Serious Privacy

Send us a textElection day in the United States is quite the dramatic event in 2020. We may soon know who will be the President of the United States in the coming years, what the new U.S. Congress will look like, if there might be a chance of federal privacy legislation and an EU-U.S. adequacy deal passing in the coming years,  and if California Proposition 24 (the California Privacy Rights Act or “CPRA”) has made the grade. But the election process itself carries privacy implications and of course, there are other privacy developments in the world.In this week’s episode, Paul Breitbarth and K Royal address political campaigns, the CPRA, China’s new draft data protection law and more. In particular, they highlight the difference between the US and the EU when it comes to determining whether political ideations and opinions are sensitive data. In the US, voter registration polls are quite often public - which offers opportunity for potential election machinations. This year, we have seen non-official ballot boxes, controversy over mail-in ballots with external facing signatures and phone numbers, a high volume of political text messaging, and more.  However, there have been other privacy news lately, such as the proposed law in China. Join us as we discuss these hot topics in privacy in this episode of Serious Privacy along with honor in voting, a la West Wing’s Donna Moss and Jack Reese. Given the impact of the election results, TrustArc is presenting a post-election webinar to address the privacy outcomes in more detail.ResourcesPolitical Campaign Data Targeting (Washington Post) China’s Draft Data Protection Law (IAPP) China’s Draft Data Protection Law (Nymity Research & Alerts -for subscribers)Facebook memo from Andrew Bosworth, executive at Facebook About bots and misinformation  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textTechnology around the world changes quickly - fast and furiously. Unique companies solving problems we did not realize we had are hitting the market. For example, the development of always connected mobile devices has fundamentally changed the global banking system. Where before in many parts of the world people were devoid of having a bank account, nowadays a smartphone gives them access to financial services wherever they are with mobile payments, cryptocurrencies, and  fully virtual banks. In this episode of Serious Privacy, Paul Breitbarth and K Royal host the DPO for Klarna, Europe’s biggest fintech unicorn, valued at over $10 billion, Filip Johnssén. Filip is a seasoned DPO, who prior to Klarna worked for Säpo, the Swedish Security Service, as well as Sandvik, a high tech and engineering company. Given his experience, it is no wonder the topics vary widely.Join us as Filip shares his experience working for a startup tech company, which takes an unusual approach to the modern market experience. In addition, we discussed challenges of financial tech crossing international boundaries, personal interests, and authoring several successful books. We also delved into consumer rights and how to manage those across myriad laws. He is currently working on a practical manual for DPOs (link below). In addition, Filip co-hosts his own privacy podcast Dataministeriet, together with Anders Bäckström.  Also check out Klarna's video privacy notice, which takes transparency to a whole new level.  Lastly, we have a challenge for our listeners of a prior video notice in EU that Filip has been searching for - maybe one of you are familiar with it.ResourcesKlarna links https://www.klarna.com/se/dataskydd/ Privacy Notice: https://www.klarna.com/uk/privacy-notice/Unexpected Newsletter: https://www.klarna.com/uk/blog/klarna-comment-unexpected-newsletter/ Forthcoming book: https://shop.bcs.org/store/221/detail/workgroup?id=3-221-9781780174365 Payment services directive 2 - EU law for fintech: https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @klarnaInstagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textPutting the evils back in Pandora’s box just doesn’t seem possible - much like reclaiming privacy in today’s datacentric world. This week, Paul Breitbarth and K Royal hosted Rob Shavell, CEO and founder of Abine (rhymes with hey mine) to discuss consumer privacy controls related to online privacy. Just over a decade ago, the World Wide Web consortium (W3C) started the development of a Do Not Track (DNT) standard, that would limit the way in which people could be tracked between websites. In 2018, the project stopped, because it simply did not gain traction. Now, DNT is back in the form of Global Privacy Control (GPC): a new technical standard to help companies meet the CCPA Do Not Sell requirement and similar requirements around the world. GPC is supported by quite a few companies, such as Mozilla, Brave, the Electronic Frontier Foundation, and the NY Times. Join us as we speak on a variety of topics from the complexities of managing privacy online to the consequences that may arise through enforcement. Rob touches on concepts such as ferociously imperfect laws and controls as well as informed consequential debate. Through these open conversations with privacy professionals and activists, the discussion is unfettered and thus, brings up many elements, such as meetings in Brussels, AI, and being zealous about privacy.ResourcesThe newly announced Global Privacy Control standard. Abine is an early collaborator on the standard, which is like a next-generation "Do Not Track" Rob’s Op-Ed for Help Net Security discussing the CPRA and why it may be more employer-friendly (re: employee data regulation) than widely reported.Privacy as an Employee Benefit - why more companies are investing in employee privacy as a value-add benefit, plus how investing in a culture of privacy can reduce cybersecurity risk.FD (€): https://fd.nl/ondernemen/1359994/een-muisklik-en-alle-cookies-staan-voor-altijd-uit Global Privacy Control on Github: https://globalprivacycontrol.github.io/gpc-spec/  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textEvents happen occasionally that reinforce each other in such a way that the sum of things is worse than you could ever have imagined: a perfect storm. You may very well say that 2020 is a perfect storm in itself. And who knows what November and December may bring. This week, Paul Breitbarth and K Royal invited Stuart N. Brotman, author of Privacy's Perfect Storm: Digital Policy for Post-Pandemic Times.Brotman took the notion of the perfect storm as the basis for a book about privacy, data protection, the digital economy and the fight against COVID-19. The book contains a series of reflections on a wide range of issues, outlining the authors’ views and ideas on the way forward.  