Serious Privacy

Send us Fan MailOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal connect with Dr. Eric Cole, on the release of his new book today Cyber Crisis - Protecting Your Business from Real Threats in the Virtual World.  Fascinating insight, especially given the Colonial Pipeline incident recently, but a book that is not intended to be fairytales and happily-ever-afters. Dr. Cole holds a master’s degree in computer science from New York Institute of Technology and a doctorate from Pace University, with a concentration in information security. He was a CIA hacker, a member of the commission on cybersecurity for the forty-fourth president and is a member of several executive advisory boards, including the Forbes Technology Council. He was inducted into the 2014 Infosecurity Hall of Fame. This is his seventh book, and he not only knows this subject well he knows how to present it so we understand it.In this episode, we dive deep into the connection between cybersecurity and privacy. Coincidentally, the Transportation Security Administration (TSA) just released its first ever regulation on pipeline companies - which includes cyberprotection and breach response. He also provides guidance, such as two-factor authentication truly is the best deterrent the average person can put in place to secure their accounts. If someone hijacks your accounts and implements it before you do, you will have a Herculean task to recover your own accounts. As he states in chapter 8 “In cyberspace, it’s anarchy, and in anarchy, you need to protect yourself.” Join us as he shares the top 4 things that need to be addressed to keep data secure. We also discuss the relationships between privacy and security, the typical CEO perspective on privacy officers, and how hundreds of thousands of offices were opened due to COVID… and we still are not addressing remote work protocols. Lastly, did you know that ethical criminals make a difference in the ransomware world. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal discuss the European Union’s General Data Protection Regulation, because three years ago from the day this episode was released (May 25, 2021), the GDPR went into effect.  And whether you consider it three years or or five (per this Twitter debate), it was a world-changing event. In this episode, they talk about the changes seen in the past three years, including the two years before that when the GDPR was passed. They discuss penalties and amounts known, but also the most frequent violations. Companies can learn alot by looking at enforcement to know where to prioritize their compliance activities - or at least what to check to make sure it is properly in place. They discuss the locatemyfamily.com that has been in the news lately, including for not appointing a European representative, and the challenges the data protection authorities faced to investigate the complaints across the ocean.In addition, they discussed how the GDPR impacted US legislation, such as the concept of controllers and processors, and the definition of sensitive personal data. The GDPR influenced the California Consumer Privacy Act (CCPA), or more so the California Consumer Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (CDPA) - the latter two take effect in 2023. There is discussion of the importance of EU representatives - and there is a passing mention of the upcoming standard contractual clauses. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal connect with Ray Everett, Founding Member & Chief Privacy Intelligence Officer at Data Secrets, a company that develops solutions focused on identifying risk wherever applications are accessing your data -- in the public cloud, in SaaS applications, and on-premise. He has a long history working as a privacy professional, including at TrustArc, and was appointed as the first Internet-era Chief Privacy Officer in 1999 - starting with speaking on an U.S. Federal Trade Commission panel as a law student and moving into founding what is now the International Association of Privacy Professionals (#IAPP).In this episode, we talk about APIs and SDKs - the benefits and challenges, along with managing them in a world that focuses on privacy and data protection. This brings in the requirement for data inventories and visibility into the movement of data, which is critical to identify early if there has been a data breach or unauthorized data access.Join us as we explore mobile apps, AI, and external storage considerations. The conversation ranges from Privacy by Design to DevOps, focusing on understanding the movement of data as well as why understanding the movement is important.  As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailIn this episode of Serious Privacy, Paul Breibarth and K Royal connect with the Global Privacy Officer at GameStop, Seán Dunne. He really knows the company well, given that he started in retail operations almost 12 years ago. Now, he is responsible for global data protection compliance with laws ranging from the familiar GDPR and CCPA, to the less well known Canadian anti-spam legislation, and the privacy laws of Australia and New Zealand. This is quite the perspective to share with our listeners who are curious about the challenges one faces with a truly global privacy office, that includes major operations in the US, Canada, Australia, and New Zealand, but is based in Europe. Gamestop operates on multiple fronts with online and brick and mortar locations, multiple streams of operations and data flows, and