Serious Privacy

Send us a textEvery year, in the final week of January, privacy professionals from around the world assemble in the north of Brussels for the Computers, Privacy and Data Protection Conference. In recent years, on the final day, the European Data Protection Law Review awards a young scholar award and hosts a panel to discuss the nominated papers. In this episode of Serious Privacy, Paul Breibarth and K Royal host the second of this year’s three finalists for the EDPL Award. Please join us for a conversation with Taner Kuru, who holds a Bachelor and Master of Laws of Ankara University, in Turkey, and recently completed an advanced LL.M. in Law and Digital Technologies from the Leiden Law School in the Hague. He also just completed an internship at the United Nations Interregional Crime and Justice Research Institute (UNICRI) Centre for Artificial Intelligence and Robotics. (You can catch the first finalist from last week with Isabel Hahn on purpose limitation against big data and common practices.) During this conversation, we discuss how Taner became interested in genetic privacy and then specifically why he researched the concept of group privacy in pertinent data protection laws, such as the European Union’s General Data Protection Regulation and Turkey’s Kişisel Verileri Koruma Kurumu (KVKK). His journey started with CRISPR babies, which led to DNA companies, such as 23andMe and AncestryDNA, and finally into posts on REDDIT and published stories on individuals who have been surprised at some of their DNA results. Given some of the dramatic accounts, Taner became intrigued about whether the privacy of individuals who share DNA is protected. In particular, how do you protect the privacy of groups?Join us to learn more about this topic and his conclusions. We also discuss precision medicine, the Havasupai case, consent, ethics, and dating apps. Fascinating topics to cover in one episode.As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textEvery year, in the final week of January, privacy professionals from around the world assemble in the north of Brussels for the Computers, Privacy and Data Protection Conference. In recent years, on the final day, the European Data Protection Law Review awards a young scholar award and hosts a panel to discuss the nominated papers. In this episode of Serious Privacy, Paul Breibarth and K Royal host the first of this year’s three finalists for the EDPL Award on the podcast. Isabel Hahn holds a Bachelor of Laws degree from the London School of Economics and Political Science, recently completed an internship at NOYB and has just started a new internship with the European Data Protection Supervisor. Her paper focuses on the concept of purpose limitation, and the question whether or not it is still compatible with today’s data economy. Developments in privacy sometimes go so quickly, it is almost impossible to keep up.Join us as we discuss purpose limitation and validating the concept against big data and common practices worldwide on the use of personal information. During this conversation, we cover a recent complaint in Austria against a credit rating agency, Article 5 of the GDPR, and characteristics of what Hahn terms data power companies: omnipresence in digital environment (builds insight into individuals lives), data volume (acquires and controls flow and repurposing), and ability to aggregate data. She believes that these three features combined lead to an asymmetry of value and a level of pervasive interference that is simply inequitable to the average consumer. You will also hear about compatible uses, using legitimate interests to balance the need or desire for new uses of data, and contextual integrity as discussed by Helen Nissenbaum. Lastly, because of course we have to address it with such a promising new professional - what is next in Isabel’s plan - does she intend to continue with privacy as a career? As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textDemonstrating compliance is certainly not always easy, but under many laws, including the GDPR, it is a mandatory requirement. To facilitate the process, codes of conduct and certification schemes are becoming more popular, and it is no wonder they have been included in the GDPR as well. As we are on the verge of seeing the first codes of conduct to demonstrate GDPR compliance approved, Paul Breitbarth and K Royal discuss the EU Cloud Code of Conduct, which TrustArc is proud to support. Join us and learn more about what the EU Cloud Code of Conduct entails, how it is supposed to work and what the benefits are of adhering to such a code. Oh, and don't be surprised for a little April Fools and Easter conversation this week too - the recording was made on 1 April...  