Serious Privacy

Send us a textOn this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool review what might seem to be small events in privacy developments, but are really robust once reviewed. They touch on a spotify case in Barcelona, the Spanish Data Protection Commissioner search on hold, and events in Belgium. In addition, on the US side, a DC judge ruled that Mark Zuckerberg could not be added to the Cambridge Analytica case personally.At the same time, the Irish DPC entered the first Article 60 review and issued Facebook a $17M fine.  The DPC is also facing a lawsuit by the Irish Council for Civil Liberties. Meanwhile, the New York police department is facing a lawsuit for its massive DNA database that they have collected over the years. Lastly, the Zoom DPIA by Sjoera Nas (please see the prior podcast with her on DPIA processes). Next week is our 100th episode. Tell us what you'd like to hear and thank you for being our friends!As always, if you like the Serious Privacy podcast, tell everyone -rate and review us in your favorite podcast app. You will find us on LinkedIn and Twitter @podcastprivacy, along with TrustArc, K as @heartofprivacy and Paul as @EuroPaulB.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, Paul Breitbarth and K Royal catch up with the renowned Kirk Nahra, co-chair of both the Big Data Practice and the Cybersecurity and Privacy Practice for WilmerHale.K and Kirk have known each other for years - mostly related to US healthcare law, long before Kirk won the IAPP Vanguard Award in 2021. They discuss the US Health Insurance Portability and Accountabilit  Act of 1996, along with its subsequent amendments, known as HIPAA. But they also discuss information blocking and protecting COVID-19 data in this current global environment, and the reputation of US privacy laws.Join us for a lively discussion of privacy, adult kids, and teaching privacy at US law schools. Kirk also talks about an insightful journal article he always references in his class. As always, if you like us - tell the world! You can find us on Twitter @podcastprivacy @trustarc @europaulb @heartofprivacy.  We're also on LinkedIn. We are coming up to our 100th episode, so let us know if you have any questions you'd like us to address. Register for the TrustArc Webinar How to Prepare Your Business for Privacy Changes in the Middle East & North Africa on March 29 at 9 am PST. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textWe live in strange times that often remind us how important it is to live our lives in freedom and to enjoy our fundamental rights. This week on Serious Privacy, Paul Breitbarth and K Royal talk about the war in Ukraine, but also about a lot of data protection related developments around the world. Topics include the new privacy law that is awaiting the Governor’s signature in Utah, proposed changes to the Budapest Convention on Cybercrime and the response of the European Data Protection Board to it, new guidance on using codes of conduct to transfer personal data out of Europe, getting started in a new data protection role and more. As always, please feel free to share your thoughts with us. Follow us on LinkedIn as Serious Privacy and on Twitter @podcastprivacy @EuroPaulB and @HeartofPrivacy. ResourcesThe Utah Consumer Privacy ActThe Council of Europe Budapest Convention on CybercrimeSecond additional protocol to the Budapest ConventionEDPB response to the Second additional protocolEDPB guidelines on codes of conduct to transfer personal data If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis week on Serious Privacy, Paul Breitbarth and K Royal speak with Sjoera Nas. Sjoera is a long time privacy professional and privacy activist. She became involved with digital rights in the late 1990s and early 2000s, while working for the Dutch internet service provider XS4all, and later for civil rights group Bits of Freedom. But Sjoera is probably best known for her work at the Dutch Data Protection Authority, where she took the lead within the so-called Internet Team, leading investigations into anything that was happening online, from cookies and trackers, to interactive television, search engines, and picking long fights with ICANN on their WhoIs register and telco’s on data retention. Since four years, Sjoera is a consultant for Privacy Company, still based out of the Netherlands, but doing work with global impact. Together with her team, she writes extensive data protection impact assessments on a range of cloud services, like Office365, Google Workspace and Microsoft Sharepoint and OneDrive. Her customer: the Dutch government and higher education system, which surely helps when it comes to negotiating risk mitigation measures. During this episode, we talk at length