Iapp Privacy Pro Podcast

Remember when the GDPR was about to be signed into law and there was all sorts of chatter that the ePrivacy Regulation would soon be passed as well? That was years ago now. So what's happening within the EU government that we still don't have one. In this episode of The Privacy Advisor Podcast, Gabriela Zanfir-Fortuna, senior privacy counsel at the Future of Privacy Forum, takes us through the latest. She also discusses what went down in the European Court of Justice earlier this month when it heard the Schrems II case and how that might impact both the Privacy Shield and standard contractual clauses as viable methods for global data transfers. 

There's no question that the California Consumer Privacy Act has captured the attention of not only the U.S. but its global counterparts as well. What's perhaps even more concerning to companies aiming to comply with the law before it becomes effective in 2020 is the uncertainty surrounding the seemingly endless number of amendments being considered by California's legislature. How do you prepare to comply with a law that's not fully baked? In this episode, co-author of the CCPA ballot initiative, Mary Stone Ross, discusses how the law might differ, in the end, from its initial aims, and the impact industry's lobbying efforts is having on the end result. 

Recently, The New York Times announced it had hired journalist Kashmir Hill to its Business beat. Hill, most recently of Gizmodo, has long covered privacy in a distinct and unique first-person style, often through experimentation of her own with technology products and services. There was the time she tried to quit using the top five technology companies to see what her life would become, or the time she connected her entire home to the Internet of Things. In this episode of The Privacy Advisor Podcast, Hill talks to host Angelique Carson, CIPP/US, about covering the privacy beat and what she hopes to do with it at her new gig. 

It's been three years since journalist Angelique Carson, CIPP/US, was directed by her boss to start something called a podcast that could help serve the IAPP membership, allowing them in-depth insights from their peers on how to thrive in the privacy profession and detailed looks at some of the industry's most important news. Since then, The Privacy Advisor Podcast has grown by the thousands in downloads and listeners. To celebrate, in this fun-loving, 100th-episode special anniversary edition, Jay Edelson, a plaintiff's attorney and founder of Edelson PC, aims to give listeners some insight to the woman behind the microphone, grilling Carson on how she approaches interviews on the podcast, the massive shift in the privacy landscape since she started reporting in the space, and why she's so darn out-of-the-loop on pop culture. 

In this special edition of The Privacy Advisor Podcast, two of the people completely immersed in EU General Data Protection compliance discuss the last year of their lives. Irish Data Protection Commissioner Helen Dixon describes the last year as "a washing machine stuck on the spin cycle; it’s been an incredible year of change for us as a data protection authority.” And Hogan Lovells’ Eduardo Ustaran calls the year “unprecedented.” The two talk about the ongoing struggles as companies and regulators sort things out, and opine as to whether individuals are genuinely better off as a result of the regulation.

While it's true privacy and data protection laws are undergoing shifts in many parts of the world, this is especially true for Latin America where there is no shortage of legislative action. Brazil approved its general data protection law last year, and it will come into effect in early 2020. Just as the U.S. is seeing with the California Consumer Privacy Act, Brazil's law is now being amended in all kinds of ways ahead of implementation. Amendments to the LGPD, the acronym used for its formal name in Portuguese, will also establish a new national DPA, and those approvals are expected to reach the country's Senate within weeks. In this episode of the podcast, Rosa Maria Franco, the IAPP's managing director for Latin America and based in Mexico, and Dino Santa Rosa of Brazil discuss the legal landscape in both Mexico and Brazil and what that means for the privacy profession in each jurisdiction.

There's been no shortage of press about the California Consumer Privacy Act. Sessions on the topic were among the most attended at the IAPP's Global Privacy Summit in Washington, D.C., last week. But what's difficult is keeping pace with all of the amendments being voted up or down on any given week. In this episode of The Privacy Advisor Podcast, host Angelique Carson, CIPP/US, chats with Frankfurt Kurit's Tanya Forsheit, who's on the front-lines of the issue in both advising clients and testifying at hearings on the CCPA in Sacramento. Forsheit offers tips on how to start compliance efforts given the law is in flux, the status of the AG's attempts to expand the CCPA's private right of action, and what we can read into, if anything, about stalled efforts for a privacy bill in Washington State. 