has consumers at various ages. It is quite complex, but fascinating to understand his priorities, challenges, and daily approach. We spoke about an EU privacy person managing the US privacy operations (particularly challenging), new state laws, the possibility of a federal law in the US, Privacy Shield, SCCs, and the criticality of a privacy dictionary. Join us as we discuss global privacy operations, preferences for “data protection” versus “privacy,” and the skills needed to be a successful privacy professional. Coming from the tech side of business, Seán has interesting insight on collaboration. As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailEvery year, in the final week of January, privacy professionals from around the world assemble in the north of Brussels for the Computers, Privacy and Data Protection Conference. In recent years, on the final day, the European Data Protection Law Review awards a young scholar award and hosts a panel to discuss the nominated papers. In this episode of Serious Privacy, Paul Breibarth and K Royal host the third of this year’s three finalists for the EDPL Award. Please join us for a conversation with Katherine Quezada Tavárez, a legal researcher at KU Leuven Centre for IT & IP Law (CiTiP) and LLM graduate of the Catholic University of Leuven, Belgium, but also holds a law degree from the Universidad Autónoma de Santo Domingo in the Dominican Republic, her mother country. Katherine wrote her paper on the Impact of the Right of Access in the Balance between Security and Fundamental Rights, not just focusing on the GDPR, but also on the EU’s Law Enforcement Directive and the so-called PNR Directive (Passenger Name Record), on the collection and use of traveller’s data for law enforcement and counter terrorism purposes.  Join us as we discuss the rights individuals have to data held by law enforcement and why it is important that people know of these rights. Katherine provides some examples of how individuals may be impacted by incorrect information - which as you can imagine, could have disastrous consequences. Her main focus is on balancing the needs of the community (law enforcement) with the needs of the individual. Along the way, we also touch on Malta, the Dominican Republic, and FOIA (Freedom of Information Act in the U.S.).As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailIn this episode of Serious Privacy, Paul Breibarth and K Royal tackle the slew of development (or non-developments) in privacy around the world. What a week in privacy! We had the proposal for AI Regulation published in the EU, the UK adequacy opinion, and of course, several privacy bills in states around the US, and the United States Supreme Court decision in AMG Capital Management, LLC et al. v. Federal Trade Commission, decided the morning of the episode recording. The AI proposal has garnered much conversation, such as in this article by Politico and the summary by Dr. Gabriela Zanfir-Fortuna of the Future of Privacy Forum.  Paul and K discuss various aspects of the proposal including a few unexpected recommendations, or lack thereof. However, the UK adequacy opinion was not as surprising, but quite interesting. Once we turned to the US and state privacy bills, the end was near for several key states, and by the time this episode is live, we know that the Washington bill is dead once again. However, there remains hope for a couple of others given the dates of when sessions end, such as Florida - which we should know in a few days - it is scheduled for its third reading at this time. About 15 states still had bills at the time (see webinar on update by TrustArc on state privacy bills), and of course, the next legislative season may see more change. The FTC decision by the USSC was top of mind given its impact on FTC authority, which also led to discussions of the federal privacy bill by Rep. DelBene which proposes quite an expansion of FTC authority.  Please see this statement released by the FTC on the matter. This case was reminiscent of a prior case with LabMD (yes, different enforcement actions, but still speaking to FTC authority).Join us as we discuss these developments and more in this episode of Serious Privacy. As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailEvery year, in the final week of January, privacy professionals from around the world assemble in the north of Brussels for the Computers, Privacy and Data Protection Conference. In recent years, on the final day, the European Data Protection Law Review awards a young scholar award and hosts a panel to discuss the nominated papers. In this episode of Serious Privacy, Paul Breibarth and K Royal host the second of this year’s three finalists for the EDPL Award. Please join us for a conversation with Taner Kuru, who holds a Bachelor and Master of Laws of Ankara University, in Turkey, and recently completed an advanced LL.M. in Law and Digital Technologies from the Leiden Law School in the Hague. He also just completed an internship at the United Nations Interregional Crime and Justice Research Institute (UNICRI) Centre for Artificial Intelligence and Robotics. (You can catch the first finalist from last week with Isabel Hahn on purpose limitation against big data and common practices.) During this conversation, we discuss how Taner became interested in genetic privacy and then specifically why he researched the concept of group privacy in pertinent data protection laws, such as the European Union’s General Data Protection Regulation and Turkey’s