Podcasts about data privacy framework

 What does it mean for artificial intelligence to be sovereign? This week, Technology Now explores how more than just data can be sovereign, our AI models using the data can be too. We ask what it actually means for AI models to be sovereign and why companies, and indeed entire countries, would be interested in this concept. Andreas Geiss, Vice-President Automotive & Manufacturing at Aleph Alpha tells us more. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week, hosts Michael Bird and Aubrey Lovell look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what can be learnt from it.Andreas Geiss: https://www.linkedin.com/in/andreas-geissSources cited in this week's episode:Data Privacy Framework:https://www.dataprivacyframework.gov/Program-Overviewhttps://www.infosecurityeurope.com/en-gb/blog/regulation-and-policy/eu-us-data-transfer-challenges.html Photonic chips: Ahmed, S.R., Baghdadi, R., Bernadskiy, M. et al. Universal photonic artificial intelligence acceleration. Nature 640, 368–374 (2025). https://doi.org/10.1038/s41586-025-08854-xhttps://www.reuters.com/science/lightmatter-shows-new-type-computer-chip-that-could-reduce-ai-energy-use-2025-04-09/History of the cordless home phone:https://www.britishtelephones.com/hawk.htmhttp://www.samhallas.co.uk/repository/sales/cp-ms_43.pdf 

 What does it mean for artificial intelligence to be sovereign? This week, Technology Now explores how more than just data can be sovereign, our AI models using the data can be too. We ask what it actually means for AI models to be sovereign and why companies, and indeed entire countries, would be interested in this concept. Andreas Geiss, Vice-President Automotive & Manufacturing at Aleph Alpha tells us more. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week, hosts Michael Bird and Aubrey Lovell look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what can be learnt from it.Andreas Geiss: https://www.linkedin.com/in/andreas-geissSources cited in this week's episode:Data Privacy Framework:https://www.dataprivacyframework.gov/Program-Overviewhttps://www.infosecurityeurope.com/en-gb/blog/regulation-and-policy/eu-us-data-transfer-challenges.html Photonic chips: Ahmed, S.R., Baghdadi, R., Bernadskiy, M. et al. Universal photonic artificial intelligence acceleration. Nature 640, 368–374 (2025). https://doi.org/10.1038/s41586-025-08854-xhttps://www.reuters.com/science/lightmatter-shows-new-type-computer-chip-that-could-reduce-ai-energy-use-2025-04-09/History of the cordless home phone:https://www.britishtelephones.com/hawk.htmhttp://www.samhallas.co.uk/repository/sales/cp-ms_43.pdf 

 What does it mean for artificial intelligence to be sovereign? This week, Technology Now explores how more than just data can be sovereign, our AI models using the data can be too. We ask what it actually means for AI models to be sovereign and why companies, and indeed entire countries, would be interested in this concept. Andreas Geiss, Vice-President Automotive & Manufacturing at Aleph Alpha tells us more. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week, hosts Michael Bird and Aubrey Lovell look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what can be learnt from it.Andreas Geiss: https://www.linkedin.com/in/andreas-geissSources cited in this week's episode:Data Privacy Framework:https://www.dataprivacyframework.gov/Program-Overviewhttps://www.infosecurityeurope.com/en-gb/blog/regulation-and-policy/eu-us-data-transfer-challenges.html Photonic chips: Ahmed, S.R., Baghdadi, R., Bernadskiy, M. et al. Universal photonic artificial intelligence acceleration. Nature 640, 368–374 (2025). https://doi.org/10.1038/s41586-025-08854-xhttps://www.reuters.com/science/lightmatter-shows-new-type-computer-chip-that-could-reduce-ai-energy-use-2025-04-09/History of the cordless home phone:https://www.britishtelephones.com/hawk.htmhttp://www.samhallas.co.uk/repository/sales/cp-ms_43.pdf 

Moin aus Osnabrück und herzlich willkommen zur 27. Folge vom Update. Dieses Mal begrüßt Ulf Malte Keller am Podcast Mikrofon. In den letzten Folgen hat Ulf mit seinen Gästen viel über Digitalisierung, Künstliche Intelligenz und Effizienz in der Cloud gesprochen. Doch die rechtliche Grundlage dafür wackelt immer wieder. Malte und Ulf gehen daher in dieser Update Folge näher auf den transatlantischen Datenverkehr ein: Was hat es mit dem Data Privacy Framework auf sich? Und welche möglichen Auswirkungen erwarten uns aufgrund der Wiederwahl von Donald Trump?