On May 1, the U.S. Senate Committee on Commerce, Science and Transportation held its third hearing on how to craft a potential federal privacy bill. Witnesses included repesentatives from the American Civil Liberties Union, the Future of Privacy Forum, Common Sense Media and the Irish Office of the Data Protection Commissioner. In this episode of The Privacy Advisor Podcast, host Angelique Carson welcomes back frequent guest Joseph Jerome, of the Center for Democracy and Technology, to discuss the highlights and lowlights of this most recent hearing and whether we're finally pushing proverbial the ball forward on how to do things right in the U.S. 

In this episode of The Privacy Advisor Podcast, New Zealand Privacy Commissioner John Edwards discusses the privacy landscape in New Zealand and ongoing updates to the country's privacy law of 1993. Th regulator is unique in that he does not have fining powers, but he says that's working just fine. Edwards also discusses what he says are necessary reforms to the way social media platforms respond to modern-day terrorist attacks. Specifically, he's frustrated with Facebook's response to the attacks on two of the country's mosques, after the terrorist live-streamed the act and the company took nearly 30 minutes to remove it.

History was made Friday night, April 12, when the largest ever privacy class-action verdict was announced. A federal jury in Oregon decided it would tell health supplement marketer ViSalus to pay $925 million in damages after it was charged by a certified class of 800,000 people with making 2 million illegal robocalls. It’s unusual not only in that it’s the highest amount ever awarded, but also in that privacy class—action cases often don’t ever go to trial. In this episode of The Privacy Advisor Podcast, Jay Edelson, whose firm argued the class-action for the plaintiffs' bar, talks us through the legal victory, the significance of the ruling and what it could mean for the future of privacy litigation in the U.S. 

Eduardo Ustaran is global co-head of the Hogan Lovells Privacy and Cybersecurity practice, and he's widely recognized as one of the world's leading privacy and data protection lawyers. In this episode of the podcast, host Angelique Carson talks to Ustaran about what's happening in the U.K. on Brexit and what that might mean for data protection in the region. He also gives us a download on progress related to the ePrivacy Regulation. With Romania at the helm, fulfilling residency of the Council of the European Union, the ball seems to be inching even closer towards the line. 

On Capitol Hill this week, Congress held two back-to-back hearings on a potential U.S. federal privacy bill. The aim was to gain insights from expert witnesses on what such a bill should contain. At the first hearing, at the House Committee on Energy and Commerce, industry and advocates debated how prescriptive a federal law should be. At the Senate Committee on Commerce, Science, and Transportation on Wednesday, lawmakers asked witnesses whether a U.S. law should model itself on the EU's General Data Protection Regulation, or perhaps California's Consumer Privacy Act. While industry didn't like that idea, witnesses did agree that the CCPA should be the floor upon which a federal law is built.

It's clear at this point that the momentum has shifted in favor of federal privacy bill in the U.S. The question is: What will that bill look like, who will sponsor something both the tech community and advocates can live with, and will it actually happen this year? Joseph Jerome, policy counsel at the Center for Democracy and Technology in Washington, D.C., has been dead center on the federal privacy bill debate for some time now and took a leading role at the CDT in drafting their own bill. In this episode of the podcast, Jerome discusses the difficulties inherent in trying to pass a bill that pleases everybody. Or at least one that all stakeholders can live with. 

In this episode of the podcast, Mike Shapiro,  chief privacy officer of Santa Clara County talks about whether he thinks this is the year for a federal privacy bill, nudged perhaps by the California Consumer Privacy Act of 2018. He also discusses building a privacy program from the ground up for an entire county, one that comprises so many different government entities (hospitals, police departments, social services) and with them so many laws and regulations to comply with. Then there's the tension between, as a public servant, spending your time on compliance efforts and delegating some time to data-use for the public good. 

