Masters of Privacy

Dragos Tudorache, Member of the European Parliament, discusses foundation models, data protection, and copyright in the EU AI Act. The podcast explores negotiating complexities, open vs. closed model obligations, and implications on developers. It also delves into the interconnectivity of the AI Act and Data Act in European regulation.

Dr. Augustine Fou has nearly three decades of experience in digital marketing, including client-side experience at American Express and agency-side experience at IPG and Omnicom, where he served as Group Chief Digital Officer of eight agencies serving pharma and medical device clients. Dr. Fou also taught digital strategy at Rutgers University's executive education program and NYU's School of Continuing and Professional Studies. With Dr. Fou we will aim to answer the following questions: Does programmatic advertising have to be necessarily bad for privacy? Can we once and for all dismantle the fairy tale of marketing attribution? How about advertising fraud controls? Is it possible that killing third party cookies is not only better for privacy but also better for business outcomes?  References: Dr Augustine Fou’s recent articles Dr. Augustine Fou: How to optimize towards humans and not just away from fraud (LinkedIn) Fou Analytics Sergio Maldonado: “Analytics CEO makes a passionate case against marketing attribution” (Chief Marketing Technologist, Scott Brinker)

Stefan Filipović is a privacy lawyer that began his career at the outset of GDPR enforcement in 2018. Throughout the years, he has built his expertise by working at a law firm focusing on IP and privacy, at a university as a researcher investigating legal challenges in regulating AI-based technology, and as a privacy officer and a counsel for a few Norwegian companies. Today he is a DPO at reMarkable. For several years, he also volunteered at ICANN, and for a period of time, at NIST’s privacy workforce. Beyond his focus on privacy compliance, he maintains a strong passion for information security, computer science, and risk management, as well as corporate governance and finance. References: Stefan Filipović on LinkedIn  Black Box Thinking (Matthew Syed) Privacy is hard and seven other myths (Jaap-Henk Hoepman)  

Nina Müller and Sergio Maldonado discuss a few recent events across the EU, the UK, and the US: Yahoo/Uber ePrivacy fines, Google Chrome (Incognito Mode) settlement, US Congress Social Media hearing, upcoming UOOM/ Global Privacy Control enforcement across various states, and Spain’s AEPD Guidelines to circumvent cookie consent requirements for high-level Digital Analytics.  Please find relevant links and additional updates across all of our usual core sections (ePrivacy and regulatory updates; MarTech and AdTech; AI, competition, and digital markets; PETs and Zero-Party Data; future of media) on the PrivacyCloud website.

Could we re-interpret article 5.3 of the ePrivacy Directive so that the “strictly necessary” (to provide a service) consent exemption gives shelter to the core technical building blocks of advertising solutions making journalism possible? Can we not deal with personal data (should it be involved at all) or behavioral targeting (should it be the case) separately under the GDPR? Peter Craddock helps us answer that question. Our guest is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. Peter is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Maybe no consent needed for advertising under ePrivacy "cookie" rule? (Peter Craddock) EDPB seeks to redefine ePrivacy – Part II: Overbroad notions and regulator activism? IAB Europe Responds to the EDPB Public Consultation on their Draft Guidelines 2/2023 EDPB ePrivacy Guidelines: Comments Highlighting Risks to Businesses with Digital Activities (Keller and Heckman) Romain Robert: Pay or OK in AdTech - How it started and where it’s going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB Guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)  

Can we take Data Clean Rooms to the next level in terms of baked-in privacy? Damien Desfontaines is a Scientist at Tumult Labs, a startup that helps organizations safely share or publish insights from sensitive data, using differential privacy. Before that, he led the anonymization consulting team at Google, and got his PhD in computer science at ETH Zürich. He maintains a blog that teaches you all about differential privacy.  References: Damien Desfontaines on LinkedIn Nicola Newitt: the legal case for Data Clean Rooms (Masters of Privacy) Damien Desfontaines’ blog on Differential Privacy Tumult Labs: Resources and publications on Differential Privacy

Tejas Manohar is the co-founder and co-CEO of Hightouch. Prior to founding Hightouch, Tejas was an early engineer at Segment, a leading Customer Data Platform (CDP) acquired by Twilio.  The following topics have been covered in this interview: Current limitations of Customer Data Platforms (CDP) as a core building block of the marketing data stack The value of composable CDPs and Reverse ETL Privacy compliance challenges of CDPs and customer data integration as a whole Potential overlaps with Data Clean Rooms References: Tejas Manohar on LinkedIn Traditional CDP vs. Composable CDP: What is the difference? Revenge of the silos: How privacy compliance is cutting the customer journey short (Sergio Maldonado)

Molly Martinson is a lawyer at Wyrick Robbins, a Raleigh-based law firm with outstanding privacy compliance credentials. She advises clients on a whole range of applicable privacy frameworks (CCPA, CPRA, FCRA, CAN-SPAM, COPPA, HIPAA), data breaches, laws regulating data brokers, and laws governing website and mobile application privacy policies. She also regularly advises international and U.S.- based clients on the applicability and requirements of the EU General Data Protection Regulation (GDPR).  Molly received her B.A., cum laude from Wake Forest University and her J.D. with honors from UNC Schoolors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy. Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice. References: Molly Martinson on LinkedIn California Consumer Privacy Act Virginia Consumer Data Protection Act Colorado Privacy Act Utah Consumer Privacy Act Summary of the Texas Data Privacy and Security Act (National Law Review) Connecticut Data Privacy Act Florida Privacy Protection Act Montana Consumer Privacy Law Oregon Consumer Privacy Act Global Privacy Control Wyrick Robbins

Romain Robert is member of the litigation chamber of Belgium’s Supervisory Authority. He worked in various Brussels law firms between 2002 and 2011. Between 2007 and 2011, he was also a researcher at the Research Centre in Law and Society at the University of Namur. In 2011, he joined Belgium’s Supervisory Authority as a legal advisor. He worked as legal officer at the Policy and Consultation Unit of the European Data Protection Supervisor (EDPS) as of 2015 and joined the Secretariat of the European Data Protection Board (EDPB) in May 2018. In April 2020, Romain joined NOYB - an NGO conducting strategic litigation to enforce digital rights - where he was Program Director until July 2023. References: Romain Robert on LinkedIn EDPS Opinion on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content Sergio Maldonado, How the Digital Content Directive will break the GDPR NOYB Robert Bateman: Consent or Pay EDPB Guidelines 05/2020 on consent Giovanni Buttarelli (former EDPS), “Privacy 2030: A Vision for Europe” (IAPP)

Renzo Marchini, London-based partner at Fieldfisher's Data and Privacy team, discusses the unintended consequences of the EDPB's Guidelines on storage and access beyond cookies. They explore the history of the privacy directive, the impact on companies beyond cookies, and the challenges of consent management platforms.