Das Privacy and Civil Liberties Oversight Board (PCLOB) ist eine wichtige Aufsichtsbehörde für den europäischen Angemessenheitsbeschluss zum Daten-Export unter dem Data Privacy Framework (DPF). Nun demontiert Donald Trump dieses Gremium. Stirbt das DPF noch schneller als gedacht? Ausserdem: Wie sagt man «CNIL»? Und wieso meldet der EDÖB alle Besucher seiner Website an Elon Musk?

Time for a Newsroom summarizing everything that's happened in our usual areas of focus, although we are dropping the last two (Zero-Party Data and Future of media) this time around.  ePrivacy & Regulatory Updates Enforcement On September 5th, the CNIL fined CEGEDIM SANTÉ 800,000 euros for processing health data without authorization. The healthcare software provider collected sensitive personal information, assigning a unique identifier for each patient of the same doctor. This method was considered sufficient to ensure that personal data remained anonymous in order to put together certain comparative studies, but the CNIL concluded that, given the risk of re-identification, it could merely be considered pseudonymized, exposing a breach of the GDPR as a result (for starters, patients had not been informed of additional purposes). A Reference was made to the EDPB's Opinion 05/2014 on Anonymisation Techniques.  On September 27th The Irish DPC issued a 91 million euro fine to Meta for storing certain user passwords in plain text files.  On October 22nd, NOYB filed a claim against Pinterest before the French supervisory authority alleging that the company relies on legitimate interest to underpin its behavioral advertising practices, in contravention of the CJEU Bundeskartellamt decision. The social network has also been accused of breaching the transparency principle and not responding to data subject requests appropriately.  On October 24th, the Irish DPC imposed a 310m EUR fine on LinkedIn. The professional social network is not properly applying a valid legal basis for targeted ads and the processing of first party data about their members, despite referring to three separate grounds: consent, legitimate interest and contractual necessity. This has also resulted in a breach of the fairness principle. On October 30th, the California Privacy Protection Agency announced an investigative sweep of data broker registration compliance under the Delete Act. This law requires data brokers to register with the CPPA and pay a fee annually.  On November 6th, the Canadian government ordered the closure of TikTok in the country. Citizens are however allowed to keep using the app, as this is considered a personal choice.  Legal updates and guidelines On October 4th, the CJEU resolved a famous dispute between the Royal Dutch Lawn Tennis Association and the Dutch DPA. The latter had imposed a fine on KNLTB for relying on legitimate interest for sharing data with its sponsors for purposes of direct marketing. Five days later, the EDPB requested comments on its draft Opinion on processing data on the basis of Legitimate Interest: It is made clear that this legal basis should not be treated as a “last resort” as it is of equal value to the rest, and a differentiation is made between an interest (or broader benefit that a controller may have) and a purpose (or specific reason why the data is processed). The Opinion has also stated that an interest must be related to the data controller's activities. On the same day (October 9th), the EDPB adopted its Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors: every controller should extend the diligence they currently have over direct processors to the entire chain of custody, no matter how many degrees apart.  On October 16th, the EDPB adopted new Guidelines on the technical scope of article 5.3 of the ePrivacy Directive: given that very little has changed since they opened up an initial draft for comments, we recorded a separate episode with Peter Craddock pondering the far reaching implications of these Guidelines.  Turning our attention to the UK, on October 7th the UK ICO launched its own Data Protection Audit Framework including self-assessment toolkits and other practical resources.  Also, the UK Data Protection reform is back, now with a Data Use and Access Bill (with a second reading announced on November 1st). It maintains an exception for analytics cookies that will not require consent. DPOs are back on the table (the previous reform proposal was getting rid of the role).  On November 5th EDPB adopted its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement. The redress mechanism has been implemented successfully but it is yet not being widely used. The EDPB has voiced concerns about recent changes to Section 702 FISA and how that could expand the role of private companies in gathering data about EU citizens.  MarTech and AdTech On November 12th, Meta introduced a plan C to its Pay or Consent models, having been told by the EDPB that the current proposal would not be acceptable. A third option (besides paying and relying on behavioral ads) is now available which will use less data and remain mostly contextual. It will also compensate its decreased targeting capabilities with increased audience reach by showing ads (“ad breaks”) that become unskippable for a few seconds. A study conducted by Boston University has concluded that the Protected Audiences API (building on the formerly called FLEDGE protocol, a part of Chrome's Privacy Sandbox), can produce similar results to those of third party cookies in the context of retargeting campaigns.  On November 5th, David Raab, who back in the day had coined the label CDP (Customer Data Platform), published a provocative piece titled “The Composable CDP is Dead”. In summary the author argues that all CDPs have already caught up with the modularization that came from sitting on top of more flexible data warehouses, so every single CDP has either become a niche modular component or an all-encompassing, highly-modularized software suite. In sum, the term will not help a Hightouch differentiate itself uniquely any longer. We suggest that you listen to our interviews with Tejas Manohar and Jonathan Mendez, CEOs of Hightouch and Neuralift AI respectively, for further context.  AI, Competition and Digital Markets The community is still recovering from Hamburg's DPA's opinion (adopted on July 15th) stating that LLMs do not contain personal data. The supervisory authority made three key points that we will be covering with some future guests: a) No personal data is stored in LLMs; b) Data subject rights as defined in the GDPR cannot relate to the model itself, but they can be exercised against the provider or deployer of a system built on top of such models, with regards to the input or output of such system; c) The training of LLMs using personal data must comply with data protection regulations.  The Irish DPC announced an investigation into Google's foundational AI model (PaLM 2) on September 12th, with a focus on the DPIA that Google is expected to have undertaken.  An ICO report released on November 8th found that AI recruitment technologies can filter candidates according to protected characteristics including race, gender, and sexual orientation. On November 13th, Meta received an 800,000 EUR fine for anti-competitive practices in the bundling of its Marketplace feature with the primary Facebook application. So, they have leveraged their control over one market to take control of another, adjacent market, in this case threatening pretty large companies in the classified ads space. That's it for today! Thanks again for listening.  

