Serious Privacy

Send us a textIn this episode of Serious Privacy, K Royal is joined by guest co-host Ralph O’Brien, who brings that United Kingdom perspective to data protection. As a well-known and respected privacy professional, Ralph took the opportunity to discuss some of the current hot topics in privacy with K, such as the impact of #Brexit on managing privacy programs in Europe. Join us as we discuss the UK General Data Protection Regulation and how it was adopted and adapted from the EU GDPR and what might change in the approach companies take to appointing a local representative or designating a data protection officer. In addition, they touch on Schrems II, genetic testing, facial recognition, and risk-based privacy controls. It’s a lively discussion where the conversation goes where it may, and Ralph and K learn how much they have in common. And of course, there were references to both Harry Potter and the Avengers in terms of exploring what a new data transfer mechanism between the US and the EU would be called.As always, if you have comments or feedback, please contact us at seriousprivacy@trustarc.com. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textHappy Data Protection Day! Paul Breitbarth and K Royal kick off Season 2 of the Serious Privacy podcast with a special guest, Helen Dixon, Data Protection Commissioner for Ireland. She is probably one of the best known data protection regulators around the world, with her office having the duty to supervise most major tech companies doing business in Europe. That comes with a lot of public scrutiny, and also with some fierce criticism. In this episode, Commissioner Dixon talks about her plans for 2021, which have been publicly disclosed. But of course, we covered some of the major developments in 2020, such as the Court of Justice of the European Union decision on Schrems II back in July, as well as the first financial penalty for a US tech company. The Irish Data Privacy Commission has not been slacking off in the past year, with over 6,000 complaints, more than 7,000 breach reports, and multiple consultations, including input on COVID tracking apps and issuing guidance on CCTV. Join us as we discuss what the workload under the General Data Protection Regulation has meant for personnel needs in her office, as well as addressing why the Irish DPC handles so many cases on US tech companies. In addition, we talked about the issues in international data transfers, including the appointment of Christopher Hoff in the US to lead the negotiations of a replacement for the invalidated EU-US Privacy Shield. We also touched on data ethics, accountability, and how to build a compliant corporate program. It’s all a work in progress.ResourcesIrish Times on the DPC resource constraintsIrish DPC Twitter Decision  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textWe look back to January 2020 - with no crystal ball for Serious Privacy with Paul Breitbarth and K Royal.  With 47 episodes and over 25,000 downloads,  Season 1 of Serious Privacy is complete. Thank you to our fans! Season 2 starts Global Privacy Day 2021. Our initial ideas were a little different, but K and Paul found their rhythm and a following. Join us as we look back, play some of our favorite moments, and look ahead to 2021. Our most popular episodes were What Now Right Now? Assessment of the EU Schrems II Decision with Gabriela Zanfir-Fortuna of the Future of Privacy Forum and Sophie in ’t Veld, which we put together the same day; Wildly Successful: An Unexpected Career in Privacy with Emerald de Leeuw; and Privacy on the Front Lines: A View from LA with Lillian Russell. We had phenomenal speakers from around the world (such as Travis LeBlanc, Profs. Dan Solove and Paul Schwartz, Sophie Kwasny, Fabricio da Mota Alves,  Vivienne Artz, Marie Penot, Annelies Moens) and amazing topics (such as Sharenting, a tribute to Ruth Bader Ginsburg, Schrems II guidance, laws from around the world , social justice,  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn 17 November 2020, the Canadian Minister of Information Science and Economic Development, Navdeep Bains, introduced bill C-11, the long-awaited update to the federal Canadian privacy legislation. For many years, this legislative update had been rumoured, and now that it was finally put on the table, we can see some sweeping changes. The Digital Charter Implementation Act, 2020, which includes the Consumer Privacy Protection Act, "would significantly increase protections to Canadians' personal information by giving Canadians more control and greater transparency when companies handle their personal information", the minister said. This week, we will take a look at what the new Canadian law might bring, how it would impact companies doing business in Canada and what novel approaches might be an inspiration for the rest of the privacy community. Our guests are two Canadian powerhouses: former Privacy Commissioner Jennifer Stoddart (now at Fasken), and nNovation counsel Constantine Karbaliotis. Both share their views on the federal and provincial legislative developments in Canada and look ahead at the potential impact of the new legislation.ResourcesBill C-11: An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make related and consequential amendments to other Acts - linkBig fines included in Canada's newly proposed national privacy bill - link Federal privacy reform in Canada: The Consumer Privacy Protection Act - linkPrivacy watchdog says he will look for amendments to new privacy legislation - linkSocial