POPULARITY
We take a deep dive into the Mid-Barataria Sediment Diversion in the 9 o'clock. We'll have Gordon Dove, the chairman of the CPRA, and Simone Maloz with Restore the Mississippi River Delta on together and try to sort things out.
Next in Media spoke with Tim Vanderhook and Chris Vanderhook, co-Founders of Viant Technologies. The CEO and COO of the ad tech firm talked about their Trade Desk rivalry, whether a Google breakup will be good for their business and the open web, and why CTV offers a chance for fewer monopolies.
Welcome back to the Identity Theft Resource Center's Weekly Breach Breakdown – supported by Sentilink. I'm James Lee, the ITRC's President and this is the episode for April 4th, 2025. It will soon be seven years since California's landmark Consumer Privacy Act or CCPA was signed into law. Since that time, 19 other states have adopted their own versions of the CCPA and it's companion Privacy Rights Act – known by it's own set of letters, the CPRA. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on X: twitter.com/IDTheftCenter
This Week in Machine Learning & Artificial Intelligence (AI) Podcast
Today, we're joined by Patricia Thaine, co-founder and CEO of Private AI to discuss techniques for ensuring privacy, data minimization, and compliance when using 3rd-party large language models (LLMs) and other AI services. We explore the risks of data leakage from LLMs and embeddings, the complexities of identifying and redacting personal information across various data flows, and the approach Private AI has taken to mitigate these risks. We also dig into the challenges of entity recognition in multimodal systems including OCR files, documents, images, and audio, and the importance of data quality and model accuracy. Additionally, Patricia shares insights on the limitations of data anonymization, the benefits of balancing real-world and synthetic data in model training and development, and the relationship between privacy and bias in AI. Finally, we touch on the evolving landscape of AI regulations like GDPR, CPRA, and the EU AI Act, and the future of privacy in artificial intelligence. The complete show notes for this episode can be found at https://twimlai.com/go/716.
The CPRA laid out a $1.8 billion plan for coastal restoration. We talk with Simone Maloz with Restore the Mississippi River Delta about it.
* The CPRA laid out a $1.8 billion plan for coastal restoration. We talk with Simone Maloz with Restore the Mississippi River Delta about it. * What was it like trying to re-open a restaurant after the snow storm? * The company that makes the Archer barriers presented New Orleans with a plan they say would help secure Mardi Gras and different landmarks around the city.
Register here for AWS re:Invent 2024, Dec 2-6, Las Vegas, NV-------Harold Rivas – Chief Information Security Officer at Trellix, discusses the role of generative AI in cybersecurity, focusing on Trellix's adoption of AI for threat detection and model governance, while emphasizing the importance of privacy, responsible innovation, and cross-functional collaboration.Topics Include:Introduction to generative AI and its impact on cybersecurityHarold's background in financial services and cybersecurity rolesTrellix's focus on product feedback through the Customer Zero ProgramOverview of machine learning's role in anomaly detection at TrellixDevelopment of guided investigations to assist security operations teamsGenerative AI's growing importance in cybersecurity at TrellixLaunch of Trellix WISE at the RSA Conference in 2024Addressing the overload of security alerts with AI modelsIntegration of various AI models like Mistral and AnthropicReducing anomalies and workload for security operations teamsImportance of privacy in generative AI adoption and data governanceChallenges with GDPR and CPRA regulations in AI implementationFocus on privacy frameworks like the NIST Privacy FrameworkNeed for multi-stakeholder involvement in AI governanceDiscussion on model governance inspired by financial services practicesImportance of inventorying and testing AI models for securityBenefits of an AI Center of Excellence (AICOE) within organizationsModel governance in generative AI for regulatory and business outcomesThe impact of AI on labor, jobs, and decision-making processesAddressing cyber risk and threat modeling in AI environmentsThe double-edged sword of AI in offensive and defensive cybersecurityMITRE Atlas framework's role in AI-driven cybersecurity strategiesPotential negative consequences. Auto dealership hacked – Chevy Tahoe sold for $1Importance of vulnerability management and developer trainingEvolution of AI security tools and responsible use of generative AICollaboration, governance, and agility in AI adoption across organizationsQ&A 1: Outcomes and responsibilities an generative AI COE should have?Q&A 2: Model governance and financial implicationsQ&A 3: CISO response to model development, compliance and learning with customer dataQ&A 4: Thoughts and suggestions for rating systems for modelsQ&A 5: Selecting and evaluating modelsQ&A 6: Advice and experience for model deployment and technical controlsQ&A 7: Human reviewing AI responses to ensure accuracyQ&A 8: Will AI help avoid major outages in the future?Q&A 9: How to test and see maturity of models?Session wrap upParticipants:· Harold Rivas – CISO at TrellixSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/
The IAPP's annual “Privacy. Security. Risk.” event took place in Los Angeles last week. Both Celine Takatsuno and Sergio Maldonado attended, took some notes, and now share their experiences and takeaways. References: Sergio Maldonado (Medium): PSR 2024 Takeaway (DPAs, Vendor Audits, MHMD Act) Mike Hintze: Blog post series on Washington State's My Health My Data Act IAPP: Agenda and speakers at PSR 2024.
