The Privacy Advisor Podcast

Darren Abernethy discusses the rise in privacy litigation trends, focusing on tracking technologies like session replays, chatbots, and pixels. He explains the implications of wiretapping statutes, California's interpretation of SIPA, and the Video Privacy Protection Act. The podcast explores recent lawsuits, emphasizing the importance of data minimization and compliance with evolving privacy laws.

Lead technical negotiator, Laura Caroli, discusses the EU AI Act negotiations, highlighting unique approach, challenges, criticisms, AI-specific rights, and future implications. She compares the AI Act to the GDPR, addresses enforcement structures, and stresses the importance of flexibility and stakeholder dialogue in creating a future-proof framework for AI regulation.

In tandem with privacy, cybersecurity law is rapidly evolving to meet the needs of an increasingly digitized and complex economy. To help practitioners keep up with this ever-changing space, the IAPP published the first edition of Cybersecurity Law Fundamentals in 2021. But there have been a lot of developments since then. Cybersecurity Law Fundamentals author Jim Dempsey, lecturer at UC Berkeley Law School and senior policy advisor at Stanford Cyber Policy Center, brought on a co-author, John Carlin, partner at Paul Weiss and former Assistant Attorney General, to help with the new edition. IAPP Editorial Director Jedidiah Bracy recently spoke with both Dempsey and Carlin about the latest trends in cybersecurity, including best practices in dealing with ransomware, the significance of the new SEC disclosure rule, cybersecurity provisions in state privacy laws, trends in FTC enforcement, the recent Biden Executive Order on preventing access to bulk sensitive personal data to countries of concern, and much more. We even hear about the time Carlin briefed the U.S. president on the Sony Pictures hack.

For those following the regulation of artificial intelligence, there is no doubt passage of the AI Act in the EU is likely top of mind. But proposed policies, laws and regulatory developments are taking shape in many corners of the world, including in Australia, Brazil, Canada, China, India, Singapore and the U.S. Not to be left behind, the U.K. held a highly touted AI Safety Summit late last year, producing the Bletchley Declaration, and the government has been quite active in what the IAPP Research and Insights team describes as a “context-based, proportionate approach to regulation.” In the upper chamber of the U.K. Parliament, Lord Holmes, a member of the influential House of Lords Select Committee on Science and Technology, introduced a private members’ bill late in 2023 that proposes the regulation of AI. The bill also just received a second reading in the House of Lords 22 March. Lord Holmes spoke of AI’s power at a recent IAPP conference in London. While there, I had the opportunity to catch up with him to learn more about his Artificial Intelligence (Regulation) Bill and what he sees as the right approach to guiding the powers of this burgeoning technology.

Joe Jones, Privacy and data protection expert, joins the show to discuss the major developments in data protection and privacy in 2023. They explore enforcement actions on Big Tech, the finalization of EU regulations, the role of privacy professionals in AI governance, and the implementation of privacy laws in various countries.

Guest Luca Bertuzzi, Expert in European Union AI Act and its political deal, discusses the EU AI Act negotiations and what comes next. Topics include the difference between general purpose AI systems and foundational models, negotiations on national security provisions, prohibited practices and exemptions, high risk applications and fundamental rights assessment, penalties and fines, next steps, and potential roadblocks.

Martin Abrams knows a little something about information privacy and consumer policy. Over the course of the last 40-plus years, Abrams has had his hands in a number of initiatives, including as co-founder and president of the Center for Information Policy Leadership and founder of the Information Accountability Foundation. He took part in the development of the APEC Cross Border Privacy Rules and the OECD’s Working Party on Information Security and Privacy. Abram's work on transparency and accountability has been influential on policy makers around the world. At the latest Global Privacy Assembly in Bermuda, Abrams announced he was retiring from his full-time position at IAF and taking more time to be with his family. IAPP Editorial Director Jedidiah Bracy caught up with Abrams to take a look back at his career, the changes he’s seen in information policy and where he thinks data policy and regulation are heading.

The EU AI Act negotiations recently hit a major roadblock after EU Council Member States France and Germany unexpectedly pushed back on the European Parliament's draft position on regulating foundation models. The obstacle was so sudden, it appeared the negotiations were in a stalemate. Though the issue has not yet been fully resolved, the Spanish presidency of the EU Council is reportedly working with Member States to find a position that is workable for the European Parliament.  This comes as the IAPP hosts its sold out Data Protection Congress 2023 in Brussels, Belgium. To be sure, the foundation model issue is not the only sticking point remaining in the trilogue negotiations. There are others.  To get the inside scoop, I had the chance to catch up with EU AI Act co-rapportuer Dragoș Tudorache and Kai Zenner, head of staff for German MEP Axel Voss about the negotiations, the obstacles and whether there will be an agreement before next year's parliamentary elections. 

As automated systems rapidly develop and embed themselves into modern life, policy makers around the world are taking note and, in some cases, stepping in. Earlier this year, the Biden-Harris administration took an early step by releasing a Blue Print for an AI Bill of Rights. Comprising five main principles, as well as what should be expected of automated systems, while offering a slate of real-world examples of the potential harms and benefits of artificial intelligence, the Blueprint is a must-read for AI governance and privacy professionals working in the space. Suresh Venkatasubramanian is a Professor of Computer Science and Data Science at Brown University. He also co-authored the Blueprint while serving as Assistant Director for Science and Justice in the White House Office of Technology and Policy. IAPP Editorial Director Jedidiah Bracy recently caught up with Suresh to learn more about his work on the Blueprint, how it fits into the broader spectrum of existing AI guidelines and frameworks, and what professionals should know about this rights-based document.

In June 2013, a series of high-profile U.S. government surveillance disclosures to major media outlets rippled throughout the world and changed the calculus for the privacy profession.  Hard to believe it's now been 10 years since an unknown U.S. government contractor leaked to the world massive amounts of information about top secret U.S. intelligence programs. Within weeks, Edward Snowden became a household, if not, controversial name — not only in the privacy profession — but to consumers and citizens far and wide. A lot has transpired since the summer of Snowden in 2013. The U.S. has altered some of its surveillance laws, and the trans-Atlantic relationship between the U.S. and EU has grown complicated after a series of data transfer agreements were struck down by the EU's highest court. The third such agreement is pending.    Though the privacy world is constantly changing, it seems fitting to stop and take stock of this last decade to see how much, if anything, has changed. To help measure the ripple effect, IAPP Editorial Director Jedidiah Bracy chatted with IAPP Senior Research Fellow Muge Fazlioglu and Research and Insights Director Joe Jones to uncover what's changed in the U.S. and abroad, as well as how consumer attitudes have evolved since then.