Media@TrustArc @PodcastPrivacy @HeartofPrivacy @EuroPaulB @ConstantK @FaskenLaw If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textSince the Schrems-II judgment came down on July 16th, the message has slowly sunk in that Europe is serious about looking at privacy and data protection through the glasses of fundamental rights protection. That was even reinforced by the Privacy International and Quadrature du Net cases, published at the start of October. Any interference with the fundamental rights to privacy and data protection, needs to be limited in time, scope and content, according to the courts, as well as necessary and proportionate. But what does it actually mean that privacy and data protection ARE fundamental rights. And is the “universal fundamental rights approach” compatible with a more economic rights approach taken in other jurisdictions?In this episode of Serious Privacy, Paul Breitbarth and K Royal speak to two guests from international organisations working on fundamental rights. Sophie Kwasny is the Head of the Data Protection Unit of the Council of Europe, and as such, one of the key players when it comes to the so-called Convention 108. Michael Donohue is the Data Protection Officer for the Organisation for Economic Cooperation and Development. Join Paul, K, Sophie and Michael as they discuss ongoing international developments in the privacy community. ResourcesCouncil of Europe data protection websiteConvention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data Convention 108+ on the protection of individuals with regard to the processing of personal dataOECD Privacy GuidelinesArticle by Colin Bennett on why Canada should accede to Convention 108+Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @sophiekwasny, @micdonohue @COE_HRightsRLaw @OECD If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textTechnology brings new demands for compliance, especially given the amount of personal data collected through various means and how it is both used and combined. However, technology can also be used to assist compliance professionals by providing the necessary information quickly.  In most of the Serious Privacy  episodes, co-hosts Paul Breibarth and K Royal have discussed one or more specific data protection and privacy related topics. With guest Shub Nandi, the CEO and Founder of PiChain, a company based in Bangalore, India, that primarily focuses on the financial sector, they look at the broader scope of RegTech (regulatory technology) and how it helps to support compliance.PiChain tries to simplify all kinds of business processes, from customer and business onboarding and Know-Your-Customer to e-Contracts. These are all topics that privacy professionals would address, but typically would not have the information available to assess risks accurately or timely. With AI, one can leverage the power of technology to simplify the process, reserving valuable time for decision-making and remediation plans rather than collecting the information.Join us as we discuss the financial market, regulatory challenges, and key technology solutions, such as blockchain. The conversation expands to include the European Union’s General Data Protection Regulation, India’s challenges including its privacy laws, and ethics in data science. Social Media@Podcastprivacy, @heartofprivacy, @euroPaulB, @trustArc If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textLive! (okay recorded with a live studio audience) from our offices at a fabulous virtual conference - the 2020 IEEE International Symposium on Technology and Society, discussing Public Interest Technologies in a four day long global online conference. This is a first for Serious Privacy, recording an episode live as part of the conference presentation. In normal times, this conference would have taken place face-to-face, facilitating lots of participants to debate their papers with their peers in person. The Public Interest Technology University Network, comprising 36 institutes of higher education, is working to address these very issues by “building the nascent field of public interest technology and growing a new generation of civic-minded technologists.” Paul Breitbarth and K Royal host this live session and focus on the papers that are being presented and discussed on a wide range of topics. Arizona State University is one of the founding members of PIT-UN and is K’s alma mater and where she teaches privacy law. Quite a few of these issues addressed in the conference have also been addressed earlier in this first season of the Serious Privacy podcast: from Ethical AI concerns to COVID apps, and from Surveillance Societies to Mentoring the Next Generation of Technology Innovators.  Join us as we discuss data monopolies, start-up tech companies, cultural norms, and more. Their host for the session, Salah Hamdoun also joined the conversation. Salah is a PhD student in Arizona but is from the Netherlands - which makes for a great discussion on the differences between the EU and the US approaches to privacy. It was the first time the Fourth Industrial Revolution has arisen in the episodes, but an old favorite in government surveillance did make an appearance.ResourcesKatina Michael (co-chair of the conference) and Jamie Winterton, speaker, contributor, and author of Creating the Public Interest Technologies of the Future - Learning to Love the “Wicked Problem”Salah Hamdoun's paper: Technology and the Formalization of the Informal Economy  Social Media@Podcastprivacy, @heartofprivacy, @euroPaulB, @trustArc, @ASU, @katinamichael, @IEEESSIT, @j_winterton