about conducting technical deep dive DPIAs, that everyone can benefit from, and negotiating risk mitigating measures with Big Tech. But we also cover international transfers (remember those?) and Google Analytics alternatives.As always, please feel free to share your thoughts with us - therewill be a year end show on the best episodes. Get your vote counted! Follow us on LinkedIn as Serious Privacy and on Twitter @podcastprivacy @EuroPaulB and @HeartofPrivacy. ResourcesThe blog posts linked below contain the summaries of each of the DPIAs referred to during the podcast. Via the blog, you will also find the full DPIA document, including annexes, to read. Even though they are lengthy, we highly recommend reading and using them if your company uses any of these products.The Privacy Company blog Blog post about the DPIA for Microsoft Sharepoint, OneDrive and TeamsBlog post about the DPIA for Google WorkspaceBlog post about the DPIA for Office365Blog post about Google Analytics alternatives (in Dutch only)SLM Rijk (the Shared Service Center for the Dutch Government) DPIA Overview  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this week of Serious Privacy brought to you by TrustArc, Paul Breitbarth  and K Royal share some news, discuss current events, and review both recent privacy developments and upcoming guests for the show. Topics covered include decisions involving tech companies, such as Facebook, Google, and Grindr, as well as general information on assessing risks. Join us as we discuss privacy from our perspective in the midst of a war in Europe. Our hearts and prayers go out to those impacted, most especially the people of Ukraine. Please also register for the upcoming TrustArc webinars, the next one on March 8 on COVID-19, Two Years Later – Still A Data Privacy Challenge. Click to register here.  Also, if you are wondering if tracking privacy efforts using spreadsheets is sufficient, check out this blog.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this week of Serious Privacy by TrustArc, K Royal and Paul Breitbarth have a conversation with Anne-Charlotte Recker and Julian Deckers of the Belgian Data Protection Authority. Both work for the DPAs Litigation Chamber, which on 2 February 2022 released their long-awaited decision on the legality of the Transparency and Consent Framework (TCF) developed by the Interactive Advertising Bureau (IAB). The decision will likely have a significant impact on the future of cookie banners. Not only did the Belgian DPA find that the current banners following the TCF model are not transparent enough, they also use legal bases for many data collections that are not possible.Join us as Anne-Charlotte and Julian explain all about the background of the procedure, the decision that was made and what to expect next. They also explain the concept of Real-Time Bidding that is used in online advertising (the PhD Thesis of dr. Rob van Eijk on this topic can be found here). Since our recording, the Dutch DPA has indicated to various media outlets that the use of the IAB TCF in the Netherlands should be ended effective immediately, thus going a step further than the Belgian DPA. Thank you for listening to another episode of Serious Privacy. If you like our series, please do tell your friends and colleagues about us, and rate and review our episodes in your favourite podcast app or on your favourite podcast platform. Should you have any questions or suggestions, please reach out to us via seriousprivacy@trustarc.com or info@seriousprivacy.eu, or via Twitter at @podcastprivacy. You find us on LinkedIn as Serious Privacy. You will find On Twitter, look for @TrustArc, @heartofprivacy, and @EuroPaulB. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this week of Serious Privacy by TrustArc, K Royal and Paul Breitbarth catch up with one of the oldest and most respected names in privacy, Marty Abrams, the Executive Director and Chief Strategist of the Information Accountability Foundation. Marty has 35 years of experience as an information and consumer policy innovator. Multi-stakeholder collaboration has been a key for him in developing practical solutions to dilemmas in information policy. The IAF has among other things prepared reports on Trustworthy People Beneficial Data Activities and on Fair and Ethical Data Processing, as well as drafted model privacy legislation for countries, including the United States, around the world. Join us as we discuss the United Kingdom and their recent activities in law, AI, such as training data for machine learning, and legitimate interest for advertising data. The IAF responded to the call for consultation. Marty also shared his thoughts on whether the GDPR, as it currently stands, can last 20 years. Other topics include cross-border transfers of data, government transparency, and model legislation.Thank you for listening to another episode of Serious Privacy. If you like our series, please do tell your friends and colleagues about us, and rate and review our episodes in your favorite podcast app or on your favourite podcast platform. Should you have any questions or suggestions, please reach out to us via seriousprivacy@trustarc.com or info@seriousprivacy.eu, or via Twitter at @podcastprivacy. You find us on LinkedIn as Serious Privacy. You will find On Twitter, look for @TrustArc, @heartofprivacy, and @EuroPaulB. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn 28 January 1981, the Council of Europe opened up the Convention 108, the world’s first globally binding instrument on the protection of personal data.  Since 2007, the privacy community celebrates International Data Protection Day (Data Privacy Day). For  #SeriousPrivacy, it is our season launch. K Royal and Paul Breitbarth talk about many of the recent developments in data protection and we play a new game: Privia Pursuit. Let us know if you think it has potential. Join them for a broad discussion that involves  TrustArc’s Webinar on India, Saudi Arabia data protection legislation, China’s PIPL, Quebec Bill 64 ( Serious Privacy episode with Constantine Karbaliotis and Jennifer Stoddart), US state laws (please see TrustArc’s paper on US State legislation), and Google analytics (see Dutch DPA’s Google Analytics guidance (in Dutch), Austria DPA’s Google Analytics decision,  EDPS Google Analytics decision,  Guernsey DPA, and Danish DPA). We also touch on the Dutch class action that was thrown out, and the cyber attack on the ICRC.It’s not all work - we also include the Mauritshuis museum in The Hague, Disney’s If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis week on Serious Privacy, Paul Breitbarth and K Royal say goodbye to season 2 of Serious Privacy and look forward to season 3. 2021 might be a year that many of us actually would like to forget but for the privacy community, it was an exciting year and a lot of good things have happened. We have new laws, new guidance, more enforcement and court decisions, and a continuously expanding field of privacy professionals. The podcast continued to grow - this is the 91st episode and well over 50,000 downloads to date - and received wide recognition, including from the master of the privacy podcast directory Jeff Jockisch! A few weeks ago, you already heard predictions from lots of IAPP Brussels visitors for 2022. Today, you’ll hear ours. Will they come true? Do you agree? We had amazing guests on this season and our first season. It is difficult to choose which ones to feature in this episode. Some episodes are chosen by the listeners, so those are easy, but the others - not so easy at all. You will hear select clips from Helen Dixon about international investigations and dealing with criticism, Romain Robert with noyb (about enforcement taking time), tracking and dark patterns, from episode 36 (Jocelyn Paulley, Partner at Gowling WLG in London and Lindsey Schultz, Senior Counsel at Global Privacy for Visa), Eric Cole (cybersecurity and ethical hackers - episode relevant again because of Log4Shell), and Emerald de Leeuw (recommendation for Paul to get started) - along with information on PIPL and SCCs. As always, please feel free to share your thoughts with us - therewill be a year end show on the best episodes. Get your vote counted! Follow us on LinkedIn as Serious Privacy and on Twitter @podcastprivacy @EuroPaulB and @HeartofPrivacy.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis week on Serious Privacy, Paul Breitbarth and K Royal take some time to review recent events or developments in privacy and data protection. With little happening in the U.S. (where is Ohio’s privacy law?), the focus is more on Europe and India. K and Paul discuss the European Data Protection Board’s recent guidance on international transfers, the new decision by the Wiesbaden court (in Hesse, Germany) on cookies and the U.S., and the highest fine to date in the Netherlands. Join K and Paul as they explore what the U.S. Cloud Act has to do with cookies. It’s not really clear, but more information has come with the publishing of the interim order. And lastly, there is news to share on a personal level. Tune in to find out. As always, please feel free to share your thoughts with us - therewill be a year end show on the best episodes. Get your vote counted! Follow us on LinkedIn as Serious Privacy and on Twitter @podcastprivacy @EuroPaulB and @HeartofPrivacy. ResourcesThe German case decision on cookies The white paper on the US Cloud Act  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.