Six months into his new role as commissioner at the U.S. Federal Trade Commission, Rohit Chopra is still settling into his role, but he knows he has at least two priorities going forward: First, is to bring “more enforcement teeth to everything that we do.” Second, though, follows on from the first: “We have to prove to the public that we’re up to the task. Otherwise that’s a recipe for disaster.” In episode of The Privacy Advisor Podcast, recorded live at Privacy. Security. Risk 2018, Chopra talks to host Angelique Carson, CIPP/US, about his concerns regarding American isolationism and keeping pace with the rest of the world on data protection and digital rights. “We’re increasingly feeling that other countries, particularly Europe, are in the lead," he said.

When Angelique Carson, CIPP/US, started reporting on privacy in 2010, she was digging for enterprise stories that might matter to a nascent field of privacy professionals. Now, there's so much privacy reporting to do that mainstream media have established "privacy beats" and hired reporters to cover them. Here at the IAPP, we're constantly having to prioritize and reprioritize what to report based on a massive influx of news every day of the week. There's so much news, in fact, we've decided it’s time to launch a second podcast to help all of us digest it. So to launch, “The Privacy Reporters" will cover the biggest privacy stories of the week, discussed by the reporters who are covering them. Carson, joined by the IAPP's Sam Pfeifle as co-host, will chat with reporters based globally to discuss not only the big stories but how they're reported. In this episode of The Privacy Advisor Podcast, Carson and Pfeifle offer a sneak-peek. 

A few years back, Zackary Plotkin was grabbing a coffee, as one does. When he went to swipe his credit card, a chief privacy officer who happened to be standing nearby asked him, "Hey, do you know where that data goes?" Thinking about it for a moment, Plotkin realized: No, he didn't. That began Plotkin's early education into privacy and data protection. An manager at Infinity Consulting Solutions, Plotkin decided he wanted to start helping staff companies working in the privacy space. That was before the General Data Protection Regulation come into play. It took a bit, but business has since picked up. In this episode of the podcast, Plotkin talks about what companies are hiring for and offers tips for pros on the market and looking to get their next gig. 

Ask anyone who frequents Defcon, known as a sort of summer camp for hackers, and they'll tell you the attendee roster at the wildly popular white hat event is overwhelmingly male. Rachel Tobac, chair of the board at Women in Security and Privacy, has been going to Defcon to compete in Social Engineering Capture the Flag for the last three years, and winning. She's gained some notoriety for it, including appearing on this podcast twice before. But noticing she was very much in the minority, she decided she didn't just want to go to Defcon this year, she wanted to bring women in privacy and security with her. An effort that initially saw two women winning sponsorships to attend ended in 57 actually boarding a flight to Vegas. In this episode of The Privacy Advisor Podcast, Tobac tells us how it happened and why it matters. 

Woodrow Hartzog is law professor at Northeastern University in Boston, and his research focuses on quote “the complex problems that arise when personal information is collected by powerful new technologies, stored and disclosed online.” In this episode of The Privacy Advisor Podcast, Hartzog discusses discusses the ways that technologies are designed, at the engineering level, to undermine our privacy. Social media companies, for example, which make money on user data via advertisers, "have every incentive to use the power they have with designers to engineer your almost near-constant disclosure of information," Hartzog says, adding our modern privacy frameworks, which emphasize informed consent, are broken models. "We will be worn down by design, our consent is pre-ordained," he says. 

What we know about attorney Jay Edelson to date: He loves beach volleyball so much that he had a court installed at his Chicago law firm so he and his crew could blow off steam. The New York Times refers to him as Silicon Valley's "baby faced boogeyman" for his aggressive court takedowns of tech behemoths. And he's got a very firm grasp on the global privacy and data protection legislative landscape. In this episode of The Privacy Advisor Podcast, Edelson talks about his latest legal pursuits, including a class-action lawsuit against Facebook for alleged violation of biometric privacy law, and another against Kanye West over alleged consumer privacy violations via his music streaming service, Tidal. Edelson also discusses why he thinks the new California Consumer Protection Act is no good.