As always, if you have comments or questions, please contact us at seriousprivacy@trustarc.com. ResourcesA downloadable version of the EU Cloud Code of ConductDetails on the future Third Country Module, intended for international data transfersWebinar with Paul on the Third Country Module If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis week on Serious Privacy, Paul Breitbarth and K Royal, connect with Wayne Unger, a recent law school graduate, that is already very much embedded in the privacy profession. As a non-traditional student, Wayne was an experienced professional and quickly dove into the academic side of privacy with the intent to combine the scholarship and practical side of privacy. Wayne has authored three law journal articles, two of which are published and one is scheduled - going through a rewrite currently as he will discuss why during the conversation. The two published ones are: Katz and Covid-19 How a Pandemic Changed the Reasonable Expectation of Privacy Expectation of Privacy in the Hastings Science and Technology Law Journal and Reclaiming our Right to Privacy by Holding Tech Companies Accountable in the Richmond Journal of Law and Technology. In addition, Wayne has done a TEDx talk (modified given the circumstances) through TEDxASU program on Reclaiming our Right to Privacy. Join us as we explore what brought Wayne to privacy, interdisciplinary technologies and cross-functional approaches to privacy. We also discuss credit scores, supply chains (along with a possible new venture), and the public’s awareness of privacy increasing - including the veracity of claims to anonymized data given the possibilities of re-identification. Paul added in an article on Estimating the success of re-identification in incomplete datasets using regenerative models. Altogether a fascinating conversation that includes a ship stuck in the Suez canal (which was freed March 26).As always, if you have comments or questions, please contact us at seriousprivacy@trustarc.com.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textDevelopments in privacy sometimes go so quickly, it is almost impossible to keep up. In this episode of Serious Privacy, K Royal and Paul Breitbarth, talk about many of these recent developments in order to bring you up to date again. Join us as we discuss the forthcoming stricter enforcement of cookie rules in France, a German court case prohibiting nudging end users towards accepting a privacy unfriendly option, and yet another set of CCPA Regulations. We welcome the appointments of the very first members of a specific privacy regulator in the U.S. (when will they join the Global Privacy Assembly?) and we talk about a court case in which a private right of action did prove to be possible under HIPAA. You will also hear about the Arizona legislative debate about in-app purchase, possibly forcing Apple and Google to accept more payment methods than they do so far. Alas, the vote did not take place in the end. Finally, we break down some of the highlights of the Virginia Consumer Data Protection Act. As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com.Social MediaTwitter - @podcastprivacy, @trustarc, @EuroPaulB, @heartofprivacy, Instagram - @SeriousPrivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, K Royal and Paul Breitbarth host the new and first Chief Innovation Officer of the Federal Deposit Insurance Corporation (FDIC) in the US, Sultan Meghji. Sultan has a rich history as co-founder of Neocova which specializes in AI software for financial institutions, an adjunct professor at Washington University’s Olin Business School, a scholar of the Carnegie Endowment for International Peace, and an alum of the FBI Phoenix Citizens Academy - where he met K over a decade ago. But as the first Chief Innovation Officer, the initial focus is on - what is his job description?It is clear that Sultan’s expertise flows across a broad span of what Serious Privacy’s listeners are interested in, such as security and privacy by design, technological innovation in the financial services, and how the US fits into the global market.  Given that Sultan is new to the role, he does not yet have any major policy initiatives to announce, but did provide a teaser on some tech innovation which we should see come out in the near future and which fulfills the FDIC’s desire to advance financial technology on a rapid pace of adoption. Join us as we discuss how the financial market has changed in the past few decades with artificial intelligence, cyberevents, and the ripples of the interconnectedness of the market and technology. We also peek into what the next few decades may look like, but the new normal that we are in, it is difficult to predict any certain future. We also discussed ransomware as a service, engineering resilience, and advantages of liberal democracies. Sultan did emphasize that he wants to hear from the public on ideas for or problems with financial services and technology and he can be reached at innovation@fdic.gov. As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, K Royal and Paul Breitbarth connect with Steven (Seven) Waterhouse, PhD, CEO and founder of Orchid, a crypto powered VPN. Given his expertise and how it is harnessed for Orchid, we felt Seven would have quite a bit of technical insight into technologies commonly discussed in conjunction with data protection. He did not disappoint. In this episode, Seven provides insight into the technical side of privacy and the foundations that underpin most concerns - the internet. But in addition, we discuss virtual private networks for consumers and enterprise -  from the perspective of blockchain and crypto. The explanations are easy to digest for those who are not technical minded, but the conversation rises to the level that a technologist can appreciate the discussion. It is well-balanced. Join us as we discuss in app purchases, a bill in