Dans cet épisode de Slow Marketing, je discute avec Julie Linden, analyste digitale spécialisée dans la mise en conformité des outils d'analyse avec le RGPD. Nous explorons les récents changements concernant Google Analytics et la légalité de son utilisation en Europe après l'adoption du Data Privacy Framework. Julie nous partage ses conseils pour assurer une conformité optimale tout en conservant des données de qualité, et nous parle de son engagement pour un marketing digital plus simple et respectueux de la vie privée.Quelques questions clés que nous abordons dans cet épisode :Comment mettre en place une solution de cookies conforme au RGPD sur son site web ?Quels sont les défis de la mise en conformité de Google Analytics pour les entreprises ?Quelles alternatives à Google Analytics existent pour un suivi des performances plus éthique ?En quoi une approche de slow marketing et de simplification des données peut-elle transformer la manière de piloter ses campagnes ?

The General Data Protection Regulation (GDPR) has been in effect since 2018, reshaping how businesses handle personal data across the globe. While many view GDPR as solely a legal or IT challenge, its impact ripples far beyond those departments—it touches every aspect of an organization. For CFOs, GDPR isn't just about compliance; it's about safeguarding the financial health of the company, managing operational risks, and ensuring long-term sustainability. CFOs must be at the forefront of creating a GDPR-compliant organization, not only to avoid costly penalties but to protect the organization's reputation.Greet Gemels is the Chief Financial and Operating Officer at Advantage Group International, where she oversees the Finance, Human Resources, and Operations functions of a global market research company. In this episode, Greet and host Melissa Howatson discuss the critical implications of GDPR for CFOs and analyze the financial and operational risks involved.Discover how CFOs can effectively navigate current and evolving GDPR requirements to mitigate data security risks, ensure regulatory compliance, and safeguard their organization's financial and operational integrity.Discussed in This EpisodeHow GDPR data privacy laws have transformed data handling practices and regulatory compliance across organizations.The tangible and intangible costs of achieving GDPR compliance, along with the serious repercussions of non-compliance.The risks and implications of working with third-party vendors for tasks such as human resources and payroll.The critical need for strategic resource allocation, cross-functional collaboration, and robust metrics to assess the financial impact of GDPR compliance efforts.

The General Data Protection Regulation (GDPR) has been in effect since 2018, reshaping how businesses handle personal data across the globe. While many view GDPR as solely a legal or IT challenge, its impact ripples far beyond those departments—it touches every aspect of an organization. For CFOs, GDPR isn't just about compliance; it's about safeguarding the financial health of the company, managing operational risks, and ensuring long-term sustainability. CFOs must be at the forefront of creating a GDPR-compliant organization, not only to avoid costly penalties but to protect the organization's reputation.Greet Gemels is the Chief Financial and Operating Officer at Advantage Group International, where she oversees the Finance, Human Resources, and Operations functions of a global market research company. In this episode, Greet and host Melissa Howatson discuss the critical implications of GDPR for CFOs and analyze the financial and operational risks involved.Discover how CFOs can effectively navigate current and evolving GDPR requirements to mitigate data security risks, ensure regulatory compliance, and safeguard their organization's financial and operational integrity.Discussed in This EpisodeHow GDPR data privacy laws have transformed data handling practices and regulatory compliance across organizations.The tangible and intangible costs of achieving GDPR compliance, along with the serious repercussions of non-compliance.The risks and implications of working with third-party vendors for tasks such as human resources and payroll.The critical need for strategic resource allocation, cross-functional collaboration, and robust metrics to assess the financial impact of GDPR compliance efforts.