Host Doug Simcox takes us to the heart of Quebec rodeo, broadcasting from the Western Festival de Saint-Tite recording studio. Doug sits down with rodeo cowboy legend Roger Lacasse, who shares his incredible journey from growing up in Quebec and discovering his passion for horses, to moving to Western Canada to kickstart his professional rodeo career. Roger's impressive achievements include winning two CPRA World Championships, the prestigious Calgary Stampede's $50,000 prize, and the Cheyenne Frontier Days. A 7-time qualifier to the International Finals Rodeo (IFR), Roger also claimed the IFR average title three times. Hear his inspiring story of nerve, perseverance, and grit, along with the countless victories that earned him a spot in the Canadian Professional Rodeo Association Hall of Fame. From riding bareback horses to winning championships, Roger has truly seen it all. Don't miss out on this engaging conversation packed with wisdom, humor, and unforgettable rodeo moments.https://cowboycountrymagazine.com/2012/03/quebec-cowboy-joining-rodeo-hall-of-fame/https://www.canadianprorodeohalloffame.org/2012https://wranglernetwork.com/newsarc/happy-father-happy-son/Western Festival de St Tite:https://www.facebook.com/profile.php?id=100093822821241https://www.festivalwestern.com/https://www.facebook.com/wildtimerodeo/https://www.facebook.com/rawhiderodeo/Here are some resources for Beyond the Chutes:https://www.facebook.com/profile.php?id=100093822821241https://beyondthechutes.show/Spotify: https://shorturl.at/bvK35Apple Podcasts: https://shorturl.at/jnGV4Amazon Music: https://tinyurl.com/24n3hmk4YouTube: https://tinyurl.com/bdcju8nzRSS: https://rss.com/podcasts/beyondthechutes/ParaSight SystemsCoupon: BTC023 for 50% off Mail In Test Kitshttps://www.parasightsystem.com/#rodeo #cowboy #cowboyboots #cowgirl #cowgirlstyle #westernstyle #westernfashion #horse #horseriding #bullriding #podcast #podcaster #podcastersofinstagram #rodeopodcast #rodeohouston #rodeofashion #prorodeo #sttite #fwst #dance #fwst2023 #fwst2024 #rodeohorse #rodeoroad #rodeocharm #rodeoclown #yellowstone #ipra #prca #pbr #pbrbrasil #historychannel #history #historybuff #historylovers
Amy Worley is Managing Director at BRG, a global leader in data protection, information security, and AI governance. A licensed attorney, certified privacy professional, and certified information systems security professional, Amy formerly served as the Chief Privacy Officer for a billion-dollar pharmaceutical and medical device company and now serves as a fractional Data Protection Officer for several multinational companies. Amy's consulting practice is focused on helping clients implement sustainable programs that result in meaningful compliance with state, national, and regional laws and build corporate trust. She is passionate about the intersection of data, people, and power. References: Amy Worley on LinkedIn BRG: Privacy and Data Protection services Draft: American Privacy Rights Act 2024 Dragos Tudorache: Dealing with foundation models, data protection, and copyright in the EU AI Act (Masters of Privacy) EDPB Guidelines 8/2020 on the targeting of social media users
“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott SchlimmerIn this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity. Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles. In this episode, you'll learn:How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government. Things to listen for:[00:47 - 01:27] The relationship between compliance frameworks and certification programs[01:27 - 02:54] The difference between regulated and non-regulated industries[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance[14:38 - 17:20] Jara's receiptsResources:Cracking the Code: Understanding Cybersecurity Compliance FrameworksWhat is the NIST Framework?Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryConnect with the Guest:Scott Schlimmer's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity
Join us for insights into the crucial aspects shaping the future of privacy. We'll delve into the significance of diversity in the privacy sphere, with women at the forefront of leadership roles. Discover why mentorship is indispensable for those embarking on privacy careers. Explore the delicate balance between profit and privacy, as companies often prioritize the former, jeopardizing user trust. Learn about the anticipated impact of CPRA enforcement on data management and privacy practices. Finally, we'll discuss the imperative of addressing biases in AI development to ensure the fairness of algorithms. Don't miss these essential discussions that are shaping the landscape of privacy. Support the show
In this episode of GovTech Today, hosts Russell Lowery and Jennifer Saha delve into the complex topic of privacy and regulatory frameworks in California. They discuss European regulations influencing California legislation, such as the General Data Protection Regulation (GDPR), and discuss local laws such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). The hosts evaluate the roles of the CCPA and CPRA, especially pertaining to consumer rights, data brokers, and the wider implications for businesses and internet companies. They also outline the role of the California Privacy Protection Agency (CPPA) in enforcing these laws. The discussion concludes with reflections on the rapid pace of tech innovations like AI, the importance of understanding and managing these technologies' impact, and the necessity for businesses and individuals to keep abreast of regulatory changes.00:05 Introduction to the Episode00:26 Understanding Privacy Laws in California00:52 Exploring the California Consumer Privacy Act03:06 The Impact of CCPA on Data Brokers03:34 Introduction to the California Privacy Rights Act03:46 Understanding the Role of the California Privacy Protection Agency04:41 The Regulatory Process and Challenges06:54 The Impact of Privacy Laws on Businesses08:14 The Future of Privacy Regulations and AI12:33 The Importance of Compliance and Collaboration15:18 Looking Forward: Upcoming Legislation16:05 Conclusion and Final Thoughts
Molly Martinson is a lawyer at Wyrick Robbins, a Raleigh-based law firm with outstanding privacy compliance credentials. She advises clients on a whole range of applicable privacy frameworks (CCPA, CPRA, FCRA, CAN-SPAM, COPPA, HIPAA), data breaches, laws regulating data brokers, and laws governing website and mobile application privacy policies. She also regularly advises international and U.S.- based clients on the applicability and requirements of the EU General Data Protection Regulation (GDPR). Molly received her B.A., cum laude from Wake Forest University and her J.D. with honors from UNC Schoolors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy. Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice. References: Molly Martinson on LinkedIn California Consumer Privacy Act Virginia Consumer Data Protection Act Colorado Privacy Act Utah Consumer Privacy Act Summary of the Texas Data Privacy and Security Act (National Law Review) Connecticut Data Privacy Act Florida Privacy Protection Act Montana Consumer Privacy Law Oregon Consumer Privacy Act Global Privacy Control Wyrick Robbins
In 2017, Sean Alexander and his family built a home in the new community of Harmony, a lake community just west of Calgary. For a side business, outside of his oil & gas career, Sean began importing Standup Paddleboards (SUPs) to sell to his neighbours out of his garage in late 2019, branding them KAILANI. Shortly after that, he realized not everyone wanted to paddleboard, so he expanded his product range and began manufacturing and importing brightly coloured coolers and started initially selling them to his Friday night shinny hockey team. In early 2020, he found himself laid off from his job in the oil and gas sector, and that's when he decided to go all in on his idea of starting an outdoor lifestyle company. Eight months later, following a 7-day road trip through the interior of BC, he had secured $130,000 in purchase orders for his colourful collection of coolers, landing him a $1M investment with an Alberta-based private equity group. On November 2, Sean appeared in episode 7 of Season 18 on Dragons' Den and secured a $1,000,000 deal with Wes Hall, $500,000 for 15% of his company and an additional $500,000 as an Operating Line of Credit. You can view the segment at https://www.cbc.ca/dragonsden/pitches/kailani. Today, he is selling coast-to-coast in over 200 retailers, 120 Pro Shops, 50 Promotional Marketing Companies and successfully selling in his Amazon Canada Storefront. He is an Official Partner with PGA Alberta and as of Nov 28th, 2023, and just signed a 3 year Agreement as a National Partner with the CPRA, Canadian Professional Rodeo Association, which is the sanctioning body for Pro Rodeo Events in Canada with 1100+ Athlete Members. Entrepreneurs are the backbone of Canada's economy. To support Canada's businesses, subscribe to our YouTube channel and follow us on Facebook, Instagram, LinkedIn and Twitter. Want to stay up-to-date on the latest #entrepreneur podcasts and news? Subscribe to our bi-weekly newsletter
The final episode of Digiday's History of ad tech discusses how the digital media industry has moved faster than those charged to keep it in check, with Ana Miliecvic of Sparrow Advisers sharing her insights. In this episode, she discusses how the blurred lines between data management platforms, customer data platforms, and now, data clean rooms have only served to confuse matters. Now that legislation such as GDPR and CPRA have come into force, privacy is a top-line matter. Digiday's History of Ad Tech charts its development. In this episode, she discusses: How data management and ad tech started to blur How the creeping tide of privacy legislatDigiday's Oral History of Ad Tech podcast, episode 4, the privacy reckoning with Ana Milicecicion influenced investment in ad tech Big Tech's role in the future of the space