Arizona on in-app purchases, ISP, and encryption. There is an “Easter egg” in there referencing back to one (or several) of our prior episodes. We also discuss reporters and safety in third world countries related to their communications, the matrix, bunnies, and privacy-focused technology. In addition, Orchid is offering a summit March 23-24 that is free (plus, TrustArc is doing a summit this week, also free). As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, K Royal and Paul Breitbarth connect with Shoshana Rosenberg, Deputy General Counsel for Privacy, Cybersecurity and Data Strategy, as well as CPO and Vice President at WSP USA. However, our conversation is more around the focus of SafePorter, a data trust providing valuable business insights, while respecting the privacy of employees. In essence, the topic is how to address diversity, inclusion, and equity efforts and goals without compromising employee sensitive data. For example, companies should consider inclusivity in their hiring opportunities and internally within development operations, but there is a challenge in understanding progress without having to collect and understand the diversity among applicants and employees. Certainly, this topic touched on social justice issues that the podcast has discussed before, but this time, the conversation centers more on how companies can achieve their goals and before that, why they should have these goals.Shoshana talked about developing Inclusion by Design and holding vendors accountable for inclusivity in their processes. Not an easy effort to manage, but yet with the right focus and goals, achievable. This expands pain points into opportunities to improve and engage corporate social responsibility.  Join us as we discuss IbD in DevOps and being privacy centric, all while managing sensitive information of employees. We also touch on K-anonymity, the UK diversity and inclusion impact assessment, and potential non-profit or volunteer opportunities for privacy professionals.As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com.Social MediaTwitter@privacypodcast, @trustarc, @EuroPaulB, @heartofprivacyInstagram@SeriousPrivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, K Royal and Paul Breitbarth provide an update on recent happenings in both Europe and the US, some of which are surprising and the other makes no waves across the ocean.First, an unexpected agreement on the ePrivacy Regulation by the EU Members States. This does not mean that the regulation is passed - on the contrary, the Parliament and the European Commission are nearly at polar opposites. They will now enter what is called the “trialogue” where the various parties have to reach an agreement. The ePrivacy Regulation has been in discussion for years with the original intent to enter into effect alongside the EU General Data Protection Regulation (GDPR), but alas, such did not happen. Meanwhile, there is not a draft adequacy decision for the United Kingdom - there are two. In a never-before-seen event, the EU Commission issued two draft decisions - one for the GDPR and one for the  law enforcement directive. The European Data Protection Board will now issue an opinion, which is not binding. However, the interim agreement for trade between the EU and UK will expire June 30, 2021 and cannot be extended. So a decision must be made. On the other side of the ocean, the US is seeing some movement in the Health Insurance Portability and Accountability Act (HIPAA), which does not happen often. Current proposed revisions include proposed enhancements to patient rights, but two other recent happenings include 1) a law passed (HR7898) to provide a cybersecurity safe harbor if a practice has implemented cybersecurity practices and 2) a recent safe harbor for cybersecurity tech donations. Further, they briefly reviewed enforcement waivers due to COVID 19 that have been issued by the Department of Health and Human Services. As always, if you have com If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn this episode of Serious Privacy, K Royal is joined by guest co-host Ralph O’Brien to speak about what one privacy professional did with his free time over the pandemic. Most of us may have started a new hobby - so did Jeff Jockisch, founder and CEO of PrivacyPlan. First, he achieved his Certified Information Privacy Professional for US privacy law from the International Association of Privacy Professionals.His studying process took him to books such as Peter Swire’s, and privacy podcasts. But he did not stop there. He created a database of podcasts on privacy and he publishes his database, including weekly favorites for specific episodes, on LinkedIn. Many of us have found this to be insightful and helpful, but we were curious how he started in this and why. So we asked Jeff to come onto the show and discovered there is much more to his analytics than podcasts.Join us as we also discuss data brokers in detail, including how many he has documented (take a guess) and how he gathers his information. We also discuss biometric identifiers, de-identified information, data localization, and consent. Whether you are a privacy professional or someone who wants to learn about how companies manage your information, this is great information to know.As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.