In der 49. Folge vom Netzpodcast sprechen wir über das Swiss-U.S. Data Privacy Framework, Regierungen vs. Messenger und die Fernmeldeüberwachung von 5G. Der Podcast der Digitalen Gesellschaft informiert über die aktuellen netzpolitischen Themen mit Bezug zur Schweiz und ordnet sie ein.

Was ist in der KW 33 in der Datenschutzwelt passiert, was ist für Datenschutzbeauftragte interessant? Wir geben einen kurzen Überblick der aktuellen Themen: Schnupper-Workshop: LEGO® Serious Play® - 5 Einsatzmöglichkeiten im Arbeitskontext (E-Mail: worksmart@migosens.de) Schweizer Entscheidungen_ Swiss-U.S. Data Privacy Framework Schweizer Entscheidungen (2C_275/2023 12.06.2024 (bger.ch)) Mustergültige Umsetzung des Ludwigshafener Pilotprojekt zur mobilen Videoüberwachung gegen illegale Müllablagerungen Urteil des Landesgerichts Hamburg Az. 327 O 250/22 gegen Verbraucherzentrale: DSK Beschluss Empfehlungen & Lesetipps: Datenschutzaufsicht Bayern (BayLDA): datenschutzgerechten Einsatz von KI-Technologien im Unternehmen BfDI: Konsultationsverfahren zum Prüfkatalog von Messengerdiensten Weitere Infos, Blog und Newsletter finden Sie unter: https://migosens.de/newsroom/ Twitter: https://twitter.com/DS_Talk Übersicht aller Themenfolgen: https://migosens.de/datenschutz-podcast-themenfolgen/ (als eigener Feed: https://migosens.de/show/tf/feed/ddt/) Instagram: https://www.instagram.com/datenschutztalk_podcast/ Folge hier kommentieren: https://migosens.de/schweiz-erkennt-u-s-data-privacy-framework-an-datenschutz-news-kw-33-2024/ #TeamDatenschutz #TeamInfoSec #DSTalk

Nel giro di un anno, Data Privacy Framework, DMA ed EU Artificial Intelligence Act stanno stravolgendo il panorama legaltech: non possiamo prevedere il futuro, ma possiamo fare un punto della situazione con l'avvocato Andrea Palumbo.Link menzionati nell'episodio:Sito Data Privacy Framework: https://www.dataprivacyframework.gov/Talk "EU AI Act: è possibile regolamentare l'utilizzo dell'AI?": https://www.improove.tech/videos/3330/EU-AI-Act-%C3%A8-possibile-regolamentare-l-utilizzo-dell-AIRoundtable "(Responsible) AI": https://www.improove.tech/videos/3345/Roundtable-%22Responsible-AI%22KudosEmanuele Garofalo per la postproduzione dell'episodioContattiTutti i podcast di Improove: https://www.improove.tech/podcastCanale Telegram di Improove: https://t.me/improove_techCanale Telegram di Cloud Champions: https://t.me/CloudChampions

Die Entwicklungen im Datenschutz könnten kaum vielfältiger sein: Ransomwareangriffe, KI-Dienste wie ChatGPT, EU-U.S. Data Privacy Framework, weitere Harmonisierung bei der Datenschutzaufsicht, um nur Beispiele zu nennen. Ein Spiegelbild dessen war die IDACON 2023, die vom 7. - 9. November in München stattfand.

Als der Angemessenheitsbeschluss zu Data Privacy Framework (DPF) bekannt wurde, war bei vielen Wirtschaftsverbänden die Erleichterung groß, doch Kritiker warnten umgehend, DPF könne zu einem echten Nachfolger von Privacy Shield werden und ebenfalls für ungültig erklärt werden. Für die deutsche Wirtschaft aber wäre die Rechtssicherheit wichtig, wie Verbände betonen. Im Interview erklärt Dr. Eugen Ehmann, wie Datenschutzbeauftragte den Angemessenheitsbeschluss zu DPF verstehen und bewerten können.

Sommerens innføring av Data Privacy Framework markerte en milepæl for overføring av personopplysninger til USA. Mange lurer nå på hvordan det nye rammeverket vil påvirke dataoverføringer fra deres virksomhet. I denne episoden av Lovlytt forklarer personvernekspert og advokatfullmektig Marte Wellerop Tronstad hva en adekvansbeslutning er, og hva det nye rammeverket betyr for bruken av amerikanske skytjenester. Er din virksomhet oppdatert? Programleder er advokat/assosiert partner Ida Brabrand. Produsent Øystein Weibell/Kanonlyd. 