You have been promised this episode for months, but finally at the end of the year, on this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal give you an overview of the U.S. State Law developments in 2023. What are the most important parts to understand State consumer privacy laws and how do you comply with them? Luckily, Paul and K don't have to do this all by themselves, but they can rely upon the expertise of Joanne Furtsch, VP Privacy Knowledge at TrustArc. If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
This Day in Legal History: The Ratification of the 13th AmendmentDecember 6th marks a pivotal moment in American legal and social history with the ratification of the 13th Amendment to the U.S. Constitution in 1865. This landmark amendment, which officially abolished slavery in the United States, represented the culmination of a long and tumultuous struggle against the institution of slavery and set the stage for a new era in American society.The journey to this historic day began earnestly during the Civil War, as President Abraham Lincoln sought ways to legally dismantle the deeply entrenched system of slavery. The Emancipation Proclamation of 1863 was a critical step, declaring the freedom of slaves in Confederate states. However, it was the 13th Amendment that provided a permanent and comprehensive legal solution, ensuring that slavery would be outlawed across the entire nation.The amendment's concise yet powerful language — "Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction" — was a clear and unequivocal repudiation of slavery.The ratification process was not without its challenges. After passing the Senate and House in early 1865, the amendment faced the daunting task of gaining approval from three-fourths of the states. The assassination of President Lincoln in April of that year added to the uncertainty surrounding its ratification.Despite these obstacles, the necessary number of states ratified the amendment by December 6, 1865, with Georgia's approval providing the decisive vote. This act was a testament to the changing attitudes in a nation that had been deeply divided over the issue of slavery.The 13th Amendment's ratification was a major legal victory for human rights and equality. It not only liberated four million enslaved individuals but also laid the groundwork for future civil rights advancements, including the 14th and 15th Amendments. Its impact went beyond the legal realm, ushering in profound social and cultural shifts.As we commemorate this significant day in legal history, it is important to reflect on the ongoing journey towards equality and justice. The 13th Amendment stands as a reminder of the enduring power of legal change to reshape society and the continuous need to strive for a more equitable world.A lawsuit filed by Americans for Fair Treatment (AFT) against three New York City pension plans is poised to influence the role of Environmental, Social, and Governance (ESG) considerations in workplace 401(k)s. This case, resulting from the pension plans' 2021 decision to divest over $4 billion from fossil fuel companies, is being closely watched as it may set a precedent for private-sector litigation under similar federal laws. The lawsuit alleges this decision violated state laws governing fiduciary conduct, with AFT claiming financial risk-return factors were ignored for a political agenda.The divestment, initially pledged by then-Mayor Bill de Blasio in 2018, was executed in 2021 by the New York City Employees' Retirement System, the Teachers' Retirement System of New York City, and the New York City Board of Education Retirement System. Post-divestment, the assets reportedly lost 35% of their value, despite a broader market recovery.The case is seen as a test of a Republican-led legal theory that opposes ESG considerations in public funds and 401(k)s, arguing for investment decisions based solely on financial merits. It also intersects with a U.S. Labor Department rule under the Biden administration that permits private-sector pensions to consider ESG impacts when materially relevant to a fiduciary's risk-return analysis. This has sparked debates in Congress and legal challenges, questioning the extent to which ESG factors should influence investment decisions in retirement plans.New York Pension Case Poised to Decide Fate of ESG in 401(k)sThe University of Pennsylvania is facing a lawsuit filed by two students alleging that the university condones antisemitism on campus. This lawsuit, which claims violations of federal civil rights law, follows similar legal actions against New York University and the University of California at Berkeley. The plaintiffs accuse Penn of failing to protect Jewish students from harassment, hiring "rabidly antisemitic professors," and ignoring pleas for protection.The complaint intensifies the issue by citing a recent incident where an "antisemitic student mob" allegedly vandalized campus buildings with hostile slogans. This situation reportedly escalated following actions by Hamas, which the US and European Union designate as a terrorist group. The complaint highlights the significant number of deaths in both Israel and Gaza due to the conflict.Penn's response to these incidents is under scrutiny. During a congressional hearing, Penn President Liz Magill emphasized the university's commitment to academic freedom and free speech, while also maintaining a stance against violence and incitement. However, the university has not commented on the pending litigation.The lawsuit, filed under Title VI of the 1964 Civil Rights Act, seeks significant measures, including the termination of faculty and administrators deemed responsible for the alleged antisemitism and the suspension or expulsion of involved students. This case has broader implications, as the US Education Department investigates possible discrimination at several universities, including Penn, Harvard, and MIT. The issue of antisemitism on college campuses is receiving national attention, with university leaders and donors expressing concerns over the climate and policies regarding this matter.Penn Sued by Students Claiming School Condones Antisemitism (2)The California Privacy Protection Agency is considering new regulations that would impact the state's substantial insurance industry, valued at over $123 billion. This initiative marks the first time the agency is focusing on the insurance sector, especially in light of growing scrutiny over how insurers use AI and personal data. The California Privacy Rights Act of 2020 mandates the agency to align its rulemaking with the state's insurance code and privacy statutes, aiming to adopt the strongest possible consumer protections.The potential regulations are drawing attention from insurance companies, particularly regarding the use of personal data for determining premiums and other costs. One area of significant consumer advocacy in California involves preventing auto insurers from using data from connected cars. The agency must navigate complex terrain, balancing new regulations with existing state laws like the Insurance Information and Privacy Protection Act and coordinating with the California Department of Insurance.Additionally, the agency is set to establish a registration fee for data brokers under California's new data broker law, the Delete Act. This law requires the creation of a "delete button" for consumers to erase their data from registered data brokers. The agency is also considering updates to its first set of CPRA regulations, including changes that would allow consumers to request all personal information beyond the past 12 months and to withdraw consent for the use of personal data at any time.California Privacy Officials Eye $123 Billion Insurance MarketA lawsuit in Colorado, led by a group of voters and supported by Citizens for Responsibility and Ethics in Washington, seeks to disqualify former President Donald Trump from the state's ballot for his alleged role in the January 6, 2021, Capitol attack. This case, which is going before the Colorado Supreme Court, hinges on Section 3 of the 14th Amendment of the U.S. Constitution. This provision bars public officials from holding federal office if they have participated in an insurrection.That section, written with an eye towards former high ranking officials in the Confederate States of America that might seek high office in the union, reads:No person shall be a Senator or Representative in Congress, or elector of President and Vice-President, or hold any office, civil or military, under the United States, or under any State, who, having previously taken an oath, as a member of Congress, or as an officer of the United States, or as a member of any State legislature, or as an executive or judicial officer of any State, to support the Constitution of the United States, shall have engaged in insurrection or rebellion against the same, or given aid or comfort to the enemies thereof. But Congress may by a vote of two-thirds of each House, remove such disability.The lawsuit is seen as a critical test case for challenging Trump's eligibility for the 2024 presidency under this constitutional amendment. A lower court previously ruled that Trump, as then-president, engaged in insurrection but allowed him to remain on the Colorado Republican primary ballot. The court reasoned that as president, Trump did not qualify as "an officer of the United States" under the amendment's terms.The plaintiffs' lawyers argue that this interpretation defies logic, as it would exempt the presidency, the most powerful office, from the amendment's restrictions. Trump's legal team disputes the insurrection allegation and asserts that courts lack the authority to bar candidates from ballots under this constitutional provision. The Colorado Supreme Court's decision can be appealed to the U.S. Supreme Court, adding to the significance of this case.Colorado Supreme Court to weigh Trump ballot disqualification over Jan. 6 attack | Reuters Get full access to Minimum Competence - Daily Legal News Podcast at www.minimumcomp.com/subscribe
