Serious Privacy

Send us a textOn this week of Serious Privacy, Paul Breitbarth and K Royal connect with Romain Robert, is the program director and a senior lawyer for noyb, actively participating in their research and litigation strategy. Romain is also a member of the litigation chamber of the Belgian Data Protection Authority and previously worked as legal advisor for both the Belgian DPA and European Data Protection Supervisor.  The name Max Schrems should be familiar. And also noyb - an acronym for None Of Your Business - probably sounds familiar. Noyb is the consumer rights group founded by Max Schrems. Based in Vienna, this data protection watchdog likes to put major topics on the plate of the data protection authorities. From forced consent to shady cookie banners, and from advertising in dating apps to international transfers. Learn what noyb is - and what it is not.(They are also hiring…)Join us as we discuss the noyb cookie banner project, membership in this entity, and several key enforcement actions, such as locatemyfamily.com and Rocketreach. We also touch on the class action case from  The Privacy Collective, and the Protonmail case order. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, Paul Breitbarth and K Royal meet up with humanID, a non-profit and open source project, supported by Mozilla and Harvard University. Looking at their website, this is a great example of privacy by design and PET (privacy enhancing technology). Our guests, Bastien Purrer and Namik Muduroglu,  are working on a solution they claim offers “an anonymous, bot-resistant authentication for safer online communities.” Why? So people can engage in open, honest debate on topics of their choice, free from the influence of bots or people with multiple accounts.Driven by the ideals of a free society - one person, one vote - Human ID seeks to put people on equal footing. This also serves to allow people to debate without perhaps impacting their jobs. Human ID is a start-up, so they are new and staffed entirely by volunteers at this point. Their SSO capability verifies and anonymizes users. Listen and then let us know what you think.As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth and K Royal discuss the new China Personal Information Protection Law (PIPL) that was adopted on 20 August. This new omnibus data protection law will enter into force on 1 November 2021, without a transition period to comply. 73 days between adoption and entry into force is a very short deadline for compliance, especially for a wide-ranging and complex law such as the PIPL. Although many details remain unclear for the time being, during this week’s episode, your hosts will try to guide you through the main characteristics of the new Chinese data protection law. TrustArc will soon make further resources, including a white paper, available via a special microsite at TrustArc.com (select Solutions > Solutions by Regulations > PIPL Compliance Solutions). We also welcome any specific questions you may have on the China PIPL for a future episode of Serious Privacy. Please note that K and Paul recorded this a week before publishing, so there are quite a few items that have since been researched and nuanced excellently outside this episode.In the meantime, we can already refer you to the following blogs:China Personal Information Protection Law AdoptedGetting Started with PIPL ComplianceA webinar will be announced shortly. The registration link will become available here: https://trustarc.com/resource_types/webinars/.  As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textGone are the days when you had to line up at a physical store to purchase a set of disks with the latest software. Nowadays, you just go to an online app store and download what you need, or even easier: just subscribe via a website and start using the software in your computer browser: Software as a Service, or SaaS. And that is exactly what Paul and K are talking about today. K will soon be speaking on a panel for the Association of Corporate Counsel 2021 Annual Meeting, together with other in-house counsels like Jennee Devore and Rosemary Kuperberg. The topic is "The Fine Art of Kicking SaaS". Given the scope of this large topic, the speakers will not be able to cover everything during their presentation, but the combination of expertise of this group with their extraordinary hands-on experience seemed a natural fit for the podcast. Certainly, we will not cover the webinar materials per se, but have more of an open conversation about SaaS services, how they've grown, and how they have been impacted by recent events. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal discuss the summer news. From a major GDPR fine (CNIL, WSJ, LQDN), to a tech company planning to monitor smartphones for child pornography (WaPo, IAPP), and from CCPA enforcement in California to cookie consent banner complaints (noyb), it is all discussed during this episode. If you want to stay up-to-date on a daily basis of all the privacy news and its implications for global data protection compliance, why not take a look at TrustArc’s suite of Nymity products dedicated to privacy knowledge? Also referenced in this episode:Our recent webinar on privacy and health dataOur forthcoming webinar on the Brazilian LGPDThe U.S. Supreme Court judgment in TransUnion LLC v. RamirezUse of ANPR cameras for facial recognition (NRC, in Dutch)Vacancy for the position of Executive Director of the California Privacy Protection AgencyThe Mintz Matrix for data breach notification requirements Appointments to the Brazilian CNPD (in Portuguese)Future of Privacy Forum paper on Health DataAs always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis week, #SeriousPrivacy is in summer mode, with a special episode from the borders of Lake Geneva in Switzerland. Paul Breitbarth had the opportunity to speak to Massimo Marelli, Head of the Data Protection Office of the International Committee of the Red Cross and the Red Crescent (ICRC). Massimo is one of the authors of the Handbook on data protection in humanitarian action, and leading the various efforts of the ICRC to meet data protection standards both at headquarters and in the field.K Royal provides a short introduction explaining a little about the definition of "International organization" in Article 4 of the GDPR - "‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries."  