Das neue Abkommen zwischen der EU & USA ist im Juli 2023 gelandet . Was ist zu tun , Welche Dinge sind im Auge zu behalten

Mitarbeiterdaten werden in Konzernen regelmäßig über Landes- und Unternehmensgrenzen hinaus verarbeitet, oft auch außerhalb der EU. Der Datenhunger ist groß, und die Regelungen sind komplex. Zuletzt hat das Mitte Juli neu in Kraft getretene Datenschutzabkommen zwischen EU und USA (EU-U.S. Data Privacy Framework) zu Veränderungen geführt.   Im CMS Employment Snack sprechen Arbeitsrechtsexperte Jens Winter und Datenschutzrechtsexperte Andreas Lichtenberger gemeinsam mit Daniela Krömer über betriebsverfassungsrechtliche und datenschutzrechtliche Grenzen der konzernweiten und grenzüberschreitenden Verarbeitung von Mitarbeiter:innendaten, und zeigen Möglichkeiten und Fallstricke für Unternehmen auf.

Now that the European Commission has published the new EU-US Data Privacy Framework, it will be easier for organizations to transfer personal data from the EU to the United States.

Seit dem 10. Juli dieses Jahres gilt das EU-US Data Privacy Framework. Die Vereinbarung erlaubt es Unternehmen, unter gewissen Voraussetzungen Daten in die USA zu transferieren. Die Erlaubnis beruht auf einem erneuten Angemessenheitsbeschluss der EU-Kommission, nach dem die Vorherigen vom Europäischen Gerichtshof einkassiert worden waren. Was genau dieses DPF ist und was Unternehmen beachten müssen, hat die Konferenz der Datenschutzaufsichtsbehörden des Bundes und der Länder (DSK) Anfang September in ausführlichen Anwendungshinweisen gut verständlich erläutert. Anders als vergleichbare Beschlüsse mit weiteren Staaten erlaubt die Neuregelung nicht grundsätzlich eine Weitergabe über den Atlantik, wie die DSK betont. Das DPF wirkt sektoral und erfasst nur Datenübermittlungen an solche US-Unternehmen und -Organisationen, die aktiv an diesem Programm teilnehmen und sich in eine entsprechende Liste eintragen lassen. In Episode 93 des c't-Datenschutz-Podcasts erläutern Redakteur Holger Bleich und heise-Verlagsjustiziar Joerg Heidrich, was sich mit dem DPF für Unternehmen, aber auch für Bürgerinnen und Bürger ändert. Ihnen kompetent zur Seite steht dabei Carola Sieling. die Fachanwältin für IT-Recht berät in ihrer Kanzlei Unternehmen in Datenschutz-Belangen und fungiert als Datenschutzbeauftragte. Zusammen lesen sich die Drei kommentierend durch das DSK-Papier. Neben dem DPF diskutieren sie außerdem ein hohes Bußgeld, das die irische Datenschutzbehörde gegen die TikTok Technology Limited, also den europäischen Ableger von TikTok/Bytedance, ausgesprochen hat. Das Unternehmen soll 345 Millionen Euro zahlen, weil es im Beobachtungszeitraum 2020 diverse Verstöße im Umgang mit den Daten Minderjähriger begangen hat.

Mark Webber is the US Managing Partner of Fieldfisher, a London-based international law firm with offices in Europe, the US, and China. An English lawyer living in the Silicon Valley, Mark oversees the firm's US operations. As a recognized leader in privacy law with extensive experience working with the world's leading technology companies, Mark is known for finding innovative solutions to complex legal challenges. At Fieldfisher, Mark has been instrumental in establishing, nurturing, and expanding the firm's presence, operations, and services in the US. In this episode… Lawyers endorse the Data Privacy Framework as a valuable tool to mitigate cybersecurity risks. However, many experts argue that protecting businesses from other privacy risks — such as those posed by AI — is not enough. The draft of the European Union AI Act has sparked debate among privacy professionals, with some advocating for a prohibition on the unrestricted use of AI technologies such as biometrics in real time. Mark Webber, a seasoned lawyer with expertise in technology and privacy, disagrees with this approach. He cautions against AI's high-risk threats to transport, infrastructure, and decision-making. To mitigate these risks, Mark suggests that companies conduct an AI impact assessment, such as the one developed by the National Institute of Standards and Technology, before implementing generative AI systems. He also warns that, given the ever-evolving nature of AI, any governing policies will only be effective with proper education and training. In this episode of the She Said Privacy/He Said Security Podcast, Mark Webber, US Managing Partner at Fieldfisher, joins Jodi and Justin Daniels to discuss the US-EU Data Privacy Framework and AI. Mark explains how the framework will impact businesses, the European Union AI Act, the intersection of AI regulation with GDPR, and why organizations should consider implementing AI assessment frameworks.

