The Privacy Advisor Podcast

There is so much privacy news related to the pandemic lately that it sometimes feels like that's the only news. But the world continues to spin, if more quietly, as most of its population works from the comfort of their homes. In this episode of The Privacy Advisor Podcast, Angelique Carson chats with Brussels-based freelance journalist Jennifer Baker about two government data breaches, the latest on activist Max Schrems and his complaints, as well as recent criticisms on the level of DPA enforcement now that the GDPR has turned two.

Especially now, while most of us are stuck indoors hiding from the invisible monster that is the COVID-19 disease, it's not difficult to imagine better days — days when we can safely travel again to faraway islands with blue-glass waters and sandy beaches. Or, you could do what Alex White did and move there. The former deputy chief privacy officer of South Carolina didn't move to the island for a vacation, though. He took the job as the country's first-ever privacy commissioner, a position created with the passage of Bermuda's privacy law in 2016. In this episode of The Privacy Advisor Podcast, White talks to host Angelique Carson, CIPP/US, about the challenges of starting up a new office — especially in the midst of a global pandemic — and why he thinks privacy professionals should think of themselves as, of all things, GPS devices. 

The EU General Data Protection Regulation ushered in an enhanced private right of action for violations of the law, both for material and non-material damages. Attorneys say there's now a significant uptick in cases brought alleging such a grievance has occurred, and that they're often brought as a "follow-on" to data protection authorities' own investigations. In this episode of The Privacy Advisor Podcast, Orrick attorneys Keily Blair and James Lloyd, both based in the U.K., describe the uptick in civil litigation claims they're seeing and the ways that's changing things — including how companies interact with data protection authorities. 

It's a troubling and weird time to be alive. The headline are dominated by reports of mass death and despair globally, and we're all trapped at home trying to cope with a very new and very difficult reality. In a time like this, it can feel hard to find meaning in the day-to-day work of being a privacy professional. In this fireside-chat style podcast, IAPP Editor Angelique Carson, CIPP/US, talks with three DC-based privacy professionals -- who happen to also be three of her best friends -- about how they're coping and staying focused on their individual missions. 

Telecommunications companies across the world, including in Germany, Brazil and China have granted their governments access to customers' cellphone data in an effort to help track the COVID-19. Other countries are more cautious; the Dutch DPA called for emergency legislation before sharing occurs, and Canadian Prime Minister Justin Trudeau has said a flat no, for now. In this episode of The Privacy Advisor Podcast, Heather Federman, vice president of privacy and policy at BigID, discusses the potential longterm implications of location data agreements and the role privacy officers should play in board room discussions on sharing customer data. 

It's a scary time by any standard. There's news every day about the latest number of those infected by an invisible danger that'll make some sick and kill others and to stay safe we have to stay away from each other in a time when we most need each other for support. And when we're scared, sometimes we make decisions based on fear. In this episode of The Privacy Advisor Podcast, Michelle De Mooy of DeMOOY Consulting and former director of privacy and data at the Center for Democracy and Technology, talks about the data privacy concerns related to private-public entities partnering up to address the health crises COVID-19 has presented. 

If there's anyone we could call an expert on data protection in the EU, it's Christian D'Cunha. Years back, he was charged with leading the review of the EU Data Retention Directive — no easy task — before he moved to a role at the European Data Protection Supervisor's office as a policy assistant under former EDPS Peter Hustinx and then, his successor, the late Giovanni Buttarelli. Now, D'Cunha has taken a role at the European Commission at DG Connect, a segment of the Cybersecurity and Digital Privacy Unit. In this episode of The Privacy Advisor Podcast, D'Cunha discusses what he learned about the art of negotiation during his leadership role on the Directive, the future of ethics in the privacy profession and whether we're ever going to see that ePrivacy Regulation come to fruition.

February 19, the European Commission released its EU data strategy. As the IAPP's Riyan Chiavetta reported, the document outlines the commission’s five-year plan for “policy measures and investments to enable the data economy.” The commission based its strategy on four pillars, one of which is a cross-sectoral governance framework for data access and use. In conjunction with the release data strategy, the commission also published a white paper on AI. In this episode of The Privacy Advisor Podcast, the Future of Privacy Forum's Gabriela Zanfir-Fortuna, who's expertise on moves by the European government is exceptionally informed, discusses the new releases and whether they'll have a meaningful impact or if they're lofty, abstract goals.

In January, the U.K. Information Commissioner's Office released its proposed "Age Appropriate Design Code" aimed at protecting children's privacy online. The code, which will require parliamentary approval, outlines 15 standards online services should follow. It also provides guidance on data protection safeguards aimed at ensuring online services are appropriate for children's use. In this episode of The Privacy Advisor Podcast, Playwell's Linnette Attai talks to host, Angelique Carson, CIPP/US, about what the code means for companies who cater to children, and even more importantly, those who traditionally haven't but may be covered under the new rules. 

It would've been hard to miss the big news this week, news privacy advocates are heralding as a major win: Facebook has agreed to settle for $550 million in a class-action lawsuit alleging the company violated Illinois' biometric privacy law when it used facial recognition software to suggest users "tag" faces in photos they'd uploaded to the site. In this episode of the podcast, Jay Edelson, one of the plaintiff's attorneys who argued the case, talks about why he's "enormously proud" of what is " easily the largest cash privacy settlement in our nation's history" and why this is a good settlement for members of the class.