Arielle Garcia combines a really good understanding of the advertising industry with award-winning expertise in privacy and responsible data use. She is the founder of ASG solutions, a consultancy firm specifically focused on helping marketers drive sustainable growth through respectful marketing and was previously UM Worldwide's Chief Privacy Officer. She holds a JD from Fordham University and has been recognised as a Top Woman in Media and AdTech by AdExchanger in 2023 (as well by others in prior years). In 2021 she was inducted to the American Advertising Federation's Advertising Hall of Achievement due to her impact on the industry. What we have covered in this episode: The bigger picture of privacy challenges in the digital marketing industry Cookie and pixel inventories Does more data mean better results? Privacy consequences of the new “black box” offerings from the walled gardens Unconsented signals and Conversions APIs US-specific concerns regarding the use of health-related data in programmatic advertising Aligning customer expectations of privacy with business results References: Arielle Garcia, An Industry In Conflict: It's Time For Tough Questions And Hard Decisions (Ad Exchanger) Arielle Garcia on LinkedIn Arielle Garcia on X
Jeff Jockisch is an independent data privacy researcher at PrivacyPlan. He is also Chief Privacy Officer and partner at Avantis Privacy. Prior to compiling the largest known database of data brokers, he spent many years working with startups, technology, and data. He studied Organizational Behavior at Cornell and holds a CIPP/US accreditation (IAPP). Our primary questions today: Can the (brand new) California "Delete Act" or the GDPR be sufficient to avoid major AI-powered phishing attacks? Is there anything else that we could do as individuals or businesses? References: Jeff Jockisch on LinkedIn California “Delete Act” (2023) FTC: How to Recognize and Avoid Phishing Scams Privacy Plan Avantis Privacy Permission Slip, by Consumer Reports
Cory Underwood is a Privacy and Data Analytics Engineer with a strong marketing data technology background and a good knowledge of both US and EU ePrivacy law. Cory supports the data privacy offerings of Atlanta-based Search Discovery (a data strategy and activation company), leveraging eight years of experience in privacy efforts and multiple privacy related certifications to enable clients to understand the impact of privacy changes. With a combined thirteen years of experience in technology, Cory specializes in speaking and writing on his blog (cunderwood.dev) about upcoming privacy changes, allowing readers to take a proactive approach to compliance challenges. In our second interview with Cory we have looked for answers to the following questions: What does it take for Digital Marketers to comply with State-level Privacy laws in California, Virginia, Colorado, and beyond? Will the US internet suffer the fate of European websites, annoying consumers with user-unfriendly consent pop-ups that mean little and cost millions? Why do some US websites insist on replicating the European ordeal if there are no opt-in requirements? What will be the side effects of large platforms adapting to the EU's Digital Services Act in terms of transparency and return on investment for SMEs? Where will Topics API, the star framework of Chrome's Privacy Sandbox fall in terms of consent requirements? References: Cory Underwood on LinkedIn Cory Underwood on X Cory Underwood's blog Search Discovery: An audit of 500 sites for CCPA and Colorado Privacy Act compliance Global Privacy Control Sephora settlement CNIL's considerations on the Privacy Sandbox and Topics API, July 2023 (FR) Apple's Link Tracking Protection and other Privacy features in iOS 17 Meta's Robyn (open framework for Media Mix Modeling) Apple's Private Click Measurement specification for privacy-first optimization Masters of Privacy: Cory Underwood on Global Privacy Control and a GDPR-compliant Google Analytics (September 25th, 2022)
California's data privacy regulations, primarily embodied in the California Consumer Privacy Act (CCPA) and its extension through the California Privacy Rights Act (CPRA), constitute a pioneering and influential framework. These regulations, effective from 2018 and further strengthened in 2020, set a standard for data protection not only within the state but also across the national and global economy. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the nuances of the CCPA and CPRA, and the evolving data privacy landscape.You'll hear Michael talk about:The lack of a federal data privacy law in the United States has led to a complex patchwork of state laws. Businesses are faced with the challenge of navigating these varied regulations, which contributes to compliance complexities.California, through the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), is a leader in data privacy regulation in the United States, with implications for both the national and global economy. The CPRA, enacted in 2020, establishes the California Privacy Protection Agency (CPPA) to enforce the law robustly.The CPRA introduces critical changes, including: Protection of employee and business-to-business personal information, which is now subject to the same privacy protections as consumer personal information. Enhanced consumer rights, such as the right to access, delete, and correct their personal information, and the right to opt out of the sale of their personal information.Companies are now obligated to implement reasonable security precautions and undergo annual cybersecurity audits and risk assessments.In addition to California, other states such as Virginia, Colorado, Utah, Iowa, and Connecticut have also enacted data privacy laws that echo the GDPR. Businesses must stay up-to-date on evolving compliance requirements and adapt their systems accordingly.Compliance issues comprise risk assessments, impact assessments, adherence to data breach requirements, and compliance with notification standards. Companies are developing systems based on the most stringent set of laws to guarantee compliance.KEY QUOTES“We have a patchwork of laws that apply in the United States. Unfortunately, we continue to suffer from the absence of a federal data privacy and breach notification law. Congress has tried for years to broker a deal here, but it has never been able to overcome strong lobbying forces. Whether it's high tech trial lawyers, law enforcement, or other gadflies, the public continues to suffer.” - Michael Volkov“Many commentators have suggested that California's data privacy laws and regulations are starting to look closer and closer to the EU's GDPR regime.” - Michael Volkov“To me, we're getting into a more strict regulation. We already have, under the California Consumer Privacy Act, a requirement to have on your website: an ‘opt out' in terms of any information that you may provide to a website, that it can't be used by the entity for sharing or selling or whatever consumer products purposes. So keep tabs on the California events.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group
For the week of October 4th, 2023, Episode 22 of Season No. 6, Ted and his brother James Stovin publish a show with their dad, Gary Stovin, known to most as "Stovey." It's Stovey's 80th birthday on October 5th so we figured we should share some of his stories, we hope you enjoy! Ted and Dustin catch up on what's going on in the world of western sports after the PBR in Canada staged an outdoor event in front of Rogers Place and the PRCA and CPRA regular seasons come to an end. To shop and for everything Cowboy Sh!t, visit www.CowboyShit.ca
On this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal discuss privacy class action lawsuits featuring articles and information from Law.com with Richard Sheinis of Hall Booth Smith and Lisa Jaffee of Hiscox Insurance on Law.com about the class action “kill chain,” and one from Miller Nash by Brian Esler and Eva Novik on the new wave of class action lawsuits, featuring the Video Privacy Protection Act - and of course, mentioning our friends Ian Ballon of Greenberg Traurig and Constantine Karboliotis. If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal share a healthy serving of privacy popcorn featuring India's new law, Georgia's new law, Meta news, Argentina and Kenya and Worldcoin, China, NIST Cybersecurity Framework call for comments, and more, including California's adequacy decision from the Dubai International Financial Center. If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
