Serious Privacy

Send us Fan MailSince the Schrems-II judgment came down on July 16th, the message has slowly sunk in that Europe is serious about looking at privacy and data protection through the glasses of fundamental rights protection. That was even reinforced by the Privacy International and Quadrature du Net cases, published at the start of October. Any interference with the fundamental rights to privacy and data protection, needs to be limited in time, scope and content, according to the courts, as well as necessary and proportionate. But what does it actually mean that privacy and data protection ARE fundamental rights. And is the “universal fundamental rights approach” compatible with a more economic rights approach taken in other jurisdictions?In this episode of Serious Privacy, Paul Breitbarth and K Royal speak to two guests from international organisations working on fundamental rights. Sophie Kwasny is the Head of the Data Protection Unit of the Council of Europe, and as such, one of the key players when it comes to the so-called Convention 108. Michael Donohue is the Data Protection Officer for the Organisation for Economic Cooperation and Development. Join Paul, K, Sophie and Michael as they discuss ongoing international developments in the privacy community. ResourcesCouncil of Europe data protection websiteConvention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data Convention 108+ on the protection of individuals with regard to the processing of personal dataOECD Privacy GuidelinesArticle by Colin Bennett on why Canada should accede to Convention 108+Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @sophiekwasny, @micdonohue @COE_HRightsRLaw @OECD If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailTechnology brings new demands for compliance, especially given the amount of personal data collected through various means and how it is both used and combined. However, technology can also be used to assist compliance professionals by providing the necessary information quickly.  In most of the Serious Privacy  episodes, co-hosts Paul Breibarth and K Royal have discussed one or more specific data protection and privacy related topics. With guest Shub Nandi, the CEO and Founder of PiChain, a company based in Bangalore, India, that primarily focuses on the financial sector, they look at the broader scope of RegTech (regulatory technology) and how it helps to support compliance.PiChain tries to simplify all kinds of business processes, from customer and business onboarding and Know-Your-Customer to e-Contracts. These are all topics that privacy professionals would address, but typically would not have the information available to assess risks accurately or timely. With AI, one can leverage the power of technology to simplify the process, reserving valuable time for decision-making and remediation plans rather than collecting the information.Join us as we discuss the financial market, regulatory challenges, and key technology solutions, such as blockchain. The conversation expands to include the European Union’s General Data Protection Regulation, India’s challenges including its privacy laws, and ethics in data science. Social Media@Podcastprivacy, @heartofprivacy, @euroPaulB, @trustArc If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailLive! (okay recorded with a live studio audience) from our offices at a fabulous virtual conference - the 2020 IEEE International Symposium on Technology and Society, discussing Public Interest Technologies in a four day long global online conference. This is a first for Serious Privacy, recording an episode live as part of the conference presentation. In normal times, this conference would have taken place face-to-face, facilitating lots of participants to debate their papers with their peers in person. The Public Interest Technology University Network, comprising 36 institutes of higher education, is working to address these very issues by “building the nascent field of public interest technology and growing a new generation of civic-minded technologists.” Paul Breitbarth and K Royal host this live session and focus on the papers that are being presented and discussed on a wide range of topics. Arizona State University is one of the founding members of PIT-UN and is K’s alma mater and where she teaches privacy law. Quite a few of these issues addressed in the conference have also been addressed earlier in this first season of the Serious Privacy podcast: from Ethical AI concerns to COVID apps, and from Surveillance Societies to Mentoring the Next Generation of Technology Innovators.  Join us as we discuss data monopolies, start-up tech companies, cultural norms, and more. Their host for the session, Salah Hamdoun also joined the conversation. Salah is a PhD student in Arizona but is from the Netherlands - which makes for a great discussion on the differences between the EU and the US approaches to privacy. It was the first time the Fourth Industrial Revolution has arisen in the episodes, but an old favorite in government surveillance did make an appearance.ResourcesKatina Michael (co-chair of the conference) and Jamie Winterton, speaker, contributor, and author of Creating the Public Interest Technologies of the Future - Learning to Love the “Wicked Problem”Salah Hamdoun's paper: Technology and the Formalization of the Informal Economy  Social Media@Podcastprivacy, @heartofprivacy, @euroPaulB, @trustArc, @ASU, @katinamichael, @IEEESSIT, @j_winterton If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailIn just a single week, so much has happened. The California Privacy Rights Act was passed by voters and will come into effect on 1 January 2023, the Court of Justice of the European Union once again confirmed that consent is not valid when relying upon pre-ticked boxes, and the European Data Protection Board issued its Recommendations on international data transfers in the wake of the Schrems-II ruling. In the meantime, Finland is dealing with a major health-related data breach, the Biden transition team was announced, which includes some privacy-minded people, and the U.S. Federal Trade Commission announced a settlement with Zoom including a requirement to implement a full privacy and security program. And that was just the tip of the iceberg before the European Commission issued the draft of new standard contractual clauses.In this episode of Serious Privacy, Paul Breitbarth and K Royal invited Paul Schwartz, a leading international privacy expert with a broad view on law and technology issues. He is the Jefferson E. Peyser Professor of Law and the Director of the Berkeley Center for Law & Technology. Join Paul, K, and Prof. Paul Schwartz as they discuss immediate reactions to the recent privacy events, and put the considerations in context within US privacy law as well as global context.  