In October 2022, President Biden issued an executive order regarding the European Union - U.S. Data Privacy Framework. The Framework allows for data flows between the EU and the U.S., and it was established after the European Court of Justice struck down a prior agreement known as the EU-U.S. Privacy Shield. The executive order addresses U.S. collection of signals intelligence, which has been a source of concern for EU regulators and privacy advocates. The executive order limits signals intelligence collection to defined national security objectives, requires the privacy and civil liberties of all persons be considered regardless of nationality, and the collection must be proportionate. In addition, the executive order calls for a multi-layered review process that will allow individuals to lodge complaints regarding the collection of signals intelligence.Our experts will discuss whether the Framework addresses the concerns of privacy advocates in the EU and the U.S., and they will consider the implications of the review process for U.S. intelligence collection. This program will also explore whether the EU and U.S. can reach a durable privacy agreement given the tension between EU privacy preferences and U.S. national security needs.Featuring:- Stewart Baker, Of Counsel, Steptoe & Johnson LLP- Max Schrems, Founder, NOYB- [Moderator] Matthew R. A. Heiman, General Counsel & Corporate Secretary, Waystar Health; Senior Fellow and Director of Planning, National Security InstituteVisit our website – www.RegProject.org – to learn more, view all of our content, and connect with us on social media.

In July 2023, the EU and the U.S. signed an agreement to replace the Privacy Shield with the revised Data Privacy Framework. But Schrems has said he'll try to take it down, just like he did Safe Harbor and Privacy Shield, and a French lawmaker has filed an official challenge. Julian Flamant, senior associate at Hogan Lovells, talks us through the changes and what we should EVEN DO!

By Adam Turteltaub First there was Safe Harbor, then there was Privacy Shield, both of which were struck down, leaving an enormous chasm in the rules for sharing data between the EU and the US. Now, explains, Andre Bywater, Partner, Cordery, there is a bridge: the EU-US Data Privacy Framework. The new framework seeks to address the issue that led to the court striking down Privacy Shield: access to data by US intelligence agencies. To allay European concerns the US has now put in place a two-level system to redress grievances. EU citizens can lodge a complaint with the Civil Liberties Protection Office. If not satisfied with the results there, they can escalate to the US Data Protection Court, which has the power to issue orders to have data deleted. The new framework is likely to be a big step forward, but it's not the only one data processors will have to take. Organizations will first need to determine if they are eligible to participate. Next, they will need to self-certify their processes for handling EU data, a process that will be overseen by the US Department of Commerce, with enforcement handled by the FTC. Whether self-certifying for the first time or recertifying, there are countless details to be watched. There are special provisions, for example, when it comes to HR data. And, of course, there is a question of whether courts in Europe will allow the new regime to stand. There is already speculation that a new case may be brought in January 2024. For now, though, there is a new EU-US Data Privacy Framework in place. Listen in to learn more about what your organization needs to do to comply.

Agnes Hammarstrand var med så sent som i avsnitt 110. Men det hände en hel del efter vårt avsnitt så jag bjöd in henne igen. Den här gången pratar vi dels om IMYs granskning av fyra företags användning av Google Analytics och vad den innebär. Vi pratar också om EU-USA Data Privacy Framework som blev officiellt strax därefter. Agnes går igenom vad den här nya överenskommelsen mellan EU och USA betyder för oss marknadsförare och de tjänster vi använder. Allt från webbanalysplattformar till marketing automation och olika marknadsföringstjänster. Ur ett legalt perspektiv. Du får dessutom höra om: Vad som är nytt i Data Privacy Framework Hur stor risken är att vi får ett Schrems III 5 saker att ha koll med tjänster och verktyg Funktioner och taktiker att se upp med framöver PTS granskning av cookie-samtycken Och varför hon anser att vi marknadsförare har fokuserat alldeles för mycket på överföringarna till USA i sig. Plus en massa mer… Jobbar du med e-handel och inte har lyssnat på avsnitt 110 så hoppas jag också att du gör det. Vi pratar då om en rad nya regler för bland annat reor och prissänkningar. Om gästen Agnes Hammarstrand är advokat och partner på advokatbyrån Delphi. En affärsjuridisk byrå som är en av Sveriges ledande inom IT, tech, e-handel och marknadsföring. Det här är även Agnes expertisområde och hon har lång erfarenhet av att jobba med frågor kring digitalisering, IT, e-handel och marknadsföring. Och hon har byggt upp ett stort team som arbetar med detta. Agnes har dessutom fått en hel del utmärkelser som bland annat Årets Justitia och den advokat svenska advokater helst hade anlitat inom affärsjuridik. Tidsstämplar [2:49] Agnes om IMYs granskning av fyra företags användning av Google Analytics och vad de kom fram till i den. [6:24] EU-USA Data Privacy Framework. Vad det är, vad som är nytt och hur det fungerar. [8:41] Hur stor risk det är att vi hamnar i ett Schrems III. Och hur lång tid kan en sån process ta när NOYB drar igång. [13:32] Om det är ok att använda amerikanska tjänster, verktyg och pixlar. Inte minst webbanalysplattformar som Google Analytics. [21:27] Hur vi kan förbereda oss för ett potentiellt Schrems III. Och om det är några funktioner eller tjänster vi bör se upp med. [27:28] Om certifieringen av företag inom Data Privacy Framework och vad marknadsförare bör känna till om det. [29:22] Post- och Telestyrelsens granskning av cookie-samtycken och vad handlar den om. [33:55] IMY-granskningar, DSA, Tillgänglighetsdirektivet, AI-förordningen och annat som händer i höst. Länkar Agnes Hammarstrand på LinkedIn Delphi webbsida Delphi aktiviteter/events/webinars Delphi Tech-blogg Fyra bolag måste sluta använda Google Analytics - IMY (artikel) EU-kommissionen har fattat beslut om adekvat skyddsnivå för USA - IMY (artikel) Data Privacy Framework (webbsida) Sök bland certifierade företag - Data Privacy Framework (webbsida) Tillgänglighetsdirektivet - Digin.nu (webbsida) Svensk Handel om Tillgänglighetsdirektivet (artikel) EU:s AI-förordning: första förordningen om artificiell intelligens - Europaparlamentet (artikel) Artikel om Veckans Martech: Amanda AI (samarbete)