Kişisel Verileri Koruma Kurumu (KVKK). His journey started with CRISPR babies, which led to DNA companies, such as 23andMe and AncestryDNA, and finally into posts on REDDIT and published stories on individuals who have been surprised at some of their DNA results. Given some of the dramatic accounts, Taner became intrigued about whether the privacy of individuals who share DNA is protected. In particular, how do you protect the privacy of groups?Join us to learn more about this topic and his conclusions. We also discuss precision medicine, the Havasupai case, consent, ethics, and dating apps. Fascinating topics to cover in one episode.As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailEvery year, in the final week of January, privacy professionals from around the world assemble in the north of Brussels for the Computers, Privacy and Data Protection Conference. In recent years, on the final day, the European Data Protection Law Review awards a young scholar award and hosts a panel to discuss the nominated papers. In this episode of Serious Privacy, Paul Breibarth and K Royal host the first of this year’s three finalists for the EDPL Award on the podcast. Isabel Hahn holds a Bachelor of Laws degree from the London School of Economics and Political Science, recently completed an internship at NOYB and has just started a new internship with the European Data Protection Supervisor. Her paper focuses on the concept of purpose limitation, and the question whether or not it is still compatible with today’s data economy. Developments in privacy sometimes go so quickly, it is almost impossible to keep up.Join us as we discuss purpose limitation and validating the concept against big data and common practices worldwide on the use of personal information. During this conversation, we cover a recent complaint in Austria against a credit rating agency, Article 5 of the GDPR, and characteristics of what Hahn terms data power companies: omnipresence in digital environment (builds insight into individuals lives), data volume (acquires and controls flow and repurposing), and ability to aggregate data. She believes that these three features combined lead to an asymmetry of value and a level of pervasive interference that is simply inequitable to the average consumer. You will also hear about compatible uses, using legitimate interests to balance the need or desire for new uses of data, and contextual integrity as discussed by Helen Nissenbaum. Lastly, because of course we have to address it with such a promising new professional - what is next in Isabel’s plan - does she intend to continue with privacy as a career? As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailDemonstrating compliance is certainly not always easy, but under many laws, including the GDPR, it is a mandatory requirement. To facilitate the process, codes of conduct and certification schemes are becoming more popular, and it is no wonder they have been included in the GDPR as well. As we are on the verge of seeing the first codes of conduct to demonstrate GDPR compliance approved, Paul Breitbarth and K Royal discuss the EU Cloud Code of Conduct, which TrustArc is proud to support. Join us and learn more about what the EU Cloud Code of Conduct entails, how it is supposed to work and what the benefits are of adhering to such a code. Oh, and don't be surprised for a little April Fools and Easter conversation this week too - the recording was made on 1 April...  As always, if you have comments or questions, please contact us at seriousprivacy@trustarc.com. ResourcesA downloadable version of the EU Cloud Code of ConductDetails on the future Third Country Module, intended for international data transfersWebinar with Paul on the Third Country Module If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailThis week on Serious Privacy, Paul Breitbarth and K Royal, connect with Wayne Unger, a recent law school graduate, that is already very much embedded in the privacy profession. As a non-traditional student, Wayne was an experienced professional and quickly dove into the academic side of privacy with the intent to combine the scholarship and practical side of privacy. Wayne has authored three law journal articles, two of which are published and one is scheduled - going through a rewrite currently as he will discuss why during the conversation. The two published ones are: Katz and Covid-19 How a Pandemic Changed the Reasonable Expectation of Privacy Expectation of Privacy in the Hastings Science and Technology Law Journal and Reclaiming our Right to Privacy by Holding Tech Companies Accountable in the Richmond Journal of Law and Technology. In addition, Wayne has done a TEDx talk (modified given the circumstances) through TEDxASU program on Reclaiming our Right to Privacy. Join us as we explore what brought Wayne to privacy, interdisciplinary technologies and cross-functional approaches to privacy. We also discuss credit scores, supply chains (along with a possible new venture), and the public’s awareness of privacy increasing - including the veracity of claims to anonymized data given the possibilities of re-identification. Paul added in an article on Estimating the success of re-identification in incomplete datasets using regenerative models. Altogether a fascinating conversation that includes a ship stuck in the Suez canal (which was freed March 26).As always, if you have comments or questions, please contact us at seriousprivacy@trustarc.com.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.