He just completed a term as a Fellow in the Science and Technology Innovation Program at the Woodrow Wilson International Center for Scholars in Washington D.C. The essays in his book sparked quite the conversation.Join us as we speak on a variety of topics - one of which immediately stood out: Why Discussing Digital Privacy Now Belongs at the Kitchen Table (on page 19), given Paul and K’s ideal for the Serious Privacy podcast to be those casual conversations one would have at Paul’s kitchen table, or K’s back porch.  But in addition, some essays grabbed attention to discuss, such as the one on digital trust being essential for data privacy protection and the one on millennials teaching grandparents about internet safety. We discussed so many topics - from public-private data sharing to password management. ResourcesPC Mag - Best Password Managers for 2020 https://www.pcmag.com/picks/the-best-password-managers The guy who invented rules for changing passwords apologizes https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118  and / or https://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711 Social Media Twitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @stuartnbrotmanInstagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textWicked problems are those without simple answers. They are thorny, complex, multi-faceted issues. This episode of Serious Privacy by Paul Breitbarth and K Royal was pre-billed on social media as “talking anarchy” and “Serious Privacy-ing.”  In this episode, guests include Uber CPO and frustrated comedian Ruby Zefo, Godmother of Privacy Engineering Michelle Dennedy, and TrustArc’s General Counsel Hilary Wandall.  Given the breadth and depth of the experience combined across this guest list, the topics were broad-ranging and far-reaching. Join us as we delve into wicked problems and solutions addressing women in privacy, ethics, global privacy standards, social justice, and privacy engineering. In particular, we discuss our guests’ experiences in navigating these topics and how our guests themselves may have been on the front lines. In at least one area, our guest was the developer of what has now grown into a field within privacy in general. Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc,Instagram @seriousprivacy, @rubyzefo, @mdennedy, @hilarydatalawTagsSerious privacy, trustarc, privacy, GDPR, CCPA, data protection law, privacy engineering, social justice, smart devices, IoT, ethics, women in privacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textIf 2020 was not bad enough already, we lost Ruth Bader Ginsburg on September 18, 2020. She was admired by many lawyers and legal scholars, not just in the United States - she was a legal giant, and a great advocate for equality for all. Paul Breitbarth and K Royal discuss the impact Justice Ginsburg had on the legal field and how she inspired respect and devotion.  Our homage goes beyond her legal decisions to remember her as the icon she was, and always will be.In addition, Paul and K touch on a few topics in privacy law, such as whether the US really will pass a federal privacy law and reconsideration of the actions taken towards Facebook in Ireland  Also, in the US, there is perhaps an overlooked part of US privacy, a final rule published by the Office of the National Coordinator which implements a portion of the 21st Century Cares Act, on Information Blocking - a rule that has quite a bit in common with the EU’s General Data Protection Regulation.Join us as we pay our respects to the late Ruth Bader Ginsburg, the second woman ever appointed to the US Supreme Court and one who blazed trails for equality in the US, followed by some frank conversation on some current privacy topics.ResourcesJustice Ruth Bader Ginsburg - picture of her clerksU.S. Federal Privacy Law Hearing 23 September: Revisiting the need for federal data privacy legislationJulie Brill, Maureen Ohlhausen, Jon Leibowitz, William Kovacic (all former FTC) and Xavier Becerra (CA A-G) Quotes from The Register:Julie Brill argued that not only will a company want to have the option to trade with Europe at some point, but that a stronger and clearer data privacy law across the US would be beneficial: it would enable companies to “engage more respectfully and increase trust in those companies.” It would increase competitiveness.Agreement that a patchwork of state laws needs to be avoided. Becerra: “Give us a playbook. But don't preempt smart, nimble privacy protections that let states meet the varying challenges coming at us.”WSJ Article: Irish DPC Schrems-II enforcement follow u If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a text2020 is the gift that keeps on giving. In this episode, Paul Breitbarth and K Royal revisit some of the issues discussed on previous episodes, but with a guest who has a unique global perspective. Our guest today is an American in Brussels. He is the Deputy Chief Privacy Officer of the US-based pharmaceutical company Merck. Chris Foreman has practiced law in London, Washington DC, Istanbul, New York and Moscow, and is currently based in Brussels. Merck, or MSD as it is often known, has been an active player in the international corporate privacy community, and a big advocate for interoperability and company-wide compliance programs. They are one of the few companies that has both EU Binding Corporate Rules and APEC Cross-Border Privacy Rules, trying to ensure the best possible safeguards for international data transfers. There is even a published cross-walk between the two.Join us as we talk with Chris about his views on international data transfers. As expected, we will discuss the Schrems-II decision and its impact on data transfers, but we touch on many other topics as well that are integral to a global privacy program. These include the California Consumer Privacy Act (CCPA) and the ballot initiative, the California Privacy Rights Act (CPRA, Proposition 24), South Korea, Brazil (LGPD), clinical trials, and other twists to privacy law that we are starting to see.  