Adam Robinson is the CEO and founder of Retention.com, an industry-leading Shopify Ecommerce solution for increasing cart abandonment revenue.Adam bootstrapped Retention.com to 14M ARR with 6 people in 2.5 years, and is on the road to reaching 50M ARR by 2024. Retention.com delivers innovative customer growth solutions for e-commerce brands to monetize their first-party audience, successfully generating over $1bn in retail sales for Shopify stores since its inception in early 2020. Before starting Retention.com, Adam founded, bootstrapped and sold Robly Email Marketing, a marketing automation SaaS, for 8 figures to private equity in 2021. Adam is on a mission to support startup founders by sharing lessons learned from his entrepreneurial journey through his weekly podcast “10 years in the Making”, and posts content twice-daily on LinkedIn. When he's not busy building a unicorn startup in public, he's spending time with his wife, Helen, newborn daughter, Emma, and dog Bonnie in Austin, TX.To learn more, visit: http://honestecommerce.coResources:Subscribe to Honest Ecommerce on YoutubeWatch the video episode to see what Adam is sharing on his screenConnect with Adam linkedin.com/in/retentionadamShoot Adam an email if you have questions adam@retention.comFollow Adam on Twitter @retentionadamQuickly and easily grow your email list and boost your shopping cart abandonment revenue with retention marketing solutions retention.com
In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal connect with Tom Kemp, a Silicon Valley based author, entrepreneur, investor, and policy advisor. He founded a cybersecurity cloud provider and was one of the drivers behind the campaign to adopt the CPRA in California. And now he has written a book containing big tech that is out later this summer.Whether we look at the whole range of new legal requirements, from the European Digital Services and Market Acts, to the US state privacy laws, to regulatory enforcement decisions and discussions about breaking up some of the very large online platforms, big tech is under fire.And our guest today has a view on these issues and is not shy to share it. We discuss the overcollection and weaponization of our most sensitive data, problematic ways Big Tech uses AI to process and act upon our data, and also the stifling of competition and entrepreneurship due to Big Tech's dominant market positions. He also discusses some practical matters such as how to block trackers on your personal devices along with a history of the CPRA. As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO
One of the biggest dangers comes from the way that big tech companies collect and use our personal data. How do we contain big tech to protect our data and privacy? Our guest Tom Kemp is publishing a book on this topic and will discuss with Punit Bhatia the privacy trends, upcoming privacy laws like Delete Act, and the ways that the users are protected. KEY CONVERSATION POINTS 0:01 Intro 0:28 GDPR in one word 1:30 Containing Big Tech 6:11 Practical tips for protecting privacy 10:55 Global Privacy Control 12:48 What are data brokers? 16:29 California privacy trends – CCPA, CPRA, Age Appropriate & Delete Act 20:36 Silicon valley view on privacy 25:40 Privacy investments 30:46 Closing ABOUT THE GUEST Tom Kemp is a Silicon Valley-based author, entrepreneur, investor, and policy advisor. Tom is the author of Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy. Tom was the founder and CEO of Centrify, a leading cybersecurity cloud provider that amassed over two thousand enterprise customers, including over 60 percent of the Fortune 50. For his leadership, Tom was named by Ernst & Young as Finalist for Entrepreneur of the Year in Northern California. Tom is also an active Silicon Valley angel investor, with seed investments in over a dozen tech start-ups with a focus on privacy and cybersecurity. In addition, Tom has served as a technology policy advisor for political campaigns and advocacy groups, including leading the campaign marketing efforts in 2020 to pass California Proposition 24—the California Privacy Rights Act (CPRA)—and co-authoring bills such as the California Delete Act of 2023. Tom holds a Bachelor of Science degree in computer science and in history from the University of Michigan. Connect with Tom at his website or on LinkedIn or Twitter. ABOUT THE HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals. Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Websites www.fit4privacy.com , www.punitbhatia.com Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy --- Send in a voice message: https://podcasters.spotify.com/pod/show/fit4privacy/message
This week's guest is Tom Kemp: author; entrepreneur; former Co-Founder & CEO of Centrify (now called Delinia), a leading cybersecurity cloud provider; and a Silicon Valley-based Seed Investor and Policy Advisor. Tom led campaign marketing efforts in 2020 to pass California Proposition 24, the California Privacy Rights Act, (CPRA), and is currently co-authoring the California Delete Act bill.In this conversation, we discuss chapters within Tom's new book, Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY; how big tech is using AI to feed into the attention economy; what should go into a U.S. federal privacy law and how it should be enforced; and a comprehensive look at some of Tom's privacy tech investments. Topics Covered:Tom's new book - Containing Big Tech: How to Protect Our Civil Rights, Economy and DemocracyHow and why Tom's book is centered around data collection, artificial intelligence, and competition. U.S. state privacy legislation that Tom helped get passed & what he's working on now, including: CPRA, the California Delete Act, & Texas Data Broker RegistryWhether there will ever be a U.S. federal, omnibus privacy law; what should be included in it; and how it should be enforcedTom's work as a privacy tech and security tech Seed Investor with Kemp Au Ventures and what inspires him to invest in a startup or notWhat inspired Tom to invest in PrivacyCode, Secuvy & Privaini Why having a team and market size is something Tom looks for when investing. The importance of designing for privacy from a 'user-interface perspective' so that it's consumer friendlyHow consumers looking to trust companies are driving a shift left movementTom's advice for how companies can better shift left in their orgs & within their business networksResources Mentioned:The California Consumer Privacy Act (amended by the CPRA)The California Delete ActGuest Info:Follow Tom on LinkedInKemp Au VenturesPre-order Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.
In this episode we discuss privacy rights with Tom Kemp, a Silicon Valley-based author, entrepreneur, investor, and policy advisor who helped get the CPRA adopted and is author of the California Delete Act of 2023. His forthcoming book, Containing Big Tech: How to Protect our Civil Rights, Economy, and Democracy, published by Fast Company Press, focuses on the use of AI with personal data and the concentrated power of large Big Tech companies and how this paradigm impacts our personal privacy and lives. As an angel investor, Tom also discusses the types of privacy and cybersecurity companies that he is attracted to and the need for more technical solutions that can help manage privacy compliance. Here is an additional resource for you to post. Plus his book is available on pre-order at https://www.amazon.com/Containing-Big-Tech-Protect-Democracy/dp/1639080619
Adam Klee has an impressive resume in the AdTech world, having worked at Disney, Google, NBC, Twitter, Polar, or Spotify. He is the founder of Licorice, a platform that “gives consumers the privacy they want and publishers the data they need”. Adam's passion for solving this problem comes from both his years developing new ways to help drive better yield for publishers, and his experience as a consumer, where he thinks privacy should come standard. We are covering: Why email-based identity solutions (as an alternative to cookies) are flawed What consumers expect in the media monetization trade-off (ad blockers!) Different degrees of control and convenience, and how consent banners are the opposite of both A formula to rely on other legal bases (such as the GDPR's legitimate interest) when no individual deduplication is involved. References: Adam Klee on LinkedIn Licorice Licorice featured on AdExchanger: Programmatic Vets Are Behind A Wave Of New Startups Built For A Privacy-First Web Topics API (Chrome Privacy Sandbox)
Effective 2023, the California Public Records Act (“CPRA”) has a new statutory “home” within the Government Code. (See Gov. Code, § 7920.000 et seq.) While the Legislature has indicated this reorganization is not intended to change the CPRA substantively, the practical effects of this reorganization remain to be seen. In this Lozano Smith Podcast episode, host Sloan Simmons engages with Lozano Smith Partner, Manuel Martinez, and Senior Counsel, Alyse Pacheco Nichols, to discuss this statutory reorganization; guesses as to the Legislature's rationale for the reorganization; and how this reorganization will or will not effect the way public agencies response to CPRA requests. Show Notes & References 2:10 – Statute reorganization effective January 2023 12:04 – Status of catch-all provisions (Alphabetical List [7930.100 - 7930.215]) 13:57 – Impact on public agencies 18:30 – Trends in case law and in practice 19:15 – Iloh v. Regents of the University of California (2023) 87 Cal.App.5th 513 19:42 – City of San Jose v. Superior Court (2017) 2 Cal.5th 608 (Lozano Smith Tip Jar - 2017) For more information on the topics discussed in this podcast, please visit our website at: www.lozanosmith.com/podcast.