Nothing is off limits for framing these new developments - US law, state law, enforcements, new administration priorities, European requirements, operationalizing privacy, and even HIPAA. Catch up on news and analysis of these momentous events, via other episodes (such as the one with Gabriela Zanfir-Fortuna), webinars, If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailThis past week, the European Data Protection Board (EDPB) adopted it’s Recommendations on international data transfers post Schrems-II and the European Commission released the long-awaited draft of new standard contractual clauses. At the same time, the EDPB adopted an updated version of their earlier guidelines on the European Essential Guarantees: criteria that a third country’s (non-European Economic Area country) legislation needs to meet in order to justify an interference with the right to privacy and data protection. In this episode of Serious Privacy, Paul Breitbarth and K Royal bring you an EXTRA episode with Gabriela Zanfir-Fortuna with the Future of Privacy Forum. Although you will hear about these momentous events in a variety of additional TrustArc forums (other Serious Privacy Episodes, blogs, and published advisories), this is worth a special episode tailored specifically to your need to know about these documents. You should note that feedback on the Recommendations are due at the end of November and comments on Standard Contractual Clauses are due December 10, 2020. Less than two weeks later. Join Paul, K, and Gabriella as they share their reactions to the new guidance and SCCs. In particular, Paul and Gabriela were on the former Working Party 29, responsible for issuing guidance. This new guidance is unexpected in some ways. This is what you want to know about what will happen next in the world of international transfers, how to read to new SCCs, and what can be done with supplemental safeguards - or not.Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @gabrielazanfir, @futureofprivacy Instagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailPrivacy and data protection are not just a job for lawyers or professionals who specialize in privacy - not anymore. Technology plays an important role in ensuring personal data can remain private. Ensuring that personal data is secure but useful requires a level of skill found in data scientists.In this episode of Serious Privacy, Paul Breitbarth and K Royal searched for just such a skilled individual,Katharine Jarmul, the Head of Product at Cape Privacy, and a data scientist. Cape Privacy is a New York-based company assisting others with machine learning, data security and adding value to data. Katharine explains what data science actually is, how to keep data private, useful and valuable at the same time, and how to create synthetic data appropriately. Also a big question when it comes to powerful technology revolves around the ethics and the investment of individual technologists in the ethics of privacy.Join us as we discuss these topics and more, such as GPT-3, “this person does not exist,” the work of Cynthia Dwork, and differential privacy vs the generative model. As often happens in an episode, certain topics in privacy are revisited, mainly because they are wicked problems with no identified solution. One such topic Katharine discussed is bias in machine learning and approaches to solving bias once identified. Throughout this episode, we reference quite a few resources that we will provide the links - as always.  ResourcesIAPP article on AI and synthetic data: https://iapp.org/news/a/accelerating-ai-with-synthetic-data/Federated / Collaborative Learning Introduction: https://federated.withgoogle.com/Encrypted Learning with TF-Encrypted (also can be used in a collaborative setting where we are sharing data): https://medium.com/dropoutlabs/encrypted-deep-learning-training-and-predictions-with-tf-encrypted-keras-557193284f44Europe - Ethics guidelines for trustworthy AI https://ec.europa.eu/futurium/en/ai-alliance-consultation Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @kjam, @capeprivacyInstagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailElection day in the United States is quite the dramatic event in 2020. We may soon know who will be the President of the United States in the coming years, what the new U.S. Congress will look like, if there might be a chance of federal privacy legislation and an EU-U.S. adequacy deal passing in the coming years,  and if California Proposition 24 (the California Privacy Rights Act or “CPRA”) has made the grade. But the election process itself carries privacy implications and of course, there are other privacy developments in the world.In this week’s episode, Paul Breitbarth and K Royal address political campaigns, the CPRA, China’s new draft data protection law and more. In particular, they highlight the difference between the US and the EU when it comes to determining whether political ideations and opinions are sensitive data. In the US, voter registration polls are quite often public - which offers opportunity for potential election machinations. This year, we have seen non-official ballot boxes, controversy over mail-in ballots with external facing signatures and phone numbers, a high volume of political text messaging, and more.  