ResourcesJD Robb https://jdrobb.com/ TrustArc Privacy Sheild Resources https://trustarc.com/trustarcs-privacy-shield-schrems-resource/ Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, Instagram @seriousprivacy If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textThis past week in privacy law saw several unexpected developments. When this podcast started back in January, the intention was to record a series of conversations between K Royal and Paul Breitbarth with an occasional guest or recorded conference panel discussion. They would discuss what had happened in a week, place privacy and data protection developments around the world in context and provide insights based on their experience… And then COVID-19 happened, the podcast quickly became popular and guests became ubiquitous. On this episode, Paul and K return to their roots of covering privacy news and developments, because so much happened this past week or so. We’re in the middle of a privacy zone, with laws being lobbed all round us, guidance coming at us from all directions, and opinions shooting left and right - it’s like privacy officers need hazard pay. So much has happened in recent days, that we decided to just have the one-on-one conversation this week. You will hear about new European Data Protection Board (EDPB) guidance, next steps in the Schrems case and the fall-out from the Privacy Shield annulment, as well as on the latest actions from Brazil. Join us to catch up on the latest developments and to put them in context of current events.ResourcesRegister for TrustArc’s webinar on LGPD https://info.trustarc.com/WB-2020-09-16-LGPD_RegPage.html Wall Street Journal Article on DPC Ireland v. Facebookhttps://www.wsj.com/articles/ireland-to-order-facebook-to-stop-sending-user-data-to-u-s-11599671980Facebook Response to the DPC Ireland preliminary orderhttps://about.fb.com/news/2020/09/securing-the-long-term-stability-of-cross-border-data-flows/ NOYB Response to the DPC Ireland preliminary orderhttps://noyb.eu/en/dpc-actually-stopping-facebooks-eu-us-data-transfers-maybe-half-way EDPB Draft Guidelines on Controller/Processor https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-072020-concepts-controller-and-processor_en EDPB Draft Guidelines on Targeting Social Media Users https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-082020-targeting-social-media-users_en Brazil LGPD Legislative Tracker If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textPrivacy professionals as cosplayers - maintaining a sense of identity away from the hectic life of a privacy professional or managing stress in a healthy direction?  In this episode of Serious Privacy, we move away a little from data protection and over to the broader right of privacy. The right to be left alone, or the right to ensure you can be whoever you want to be, without your choices coming back to haunt you for the rest of your life. Join Paul Breitbarth and K Royal as they talk about cosplay and the various underlying elements with two guests, Ralph O’Brien and Marie Penot - two European privacy professionals with their own love of cosplay. They discuss such topics as managing stress and staying true to oneself, which should always be a career consideration, but also making personal connections, pitching job proposals, and livening up training sessions. Resourceshttps://www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con https://www.shrm.org/hr-today/news/hr-news/pages/what-are-the-signs-of-burnout-and-how-can-supervisors-help-employees.aspx Social MediaTwitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, @penot_marie, @IGrobrienInstagram @seriousprivacyTagsSerious privacy, trustarc, privacy, cosplay, comicon, maleficent, 501st, star wars, disney, privacy professionals, stress management If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textPrivacy is the hottest new job market for attorneys and non-attorneys. Even more so when you consider the full range of data protection jobs. A few weeks ago, we spoke to Jared Coseglia with TRU STaffing about recruiting for functions in privacy. In this episode we look at the other side. What is it like for someone to get started in privacy, not by sheer coincidence like K Royal and Paul Breitbarth did many years ago, but by deliberate choice? Where do you get this crazy idea that a privacy career might be fun, what steps do you take and what is it like to start in privacy and data protection in 2020?Our guest, Tom Besore, is an experienced Chicago-based lawyer, who identifies as Irish and American. In his own words, he has a long history in computers, electronics, radio and technology. In 2020, he shifted his primary interest to privacy and started executing on achieving that dream.Join us as we discuss why one would turn to privacy from a different career-focus and how to do so. We touched on the recent CISCO report: From Privacy to Profit: Achieving Positive Returns on Privacy Investments, the Age of Surveillance Capitalism by Shoshana Zuboff, the Marriott case in the UK, the Cambridge Analytica scandal , the first class action lawsuit in the Netherlands, and so many other notable privacy topics, including Intrusion by Design. As Tom says - success in this field takes passions, laser-focus, and the drive to niche opportunities.ResourcesFor the home cooks: a recipe for "bitterballen" (bitterballs)Privacy. So. Hot. Right. Now. by K Royal, Association of Corporate Counsel, DocketHow to get started in Privacy Engineering by IAPP If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.