We often focus on consumer policy when discussing privacy laws and obligations, but companies must protect their employee data, as well. Navigating complex employee privacy and labor laws in the U.S., for example, can be challenging, and new state laws, like the California Privacy Rights Act, apply more pressure on privacy pros charged with ensuring employee data is protected and handled appropriately. Littler Mendelson Privacy and Data Security Practice Group Co-Chair Zoe Argento knows the workplace privacy field well and advises clients on a wide range of issues. IAPP Editorial Director Jedidiah Bracy recently caught up with Argento to discuss some of the pressing trends in the workplace privacy space, including CPRA obligations, workplace surveillance and artificial intelligence issues, international data transfers and data security best practices.
With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast. __ This was a pretty active season in terms of regulatory updates and decisions or guidelines coming out of supervisory bodies: Spain's AEPD issued a decision on the use of Google Analytics by the Royal Academy of Spanish Language (“RAE”), becoming the first EU Data Protection Agency to see the glass half full in the use of the widespread digital data collection service (having been considered high-risk in Denmark, Italy, France, the Netherlands and Austria). It must however be noted that the RAE was only using the most basic version of the tool, without any AdTech integrations or individual user profiling - and in this regard aligned with the CNIL's long-standing guidelines for the valid use of the tool. At EU level, the Artificial Intelligence Act (which we have covered this quarter in a couple of Masters of Privacy interviews) made fast progress with the Council adopting its final position. At the same time, new common rules on cybersecurity became a reality with the approval of the NS2 Directive (or v2 of the Network and Information Security Directive) on November 28th. The updated framework covers incident response, supply chain security and encryption among other things, leaving less wiggle room for Member States to get creative when it comes to “essential sectors” (such as energy, banking, health, or digital infrastructure). Across the Channel, the UK's Data Protection Agency (ICO) issued brand new guidelines on international data transfers, providing a practical tool for businesses to properly carry out Transfer Risk Assessments and making it clear that either such tool or the guidelines provided by the European Data Protection Board will be considered valid. Already into the new year, the European Data Protection Board (EDPB) issued two important reports, on valid consent in the context of cookie banners (in the hope to agree on a common approach in the face of multiple NOYB complaints across the EU) and the use of cloud-based services by the public sector. The former concluded that the vast majority of DPAs (Supervisory Authorities) did not accept hiding the “Reject All” button in a second layer - which most notably leaves Spain's AEPD as the odd one out. They did all agree on the non-conformity of: a) pre-ticked consent checkboxes on second layer; b) a reliance on legitimate interest; c) the use of dark patterns in link design or deceptive button colors/contrast; and d) the inaccurate classification of essential cookies. The latter concluded that public bodies across the EU may find it hard to provide supplementary measures when sending personal data to a US-based cloud (as per Schrems II requirements) in the context of some Software as a Service (SaaS) implementations, suggesting that switching to an EEA-sovereign Cloud Service Provider (CSP) would solve the problem and getting many to wonder whether it also refers to US-owned CSPs, which would leave few options on the table and none able to compete at many levels in terms of features or scale. All of which can easily lead us to the latest update on the EU-US Data Privacy Framework: The EDPB released its non-binding opinion on the status of the EU-US Data Privacy Framework (voicing concerns about proportionality, the data protection review court and bulk data collection by national security agencies). The EU Commission will now proceed to ask EU Member States to approve it with the hope of issuing an adequacy decision by July 2023. This would do away with all the headaches derived from the Schrems II ECJ decision (including growing pressure to store personal data in EU-based data centers), were it not for the general impression that a Schrems III challenge looms in the horizon. In the United States, long-awaited new privacy rules in California (CPRA) and Virginia (CDPA) entered into force on January 1st. Although both provide a set of rights in terms of ensuring individual control over personal data being collected across the Internet (opt-out, access, deletion, correction, portability…), California's creates a private right of action that could pave the way for a new avalanche of privacy-related lawsuits.In any case, only companies meeting a minimum threshold in terms of revenue or the amount of consumers affected by their data collection practices (both of them varying across the two states) will have to comply with the new rules. Lastly, Privacy by Design will become ISO standard 31700 on February 8th, finally introducing an auditable process to conform to the seven principles originally laid out by Anne Cavoukian as Ontario(Canada)'s former Data Protection Commissioner. Enforcement updates It's been interesting to see how continental Data Protection Agencies (“DPAs”) keep milking the cow of the ePrivacy Directive's lack of a one-stop-shop for US or China-based Big Tech giants. The long-awaited ePrivacy Regulation never arrived to keep this framework in sync with the GDPR (which does have a one-stop-shop), and this leaves an opening for any DPA to avoid referring large enforcement cases involving such players to the Irish Data Protection Commissioner (“DPC”) whenever cookie consent is involved. This criterion has been further strengthened by the recent conclusions of EPDB cookie banner task force. Microsoft was the last major victim of this particular gap (following Meta and Google), receiving a 60-million euro fine from France's DPA (CNIL), which shortly after honored TikTok with a 5m euro fine (once again, due to the absence of a “Reject All” button on its first layer - or “not being as easy to reject cookies as it is to accept them”) and, not having had enough, went on to give Apple an 8m euro fine for collecting unique device identifiers of visitors to its App Store without prior consent or notice, in order to serve its own ads (which is akin to a cookie or local storage system when it comes to article 5.3 of the ePrivacy Directive). The CNIL ePrivacy-related enforcement spree did not stop short at Big Tech. Voodoo, a leader in hyper-casual mobile games, was also a target, receiving a 3 million euro fine for lack of proper consent when serving an IDFV (unique identifier “for vendors”, which Apples does allow app publishers to set when IDFA or cross-app identifiers have been declined via the App Tracking Transparency prompt). Putting the ePrivacy Directive aside, and well into pure GDPR domain, Discord received a 800k euro fine (again, at the hands of CNIL) on the basis of: a) a failure to properly determine and enforce a concrete data retention period; b) a failure to consider Privacy by Design requirements in the development of its products; c) accepting very low security levels for user-created passwords; and d) failing to carry out a Data Protection Impact Assessment (given the volume of data it processed and the fact that the tool has become popular among minors). And yet, one particular piece of news outshined mostly everything else in this category: Ireland's DPC imposed a 390 euro fine on Meta following considerable pressure from the EDPB for relying on the contractual legal basis in order to serve personalized advertising - itself the core business model of both social networks. We had a debate on the matter with Tim Walters (English) and Alonso Hurtado (Spanish) on Masters of Privacy, and published an opinion piece on our blog. This last affair is a good segue into Twitter's latest troubles. Its new owner, Elon Musk, not content with having fired key senior executives in charge of EU privacy compliance (including its Chief Privacy Officer and DPO), has suggested that he will oblige its non-paying users to