The Privacy Advisor Podcast

In 1998, the U.S. was the first nation to enact a privacy law specifically tailored to protect children’s data. Nearly 25 years later, COPPA – the Children’s Online Privacy Protection Act – is one of several children’s privacy and data protection laws around the world. LinkedIn Vice President and Chief Privacy Officer Kalinda Raina first encountered the draft COPPA bill while interning at the Center for Democracy & Technology. In the years since, she has helped lead the privacy efforts at Nintendo and Apple. With three children of her own, Kalinda has an in-depth knowledge of children’s privacy issues, both as a parent and privacy pro. Her passion for the issue led her to start a YouTube channel to help educate parents and kids about privacy and safety issues and to shepherd a new book called “Children’s Privacy and Safety,” published by the IAPP. The Privacy Advisor Podcast host Jedidiah Bracy recently caught up with Kalinda to discuss children’s privacy, her work, and the new book.

The concept of privacy and data protection by design is not new in the privacy world. We know that privacy should be integrated in the foundational design of a product or service; that is should be baked in, not bolted on. But what that means in practice is often elusive. In 2018, Enterprivacy Consulting Group founder Jason Cronk wrote the book Strategic Privacy by Design, which was published by the IAPP. In it, Cronk offered insights for building processes, products and services that consider an individual’s privacy interests as a requirement. In the four years since, law and technology have continued to evolve, prompting Jason to write a second edition of the book. The IAPP's Jedidiah Bracy recently caught up with Cronk to discuss his work in designing for privacy and what’s new in his second edition.

It’s difficult to remember a time when people didn’t extoll cliches like “privacy is dead” or “data is the new oil.” No doubt, privacy is constantly challenged by ever advancing technology, and data is mined ubiquitously for its value, but privacy is far from dead. Washington University in St. Louis School of Law Prof. Neil Richards agrees, but notes that though privacy is very much alive, it is up for grabs. These are some of the initial thoughts that helped inform his new book, “Why Privacy Matters.” IAPP Editorial Director Jedidiah Bracy recently caught up with Richards to discuss his new book and why there’s plenty of food for thought in there for privacy pros.

Though many privacy pros are still grappling with the EU General Data Protection Regulation, the EU is now busy leading a new generation of data regulations. As part of its Digital Single Market strategy, the EU is looking to not only protect data but also to create frameworks that allow for data flows, while aiming to mitigate hate speech and misinformation. Through an ambitious line of of proposed laws – including the Data Act, Data Governance Act, Digital Markets Act, Digital Services Act and the AI Act – the EU is poised to place a slew of new requirements for companies doing business in the region. Though not all privacy-related, privacy pros should be paying attention to this space. To catch up on this flurry of activity, IAPP Editorial Director recently chatted with journalist Luca Bertuzzi.  

Cybersecurity is inextricably connected to privacy in countless ways. Like privacy law and regulation in the U.S., cybersecurity stands on a patchwork quilt of rules, laws, regulations and court cases. Stanford Cyber Policy Center Senior Policy Advisor Jim Dempsey has been teaching cybersecurity law since 2015 and worked in the area for decades, whether as an academic, a government representative on the U.S. Privacy and Civil Liberties Oversight Board, or an advocate at the Center for Democracy & Technology. He’s long thought about the cybersecurity space and how it matches up to privacy and data protection. In fact, he’s thought so hard on this subject that he published a new book with the IAPP called “Cybersecurity Law Fundamentals.” IAPP Editorial Director Jedidiah Bracy recently caught up with Dempsey to discuss cybersecurity’s current state of play, the biggest issues companies face from a world burgeoning with adversaries and what to look for in his new book.

Data protection and competition enforcement have been on a collision course in recent years. The Big Tech platforms have amassed powerful market share with vast amounts of user data. This inevitable convergence is shaping up on both sides of the Atlantic. U.S. President Joe Biden has appointed notable antitrust proponents to powerful government positions in recent months. And in Brussels, the European Commission has released a slew of draft legislation to help bolster its Digital Single Market efforts, curtail Big Tech hegemony, and promote competition. Journalist Samuel Stolton has been following these developments with an ear to the ground in Brussels. Host Jedidiah Bracy recently caught up with Stolton right as news emerged that Amazon faces a record $888 million fine related to GDPR violations.

On July 13, Ohio Lt. Governor Jon Husted announced the introduction of the Ohio Personal Privacy Act. The law applies to organizations doing business in Ohio or whose products or services target consumers in the state. Businesses with annual gross revenues exceeding $25 million, or process personal data of 100,000 or more Ohio consumers, or derive 50% of gross annual revenues from the sale of personal data would be covered. Like other laws, it does offer some consumer rights, including correction, deletion and portability, as well as an opt-out right for the sale of personal data. Most notably, the OPPA includes a carve out for businesses that reasonably conform with the U.S. National Institution of Standards and Technology’s Privacy Framework. Host Jedidiah Bracy recently caught up with Husted to discuss the bill, the NIST provision, and what the OPPA could mean for the future of privacy law at the state, federal and international levels. 

Voice-activated products and services are proliferating, while voice-recognition technology is on the rise. In addition to popular voice-activated assistants, call centers are beginning to use advanced voice-intelligence technology in novels ways. The technology could lead to plenty of innovation, but the potential privacy, safety and fairness issues will need some thinking. In his new book "The Voice Catchers: How Marketers Listen In to Exploit Your Feelings, Your Privacy, and Your Wallet," Joseph Turow describes the rise of what he calls the “voice intelligence industry” and how artificial intelligence is enabling personalized marketing and profiling through voice analysis. IAPP Editorial Director Jedidiah Bracy caught up with Turow to discuss the potential privacy issues and what privacy pros and policy makers should be thinking about with this nascent industry.

Notice and consent have been foundational principles in privacy and data protection for decades. But do they provide individuals with the ability to make informed decisions as they navigate products and services? Will laws like the California Privacy Rights Act help change how companies design their privacy notices? For Jennifer King, the Privacy and Data Policy Fellow at Stanford's Institute for Human-Centered Artificial Intelligence, the notice-and-consent paradigm as it currently stands is a “farce” that needs an overhaul, not just from a legal standpoint, but also from a human-technology interaction perspective. IAPP Editorial Director Jedidiah Bracy chats with King about what's needed for an effective paradigm shift in this space. 

Prospects for a federal privacy law in the U.S. ramped up in recent years, but even though data protection is a bipartisan issue, nothing has come close to passing. At the same time, U.S. state activity is swarming, and many countries around the world are developing and implementing their own national privacy laws. So what’s it going to take for the U.S. to pass a federal law? Rep. Suzan DelBene, D-Wash., was the first congressional lawmaker to propose federal privacy legislation in 2021. Her bill received praise from the U.S. Chamber of Commerce and other industry groups for its approach, but does the bill have what it takes to cross the finish line? The Privacy Advisor Podcast host Jedidiah Bracy recently caught up with DelBene to talk about her proposed bill, the state of play on Capitol Hill, and what it will take for the U.S. to pass federal privacy legislation.