The European Commission's adoption of its adequacy decision for the EU-U.S. Data Privacy Framework cleared the way for U.S.-based entities to certify their participation and begin importing EU personal data. In this second installment of a two-episode series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, chats with U.S.-based colleagues, partner Bret Cohen, and senior associates Julian Flamant and Natalie Perez, to discuss the history of Trans-Atlantic data flows and unpack how U.S. importers can leverage the Framework. Scott Loughlin: Contact Bret Cohen: Contact Julian Flamant: Contact Natalie Perez: Contact

Unverhofft kommt oft?! Sogar die Daueroptimistin Laura hat nicht mehr damit gerechnet, aber wie aus Nichts gibt es nun doch einen Angemessenheitsbeschluss für die USA. Cornelius und Laura beschreiben alle möglichen Szenarien und was es nun zu beachten gilt. Wird das Data Privacy Framework den Erwartungen gerecht, was ändert sich und vor allem was ändert sich nicht? Für die Cornelius Inc. geht es jedenfalls endlich wieder bergauf. Und ein milde gestimmter Cornelius sieht auch eine Zukunft für europäische Anbieter.

We're being joined by data privacy expert Paula Bruening for a “what's what” when it comes to the new EU-US Data Privacy Framework (DPF). Paula is the founder and principal at Casentino Strategies, where she helps small and medium-sized companies comply with data privacy rules and regulations, like GDPR, CCPA, and now the DPF. From background to implementation, we're talking all things EU-U.S. Data Privacy Framework with Paula.

Wirkt sich das EU-U.S. Data Privacy Frameworks auf die Einwilligung nach Art. 49 Abs. 1 UAbs. 1 lit. a DSGVO aus und – falls ja – wie? Über diese Frage wird im Podcast laut nachgedacht. Eine ausführliche Auseinandersetzung mit diesem Thema bietet das Webinar "EU-U.S. Data Privacy Framework" am 18. September mit unserem Podcast-Host Dr. Jens Eckhardt. Direkt anmelden unter https://ottosc.hm/webdata

Reed Smith Partners Cynthia O'Donoghue and Andreas Splittgerber delve into the recent developments surrounding the EU-U.S. Data Privacy Framework and discuss other data transfer mechanisms.

Spezialgast David Rosenthal erläutert im Gespräch mit Martin Steiger alles Wichtige rund um das neue Data Privacy Framework (DPF). Im ersten Teil erklärt David insbesondere, wie Verantwortliche in der Schweiz die neue Lösung heute schon nutzen können.