As promised here is a list of international organizations.  -In this episode, you will hear about why data protection would matter in a humanitarian crisis situation, how the ICRC is dealing with personal data across the board and what efforts are made to raise awareness for data protection in other humanitarian organisations. Part of the awareness raising effort is the Data Protection Officer (DPO) Humanitarian Action Certification that was recently launched by Maastricht University and is supported by TrustArc. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal meet up with Tash Whitaker, who is an outsourced DPO as a service. Not all organizations have the capability to organise the DPO role in house. Maybe they are too small, or they are just lacking the right people or qualifications to take on the role. For those companies, the outsourced DPO is a great option to consider.  A year after the entry into force of GDPR, the IAPP estimated that already some 500.000 organisations has appointed and registered a data protection officer, and that number has only grown since. And Europe is of course not the only region in the world that knows the mandatory requirement to appoint a DPO. And then we are not even talking about the voluntary appointment of a DPO, in order to ensure that organisations have their data processing operations under control.Join us as we discuss challenges and surprises in an outsourced role of DPO, helpful both for companies who realize they need a DPO but not sure how to obtain one and for those privacy professionals thinking of making the leap off the corporate bridge. And always, the solution for a successful internal or external DPO is the TrustArc Platform - we don't talk about products much in the podcast, so please do contact sales@trustarc.com for information on our solutions - especially Privacy Central!As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal met with Emerald de Leeuw, Global Head of Privacy at Logitech. She has a wealth of experience in the tech markets, being an entrepreneur, and a high-level executive in a global and male-dominated field. In this episode, we want to leverage her experience in coming into a company and what do you focus on first?  Do you do a risk assessment, meet the key players, review the policies, what? Where do you start?Along the way, we also touch on some of the current topics in privacy, cybersecurity, and data protection. Other topics included technology and its advances as well as how COVID has impacted the way the privacy office works. Do we need to be in person? Are we equipeed to work remotely?  What are we missing if we don’t have water cooler conversations?Join us as we discuss this and more: what should new privacy officers do when they start a new job? What is key to your success? And a little about DIY home projects and West Wing.As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of #SeriousPrivacy, Paul Breitbarth and K Royal covered a broad range of privacy developments along with responding to questions from listeners. New developments includ the new Colorado Privacy Act, SB21-190. Signed by Governor Jared Polis on July 7, it is now the third state omnibus privacy law in the US, with Virginia having passed the Consumer Data Protection Act (CDPA) earlier this year and of course, the Calfornia Consumer Privacy Act (CCPA). We have a 4 part series on the Colorado Privacy Act. We also did a podcast on it a little while back.In this episode, we also discussed the anniversary of Schrems II, the ongoing efforts to establish a Privacy Shield replacement, international data transfers, and GDPR validation (TrustArc has you covered on both of the latter two). And during the episode, there are references to guidance on Codes of Conduct that has now come out by the European Data Protection Board (we'll get you more information!) or in relation to US state laws, Ohio just had its privacy bill introduced. Privacy things happen quickly.Join us as we also discuss some basic topics such as business and publicly available personal information (the difference between Europe and US),  interacting with individuals (who are not controllers as noted in EDPB guidance), EU data centers, and UK surveillance. Some of the items were driven by fan questions, so please keep sending them in, such as on the LinkedIn page for Serious Privacy. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a , so please follow for more in-depth discussion. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn 28 June 2021, the European Commission announced it has approved two adequacy decisions for the United Kingdom (UK). With these decisions, one under the General Data Protection Regulations (GDPR) and one under the European law enforcement directive, the Commission confirms the UK offers a level of data protection that is essentially equivalent to that in the European Union (EU). With this hurdle out of the way, personal data can continue to flow freely from the EU to the UK, without the need for additional safeguards or regulator approval. The free flow of data in the other direction, from the UK to the EU, had already been confirmed by the British government at the time the UK ceased being a member of the EU. But will the UK adequacy decisions stand the test of time? Not only do they expire automatically after four years, but the opponents are also sharpening their knives for a challenge in court. And the UK Government seems eager to drop the memory of the GDPR, and to replace the UK GDPR with a more trade and business friendly data protection law. This week, Paul Breitbarth and K Royal discuss the details of the UK adequacy decisions and the future of data protection law in Britain with our own UK expert Ralph O'Brien. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion.Resources:TrustArc Blog on the UK Adequacy DecisionsWebinar on EU International Transfer developmentsTrustArc Microsite on international  data transfers   If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.