If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIn just a single week, so much has happened. The California Privacy Rights Act was passed by voters and will come into effect on 1 January 2023, the Court of Justice of the European Union once again confirmed that consent is not valid when relying upon pre-ticked boxes, and the European Data Protection Board issued its Recommendations on international data transfers in the wake of the Schrems-II ruling. In the meantime, Finland is dealing with a major health-related data breach, the Biden transition team was announced, which includes some privacy-minded people, and the U.S. Federal Trade Commission announced a settlement with Zoom including a requirement to implement a full privacy and security program. And that was just the tip of the iceberg before the European Commission issued the draft of new standard contractual clauses.In this episode of Serious Privacy, Paul Breitbarth and K Royal invited Paul Schwartz, a leading international privacy expert with a broad view on law and technology issues. He is the Jefferson E. Peyser Professor of Law and the Director of the Berkeley Center for Law & Technology. Join Paul, K, and Prof. Paul Schwartz as they discuss immediate reactions to the recent privacy events, and put the considerations in context within US privacy law as well as global context.  Nothing is off limits for framing these new developments - US law, state law, enforcements, new administration priorities, European requirements, operationalizing privacy, and even HIPAA. Catch up on news and analysis of these momentous events, via other episodes (such as the one with Gabriela Zanfir-Fortuna), webinars, If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis past week, the European Data Protection Board (EDPB) adopted it’s Recommendations on international data transfers post Schrems-II and the European Commission released the long-awaited draft of new standard contractual clauses. At the same time, the EDPB adopted an updated version of their earlier guidelines on the European Essential Guarantees: criteria that a third country’s (non-European Economic Area country) legislation needs to meet in order to justify an interference with the right to privacy and data protection. In this episode of Serious Privacy, Paul Breitbarth and K Royal bring you an EXTRA episode with Gabriela Zanfir-Fortuna with the Future of Privacy Forum. Although you will hear about these momentous events in a variety of additional TrustArc forums (other Serious Privacy Episodes, blogs, and published advisories), this is worth a special episode tailored specifically to your need to know about these documents. You should note that feedback on the Recommendations are due at the end of November and comments on Standard Contractual Clauses are due December 10, 2020. Less than two weeks later. Join Paul, K, and Gabriella as they share their reactions to the new guidance and SCCs. In particular, Paul and Gabriela were on the former Working Party 29, responsible for issuing guidance. This new guidance is unexpected in some ways. This is what you want to know about what will happen next in the world of international transfers, how to read to new SCCs, and what can be done with supplemental safeguards - or not.Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @gabrielazanfir, @futureofprivacy Instagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textPrivacy and data protection are not just a job for lawyers or professionals who specialize in privacy - not anymore. Technology plays an important role in ensuring personal data can remain private. Ensuring that personal data is secure but useful requires a level of skill found in data scientists.In this episode of Serious Privacy, Paul Breitbarth and K Royal searched for just such a skilled individual,Katharine Jarmul, the Head of Product at Cape Privacy, and a data scientist. Cape Privacy is a New York-based company assisting others with machine learning, data security and adding value to data. Katharine explains what data science actually is, how to keep data private, useful and valuable at the same time, and how to create synthetic data appropriately. Also a big question when it comes to powerful technology revolves around the ethics and the investment of individual technologists in the ethics of privacy.Join us as we discuss these topics and more, such as GPT-3, “this person does not exist,” the work of Cynthia Dwork, and differential privacy vs the generative model. As often happens in an episode, certain topics in privacy are revisited, mainly because they are wicked problems with no identified solution. One such topic Katharine discussed is bias in machine learning and approaches to solving bias once identified. Throughout this episode, we reference quite a few resources that we will provide the links - as always.  ResourcesIAPP article on AI and synthetic data: https://iapp.org/news/a/accelerating-ai-with-synthetic-data/Federated / Collaborative Learning Introduction: https://federated.withgoogle.com/Encrypted Learning with TF-Encrypted (also can be used in a collaborative setting where we are sharing data): https://medium.com/dropoutlabs/encrypted-deep-learning-training-and-predictions-with-tf-encrypted-keras-557193284f44Europe - Ethics guidelines for trustworthy AI https://ec.europa.eu/futurium/en/ai-alliance-consultation Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @kjam, @capeprivacyInstagram @serious If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.