with automated solutions that will make it easier to control/delete data for our customers.”

Will deleting my data affect my user experience of Schibsted services?

“Yes, it may. We use data to provide more relevant services to you as a user. For example we use data to customize content and suggest articles based on a user group (not individuals) previously read, and to show that group relevant local news, offers, or weather forecasts. Just the same way we are used to getting recommendations based on data from other user-centric services.  Data is also important in delivering and measuring ads that are relevant.”

What are your best tips for keeping my data safe when using non-Schibsted apps and services, both locally and internationally?

“I think number one for me is: password! Or let me correct myself. Just forget password – think passphrase. You need to pick a totally meaningless sentence and do some tweaks on it, so that you can generate a stronger password from it every time. Another one is wireless networks. Beware of using open wifi in public places. At least what I try to do is make sure that the sites I interact with uses HTTPS rather than unencrypted HTTP connections. And luckily so many of our sites are on HTTPS now. Finally, it´s all a question of trust. You share your data with companies you trust.”