consent to personalized advertising. The Irish DPC (once again, in charge of its supervision under the one-stop-shop rule) asked Twitter for a meeting in the hope to draw a few red lines. Meanwhile, the Spanish AEPD, still breaking all records in terms of monthly fines, sanctioned UPS (70,000 euros) for handing out a MediaMarkt (consumer electronics) delivery to a neighbor, thus breaching confidentiality duties. This will have a serious impact on the regular practices of courier services in the country. Back in the United States, Epic Games and the FTC agreed to a $520m fine for directly targeting children under the age of 13 with its Fortnite game (a default setting that allows them to engage in voice and text communications with strangers has made it worse), as well for using for “dark patterns” in in-game purchases. Separately, in what we believe it is a first case of its kind, even in the EU (with the ECJ FashionID case possibly being the closest we have been to it). Betterhelp has received an FTC $7,8m fine for using the Facebook Lookalike Audiences feature (and alternative offerings in the programmatic advertising space, including those of Criteo, Snapchat or Pinterest) to find potential customers on the basis of their similarity with the online mental health service's current user base. This involved sensitive data and follows repetitive disclaimers by Betterhelp that data would in no case be shared with third parties. On the private lawsuits front (especially important in the US), Meta agreed to pay $725m after a class action was brought in California against Facebook on the back of the ever-present Cambridge Analytica scandal. Also, the Illinois Biometric Information Privacy Act (BIPA) kept putting money into the pockets of claimants and class action lawyers, in this case forcing Whole Foods (an upscale organic food supermarket chain owned by Amazon) to settle for $300.000 - we have previously previous cases against TikTok, Facebook or Snapchat, albeit it was the monitoring, via “voiceprints”, of its own employees (rather than its customers) that triggered this particular lawsuit. Legitimate Interest strikes back To finish with this section, very recent developments justify turning our eyes back to the UK and the EU as there is growing momentum for the acceptance of the legitimate interest as a legal basis for purely commercial or direct marketing purposes: While the CJEU decides on a question posed by a Dutch court in January, in which the DPA issued a fine to a tennis association for relying on legitimate interest to share member details with its sponsors (who then sent commercial offers to them), a UK court (First-Tier Tribunal) has ruled against the ICO (UK DPA) and in favor of Experian (a well-known data broker) for collecting data about 5.3m people from publicly available sources, including the electorate register, to build customer profiles and subsequently selling them to advertisers. Experian has relied on legitimate interest and found it too burdensome to properly inform every single individual (this being the ICO's main point of contention). The decision does appear to indicate that using legitimate interest would not be possible if the original data collection had been based on consent, but even this is not entirely clear. So, just to make it even more clear and simple, the UK Government presented a new draft of a new UK Data Protection Bill on March 8th that includes a pre-built shortcut to using legitimate interest without need for the so-called three part test (purpose, necessity, balancing). Data controllers can now go ahead with this legal basis if they find their purpose in a non-exhaustive list provided - which includes direct marketing. Competition and Digital Markets Google was sued by the Department of Justice for anti-competitive behavior in its dominance of the AdTech stack across the open market (or the ads that are shown across the web and beyond its own “walled gardens”), using its dominance of the publisher ad server market (supply side) to further strengthen its stranglehold of the demand side (advertisers, many of them already glued to its Google Ads or DV360 platforms in order to invest in search keywords or YouTube inventory) and, worse, artificially manipulating its own ad exchange to favor publishers at the expense of advertisers - thereby reinforcing the flywheel, as digital media publishers found themselves with even less incentives to work with competing ad servers. Zero-Party Data and Future of Media (The piece of news below obliges us to combine both categories this season) The BBC has rolled out its own version of SOLID pods to allow its own customers to leverage their own data (exported from Netflix, Spotify, and the BBC) in order to obtain relevant recommendations while staying in full control of such data. Perhaps a little step towards individual agency, but a giant one for a digital media ecosystem mostly butchered by the untenable notice-and-consent approach derived from the current legal framework - which takes us back full circle to Elizabeth Renieris' new book.
Tune in to the second episode of Ropes & Gray's podcast series The Data Day, brought to you by the firm's data, privacy & cybersecurity practice. This series focuses on the day-to-day effects that data has on all of our lives as well as other exciting and interesting legal and regulatory developments in the world of data, and will feature a range of guests, including clients, regulators and colleagues. On this episode, hosts Fran Faircloth, a partner in Ropes & Gray's Washington, D.C. office, and Edward Machin, a London-based associate, are joined by special guest Kevin Angle, a Boston-based counsel. Join us as we discuss recent enforcement by the California Attorney General, including a new round of enforcement sweeps, actions by the California Privacy Protection Agency, and the relationship between the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool chat with Amy Worley, the Managing Director & Associate General Counsel at BRG on topics such as the enforcement letters sent out by the California Attorney General's office on the do not sell / share my data requirement of the CCPA (as amended by the CPRA). We also discuss key US Supreme Court hearings in Twitter, Inc. v. Taamneh and Gonzalez v. Google LLC, involving Section 230(c)(1) of the Communications Decency Act. Join us to hear some wonderful open conversation on these critical events.As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email podcast@seriousprivacy.eu. Please do like and write comments on your favorite podcast app so other professionals can find us easier. The Annual TrustArc Global Privacy Benchmarks survey is open until March 31st, and we want to hear from you. How is the industry shifting, and what trends do you foresee? This doesn't assess individual or company privacy competency. Rather, it allows you to shape the future of privacy protection initiatives. Please, share your views on how enterprise's manage data protection and privacy. As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO
Today on That Tech Pod, Laura and Kevin speak with CCPA & CPRA Co-author Rich Arney and Boltive CEO Dan Frechtling. Dan Frechtling is CEO of Boltive, providing publishers and ad exchanges the tools they need to monitor and audit their programmatic ads, and the added benefit to identify the source & block the bad ones—setting a new standard for accountability & protection that our industry desperately needs. Frechtling has led B2B SaaS businesses since 1999. Prior to Ad Lightning, he was President of G2 Web Services, acquired by Verisk, where he expanded G2's cyber security solutions to detect brand damaging activity and transaction laundering. He was also GM/VP at Hibu, VP at Stamps.com and Sr. Associate for McKinsey. He has an MBA with Distinction from Harvard Business School and a BS with High Honors from Northwestern University. Follow Boltive on LinkedIn and Twitter.Rick Arney is a board member of Californians for Consumer Privacy and a co-author of the California Consumer Privacy Act (CCPA) and Proposition 24 - the California Privacy Rights Act (CPRA), the most comprehensive and groundbreaking consumer privacy laws in the United States. In addition to co-authoring both laws, Rick participated in all aspects of campaigning including signature gathering, media (both TV and Radio), finance and campaign strategy. He has an Economics BA with honors from Stanford and an MBA from Harvard and is a Fulbright Scholar.
