The Privacy Advisor Podcast

Lorrie Cranor has long been a leader in the privacy space. As Director and Bosch Distinguished Prof. in Security and Privacy Technologies at Carnegie Mellon's CyLab Security and Privacy Institute, Prof. Cranor is on the cutting edge of usable privacy and security. Her work has influenced researchers to view privacy as a fundamental design standard rather than an abstract ideal and has helped reshape the technology field with more than 200 co-authored research papers on online privacy and security. She has also served as chief technologist at the US Federal Trade Commission and co-founded Wombat Security Technologies, among many other initiatives. Much of her work has focused on understanding how people interact with digital systems and where those systems failed. But, Prof. Cranor is also a mom and has raised three children. She has published new, illustrated book, called Privacy Please!, which Is geared for children aged 4-6, to help them and their parents understand what privacy means and why it matters. IAPP Editorial Director Jedidiah Bracy caught up with Prof. Cranor to discuss her new book, what inspired it, and how this book can help children develop a sense of privacy, autonomy and expression. We also discuss some of the broader children's privacy issues that are emerging in jurisdictions around the world, including through social media bans and age verification laws. Here's what she had to say.

Anu Talus, the newly elected Chair of the European Data Protection Board, dives into the complexities of GDPR and its ongoing evolution. She highlights the Helsinki Statement aimed at simplifying compliance for SMEs and discusses the importance of consistent cross-border enforcement. Talus emphasizes the need for transparency in AI and the balance between data protection and innovation. She also touches on draft opinions regarding the UK's adequacy and the significance of engaging with other nations to ensure collaborative data protection efforts.

As artificial intelligence continues to coalesce in the modern economy, AI governance only grows in significance. Brenda Leong, director of ZwillGen's AI division, and Andrew Burt, CEO of Luminos, have long been on the front lines of AI's emergence and busy helping organizations navigate this space. In a first for The Privacy Advisor Podcast, we're featuring a guest host, my colleague Alex LaCasse, a staff writer here for the IAPP. LaCasse has been covering compliance technology for the IAPP in recent years and recently caught up with Leong and Burt to learn more about their work in AI governance and the strategies and tools they leverage to help companies maintain customer trust.

Ulrich Baumgartner, a partner at Baumgartner Baumann and data protection expert, discusses the landmark CJEU ruling on personal data. He unpacks the shift from an absolutist to a relative approach to identifiability, clarifying implications for GDPR compliance. The conversation touches on pseudonymization, the needed revisions in EDPB guidance, and the potential impacts on data processing agreements. Baumgartner also highlights the emerging relevance of privacy-enhancing technologies as legal definitions evolve, offering actionable insights for data professionals.

Ruby Zefo has long been a leader in the fields of privacy, data protection and cybersecurity. She was the first chief privacy officer at Uber, where she served from 2018, helping lead the company's efforts to protect and enable user data. She has done so while Uber continues to innovate its technology amid a dramatic increase in digital laws around the world. Earlier this year, Zefo announced her retirement from Uber and her next move as a fellow at Stanford University's Distinguished Careers Institute. IAPP Editorial Director Jedidiah Bracy caught up with Zefo to discuss her work building a privacy team at Uber and how she has navigated—and led—in an increasingly complex and challenging world.

Nearly a year ago, the IAPP expanded its mission in response to a rapidly changing digital environment to include AI governance, digital responsibility and cybersecurity law. The mission expansion took place a year after the IAPP hired Ashley Casovan to lead its first-ever AI Governance Center. Since then, Casovan has led the development of the center, which includes work helping to inform AI governance training and certification, a forthcoming AI governance textbook, and the AI Governance Global conferences. Casovan came to the IAPP after leading the Responsible AI Institute as its executive director and previously worked for the Canadian government as director of data architecture and innovation. She's currently drafting a skills competency framework for AI governance. Situated in Montreal, Casovan trekked south to spend time at IAPP headquarters in Portsmouth, NH. While here, she and IAPP Editorial Director Jedidiah Bracy discussed the makings of an AI governance professional. What skills are required and what is she seeing in this evolving profession? Here's what she had to say.

As the privacy profession surpasses the quarter-century mark and enters into a brave new world of artificial intelligence and digital entropy, it's worth taking a look back to assess how far the profession has come. That's exactly what long-time privacy pro Stephen Bolinger embarked upon when he decided to film a documentary on the rise of the privacy profession. "Privacy People" explores the veritable plethora of interpretations of the privacy concept through the voices of some of the profession's most seasoned and respected privacy leaders. Bolinger said he felt there was a really compelling story to tell. By juxtaposing on-the-street interviews with individuals to sit down discussions with some of privacy's luminaries in government, industry, civil society and academia, "Privacy People" looks at how this dynamic profession has grown and changed over the years, as well as recognizing the prominent role women have played throughout its evolution. Earlier this year, IAPP Editorial Director Jedidiah Bracy sat down with Bolinger to discuss the impetus for his documentary and how he went about filming "Privacy People."

As chief privacy officer of the biggest city in the United States, it's safe to say that Michael Fitzpatrick doesn't have your normal, run-of-the-mill job. As part of New York's Office of Technology and Innovation, the Office of Information Privacy provides guidance to more than 175 agency privacy officers across the city. It also works closely with the city's Cyber Command and has partnered with the Cities Coalition for Digital Rights and the Biometrics Institute. IAPP Editorial Director Jedidiah Bracy caught up with Fitzpatrick to learn more about his work as CPO of New York City, how his office works across government and what he sees as some of the biggest challenges in privacy and cybersecurity.

Autonomous robots with embedded artificial intelligence are growing more common across industry sectors. So-called "embodied AI," collects vast amounts of data through its sensors and changes how humans interact with technology. As embodied AI becomes more common and continues to drive innovation, it also creates new challenges for ethical uses of data and personal privacy. Erin Relford is a privacy engineer at Google and has worked in the embodied AI space. In a recent article for the IAPP, she wrote that "existing privacy mitigations may be insufficient for human-robot interactions." That's why she helped create a robotics privacy framework to "promote privacy-preserving design" in the "responsible deployment of robotics with embedded AI. IAPP Editorial Director Jedidiah Bracy caught up with Erin to discuss her work in this vanguard space.

Privacy law and technological advancements have a deep and intertwined history that go back to at least the 1890s with Samuel Warren and Louis Brandeis's article "The Right to Privacy," which was prompted by camera technology. George Washington University Law Professor Dan Solove has long studied and written about privacy law. He published several well-known books including "Nothing to Hide: The False Trade Off Between Privacy and Security" and co-authored "Privacy Law Fundamentals," which is published by the IAPP. Solove recently published a new book, "On Privacy and Technology." IAPP Editorial Director Jedidiah Bracy caught up with Solove just before the book was published to discuss it and whether the regulation-versus-innovation trade-off is a fallacy, why the notice-and-choice paradigm hasn't worked for consumers, and where the future will take privacy, AI, and cybersecurity law and regulation.