However, there have been other privacy news lately, such as the proposed law in China. Join us as we discuss these hot topics in privacy in this episode of Serious Privacy along with honor in voting, a la West Wing’s Donna Moss and Jack Reese. Given the impact of the election results, TrustArc is presenting a post-election webinar to address the privacy outcomes in more detail.ResourcesPolitical Campaign Data Targeting (Washington Post) China’s Draft Data Protection Law (IAPP) China’s Draft Data Protection Law (Nymity Research & Alerts -for subscribers)Facebook memo from Andrew Bosworth, executive at Facebook About bots and misinformation  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailTechnology around the world changes quickly - fast and furiously. Unique companies solving problems we did not realize we had are hitting the market. For example, the development of always connected mobile devices has fundamentally changed the global banking system. Where before in many parts of the world people were devoid of having a bank account, nowadays a smartphone gives them access to financial services wherever they are with mobile payments, cryptocurrencies, and  fully virtual banks. In this episode of Serious Privacy, Paul Breitbarth and K Royal host the DPO for Klarna, Europe’s biggest fintech unicorn, valued at over $10 billion, Filip Johnssén. Filip is a seasoned DPO, who prior to Klarna worked for Säpo, the Swedish Security Service, as well as Sandvik, a high tech and engineering company. Given his experience, it is no wonder the topics vary widely.Join us as Filip shares his experience working for a startup tech company, which takes an unusual approach to the modern market experience. In addition, we discussed challenges of financial tech crossing international boundaries, personal interests, and authoring several successful books. We also delved into consumer rights and how to manage those across myriad laws. He is currently working on a practical manual for DPOs (link below). In addition, Filip co-hosts his own privacy podcast Dataministeriet, together with Anders Bäckström.  Also check out Klarna's video privacy notice, which takes transparency to a whole new level.  Lastly, we have a challenge for our listeners of a prior video notice in EU that Filip has been searching for - maybe one of you are familiar with it.ResourcesKlarna links https://www.klarna.com/se/dataskydd/ Privacy Notice: https://www.klarna.com/uk/privacy-notice/Unexpected Newsletter: https://www.klarna.com/uk/blog/klarna-comment-unexpected-newsletter/ Forthcoming book: https://shop.bcs.org/store/221/detail/workgroup?id=3-221-9781780174365 Payment services directive 2 - EU law for fintech: https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @klarnaInstagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailPutting the evils back in Pandora’s box just doesn’t seem possible - much like reclaiming privacy in today’s datacentric world. This week, Paul Breitbarth and K Royal hosted Rob Shavell, CEO and founder of Abine (rhymes with hey mine) to discuss consumer privacy controls related to online privacy. Just over a decade ago, the World Wide Web consortium (W3C) started the development of a Do Not Track (DNT) standard, that would limit the way in which people could be tracked between websites. In 2018, the project stopped, because it simply did not gain traction. Now, DNT is back in the form of Global Privacy Control (GPC): a new technical standard to help companies meet the CCPA Do Not Sell requirement and similar requirements around the world. GPC is supported by quite a few companies, such as Mozilla, Brave, the Electronic Frontier Foundation, and the NY Times. Join us as we speak on a variety of topics from the complexities of managing privacy online to the consequences that may arise through enforcement. Rob touches on concepts such as ferociously imperfect laws and controls as well as informed consequential debate. Through these open conversations with privacy professionals and activists, the discussion is unfettered and thus, brings up many elements, such as meetings in Brussels, AI, and being zealous about privacy.ResourcesThe newly announced Global Privacy Control standard. Abine is an early collaborator on the standard, which is like a next-generation "Do Not Track" Rob’s Op-Ed for Help Net Security discussing the CPRA and why it may be more employer-friendly (re: employee data regulation) than widely reported.Privacy as an Employee Benefit - why more companies are investing in employee privacy as a value-add benefit, plus how investing in a culture of privacy can reduce cybersecurity risk.FD (€): https://fd.nl/ondernemen/1359994/een-muisklik-en-alle-cookies-staan-voor-altijd-uit Global Privacy Control on Github: https://globalprivacycontrol.github.io/gpc-spec/ Social Media If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us Fan MailEvents happen occasionally that reinforce each other in such a way that the sum of things is worse than you could ever have imagined: a perfect storm. You may very well say that 2020 is a perfect storm in itself. And who knows what November and December may bring. This week, Paul Breitbarth and K Royal invited Stuart N. Brotman, author of Privacy's Perfect Storm: Digital Policy for Post-Pandemic Times.Brotman took the notion of the perfect storm as the basis for a book about privacy, data protection, the digital economy and the fight against COVID-19. The book contains a series of reflections on a wide range of issues, outlining the authors’ views and ideas on the way forward.  He just completed a term as a Fellow in the Science and Technology Innovation Program at the Woodrow Wilson International Center for Scholars in Washington D.C. The essays in his book sparked quite the conversation.Join us as we speak on a variety of topics - one of which immediately stood out: Why Discussing Digital Privacy Now Belongs at the Kitchen Table (on page 19), given Paul and K’s ideal for the Serious Privacy podcast to be those casual conversations one would have at Paul’s kitchen table, or K’s back porch.  But in addition, some essays grabbed attention to discuss, such as the one on digital trust being essential for data privacy protection and the one on millennials teaching grandparents about internet safety. We discussed so many topics - from public-private data sharing to password management. ResourcesPC Mag - Best Password Managers for 2020 https://www.pcmag.com/picks/the-best-password-managers The guy who invented rules for changing passwords apologizes https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118  and / or https://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711 Social Media Twitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @stuartnbrotmanInstagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.