In the first episode of season 4 of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool welcome season 4 launching on Data Protection / Privacy Day 2023! From current events, to laws, to breaches, to SCCs - we probably covered it all! Paul even challenged ChatGPT to describe our season 1.The Serious Privacy podcast, by TrustArc, season 1 covered a variety of core topics related to privacy and data protection. Some of the key topics discussed in season 1 include:Overview of key privacy regulations such as GDPR and CCPAThe role of Artificial Intelligence in privacy and data protectionBest practices for creating and implementing a data privacy programImpact of privacy on different industries such as healthcare and financeThe future of privacy and data protection and how it will shape our worldReal-world examples of data breaches and how to respond to themHow to handle sensitive data and protect against cyber threatsCurrent trends in data privacy and the challenges of protecting personal information in the digital ageOverall, season 1 of the Serious Privacy podcast aimed to provide listeners with a comprehensive understanding of the current state of data privacy and the challenges that organizations face in protecting personal information in the digital age. It also provided practical tips and best practices for organizations to create and implement a data privacy program to protect sensitive data and comply with regulations.Should you have any questions or suggestions, please reach out to us via seriousprivacy@trustarc.com or info@seriousprivacy.eu, or via Twitter at @podcastprivacy. You find us on LinkedIn as well - just look for Serious Privacy. You will find K on Twitter as @heartofprivacy and myself as @EuroPaulB.
The advanced technologies that facilitated much of the organizational productivity and business profitability during the pandemic will continue to raise legal and compliance issues in 2023. Listen as Jackson Lewis principals Jason C. Gavejian and Joseph J. Lazzarotti discuss the top issues data collection and use are causing for employers.
This week we get anonymously comfy and concoct a CPRA cocktail in the confession booth with our mentor, the Prince of Privacy and Imperial Information Governance Guru. We'll dig deeper into successful strategies in a new legal ops role and sing our favorite compliance carol courtesy of Carly Rae Compliance-Less. As we reflect on the past year and turn to the next chapter, we remember to care for ourselves by putting on our oxygen masks first before helping others. After all, we've got at least 99 legal ops problems in the new year, but CPRA isn't one. Dear Legal Ops IG: @dearlegalops LinkedIn: @dearlegalops Facebook: @dearlegalops Twitter: @dearlegalops TikTok: @dearlegalops www.dearlegalops.com This is a Redd Rock Music Podcast IG: @reddrockmusic www.reddrockmusic.com Learn more about your ad choices. Visit megaphone.fm/adchoices
California has long led the way on many privacy-related laws, going back to at least 2002 when it passed the first data breach notification law in the U.S. More recently, passage of the California Consumer Privacy Act and the California Privacy Rights Act has prompted other states to follow suit. Baker McKenzie Partner Lothar Determann has long practiced and taught international data privacy law, and beginning in 2013, published the book, “California Privacy Law.” Now in its fifth edition and published by the IAPP for the last three editions, the new edition comes as the CPRA goes into effect, with implementing regulations on the way. IAPP Editorial Director Jedidiah Bracy caught up with Determann to talk about the California's privacy regime, what companies should be doing to comply, what's new in the updated book, and what's on the horizon for federal and state privacy law in the U.S. and beyond.
CPRA, BSAA and antitrust: We close out 2022 with (acronyms and) a repeat of a January 2022 episode that took the pulse of the legal world's latest moves in data privacy.
In this free-ranging episode, host Angelique Carson chats with longtime pals Gabe Maldoff, privacy attorney at Goodwin Procter, and Cobun Zweifel-Keegan, IAPP's managing DC director, about the big privacy news in 2022. There's lots of talk about CPRA, the Sephora case, California's need to constantly pass laws, and why Gabe hates cruises.
With the rise of data subject rights in privacy law, privacy practitioners are often challenged with operationalizing what can be a complex and risky endeavor. California, through the CCPA and CPRA, has emerged as a leader on this in the United States. Advocacy organization Consumer Reports has not only been working on policy with states like California on data subject rights but also with industry on standardizing consumer data rights. With a number of companies in the privacy tech vendor space, CR is announcing the open standard called the Data Rights Protocol. It's also in the early stages of acting as an authorized agent on behalf of consumers, with a service its calling Permission Slip. IAPP Editorial Director Jedidiah Bracy talks with Ginny Fahs, associate director of product R&D for Consumer Reports Digital Lab, and Technology Policy Director Justin Brookman, to learn about their open-sourced protocol and what they're doing to help both consumers and organizations operationalize data subject rights.
On this episode, Burr Partner Elizabeth B. Shirley, CIPP/US, CIPM discussed a summary and comparison of U.S. Data Privacy Laws since the enactment of California's CCPA and CPRA, which we examined in the first episode of our show.Podcast SeriesThis series is designed to provide a high-level overview of what businesses and industry professionals need to know about cybersecurity and data privacy issues. We cover topics, trends, and developments while also discussing the fundamentals of the law.
To anyone hoping that California's updated privacy law would help to simplify privacy compliance in the U.S., sorry. That doesn't seem to be the case. Instead, the California Privacy Rights Act (CPRA), which takes effect on Jan. 1, seems set to muddy the privacy landscape even more. “CPRA is this unique kind of beast that has complicated privacy significantly for organizations in the U.S.,” said Sarah Bruno, a partner at the law firm Reed Smith, on the latest Digiday Podcast. One aspect of the CPRA needing clarification is the difference between the law's “contractor” and “service provider” labels. “A contractor is a company that you make data available to, and a service provider's a company that processes the data on your behalf. That's not super clear, is it? We need more clarity on that,” Bruno said. The CPRA does clarify some aspects of California's existing privacy law, the California Consumer Privacy Act (CCPA), which took effect in 2020. It covers the sharing of data for cross-contextual behavioral advertising purposes, which helps to resolve the CCPA's Rorschach-esque definition of sale that caught Sephora in the crosshairs of California's attorney general. The CPRA's addition of sharing data has “eliminated the question that we had with [the CCPA's definition of] sale,” said Bruno. Besides, for as much as the CPRA may mix up the U.S. privacy picture for companies, the more prominent complicating factor remains the absence of a comprehensive federal privacy law. “We're still going to have these nuances until there's a federal law that addresses this,” Bruno said.
Web3 is being touted as the future of the internet. The vision for this new version of the web revolves around the notion of decentralization, driven by blockchain-based technologies including cryptocurrencies and NFTs. User privacy is central to these advances, but what does all of this mean for decentralized finance compliance and identity verification? How does a small tech company navigate the overlapping web of privacy, competition, and other regulations? And what are the implications for user data access? In this episode, co-hosts Elyse Dorsey and Jana Seidl speak with Matt McGuire, General Counsel of Violet, about all things Web3, crypto, and privacy, including what's happening with the California Privacy Protection Agency' CPRA implementation. With special guest: Matt McGuire, General Counsel, Violet Related Links: CPPA Rulemaking Matt McGuire, Violet Comments to CPPA Where's Ooki? CFTC's Lawsuit Delivery Via Chatbox Raises Eyebrows Violet Hosted by: Elyse Dorsey and Jana Seidl
CPRA Rule Revisions Unlikely to be Finalized in 2022 by Kelley Drye Advertising Law
In this episode, Julian Flamant, an attorney at Hogan Lovells and longtime pal of Angelique's, talks about Chicago-based mobsters, that looming CPRA deadline, and how to keep transfer impact assessments, TIAs, from becoming a P in your A.
This week on Privacy Please, the California Privacy Rights Act (CPRA) goes into effect on July 1st, 2023. Tune in to find out the key highlights you need to know about the CPRA, as well as what you can do to make sure your organization remains compliant.