Earlier in July, the European Commission adopted its eagerly anticipated adequacy decision on international data transfers under the EU-U.S. Data Privacy Framework. The adequacy decision was preceded by substantial changes to U.S. intelligence-gathering requirements that have cleared the path for transfers of EU personal data. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells partner Eduardo Ustaran and senior associate Julie Schwartz on what the adequacy decision means for EU-based data exporters and the future of the framework in light of expected legal challenges. Scott Loughlin: Contact Eduardo Ustaran: Contact Julie Schwartz: Contact

Stefan Brink und Niko Härting sprechen zunächst über den Angemessenheitsbeschluss der Europäischen Kommission, der den Transfer von Personendaten in die USA erleichtert. Nach „Safe Harbor“ und „Privacy Shield“ heißt es jetzt – ganz nüchtern – „EU-U.S. Data Privacy Framework“. Mal schauen, was daraus wird. Ab Minute 12:05: Susanne Baer war bis vor kurzem Richterin am BVerfG und hat am 26.5.2023 ihre Abschiedsrede gehalten, die kürzlich auszugsweise im „Spiegel“ nachzulesen war (https://www.spiegel.de/kultur/richterin-susanne-baer-sie-brauchen-grundrechte-wenn-sie-irgendwie-groesser-als-anders-kleiner-als-sind-a-51e856ed-9e43-49f9-b6c5-3963ed8f5578). In einem FAZ-Beitrag hat sich der Bonner Hochschullehrer Klaus Ferdinand Gärditz zu dieser Rede sehr kritisch geäußert (https://www.faz.net/aktuell/feuilleton/verfassungsgericht-darf-sich-nicht-der-kritik-an-seinen-urteilen-verschliessen-19021651.html). Susanne Baer zeichnet in ihrer Abschiedsrede ein düsteres Bild von dem Zustand der Gesellschaft, befürchtet ein „Rollback“. Sie beklagt eine zunehmende Diffamierung des BVerfG und seiner Richter, spricht von einem „gefährlichen Sound“ aus dem rechten Spektrum, das die Verfassungsordnung ablehne. Klaus Ferdinand Gärditz tritt dieser Sichtweise entgegen und meint, eine Verfassungsgerichtsbarkeit dürfe nicht aus Sorge vor populistischen Affekten „kritikscheu“ werden: „Robustheit und die Gelassenheit, besonders wilden Blödsinn zu ignorieren, gehören zur Jobbeschreibung aller, die ein öffentliches Amt haben.“ Stefan Brink und Niko Härting diskutieren, ob es tatsächlich Anzeichen für das von Susanne Baer befürchtete „Rollback“ gibt. Dagegen könnte sprechen, dass es heute – anders als beim Amtsantritt von Susanne Baer vor 12 Jahren – kaum noch Aufsehen erregen würde, dass eine Verfassungsrichterin offen homosexuell ist. Hat Gärditz recht, wenn er meint, man sei in Karlsruhe womöglich „kritikscheu“? Gibt es in Karlsruhe eine Art „Bunkermentalität“, die sehr unterschiedliche Richterinnen und Richter zum Zusammenhalt motiviert, weil man sich populistischer, diffamierender Kritik von „Feinden der Verfassung“ ausgesetzt sieht?

In this episode, Caitlin Chin sits down with Anupam Chander, the Scott K. Ginsburg Professor of Law and Technology at Georgetown University Law Center and an expert on the global regulation of new technologies. Caitlin and Anupam share early thoughts and predictions on Threads, a new conversational app designed by Meta. In addition, they discuss how recent developments with the EU-U.S. Data Privacy Framework, Digital Markets Act, Ireland's Data Protection Commission, and Federal Trade Commission could impact Meta's future in the European Union and United States.

Rohan Massey is a Partner at Ropes & Gray, a global law firm operating in the US, Asia, and Europe providing counsel in labor and employment issues, tax and benefits, and creditors' rights. Rohan advises on complex global data and security compliance programs covering asset management and financial services, life sciences and clinical trials, and marketing. He's an expert on the intersection of the extraterritorial scope of national data protection laws and data transfer issues for global organizations. In this episode… Cross-border data transfer is the exchange of electronic personal information across international borders. The European Union governs these transactions through a protection law known as the General Data Protection Regulation. Many large corporations operate in multiple countries, so acceptable contract agreements between partnering companies must be heavily enforced using a data privacy framework.  Data and cybersecurity experts like Rohan Massey work to implement and educate organizations about data privacy frameworks. These tools provide immediate support when concerns such as data breaches pose a threat to data privacy. DPFs are designed to adjust as events unfold. In regard to compliance, decision-making, and communication, corporations should consider adopting a data privacy framework.  In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Rohan Massey, Partner at Ropes & Gray, for an in-depth conversation about the data privacy framework in relation to cross-border transfers. Rohan explains how the data privacy framework affects international corporations, the treatment of HR data versus “regular” data under DPF, and when companies should consider using standard contractual clauses.

The Data Privacy Framework (DPF) Program is now in effect, replacing the Privacy Shield Program as the mechanism to allow the safe, seamless transfer of personal data from the EU to the U.S in compliance with EU law. In this special edition episode of Privacy Abbreviated, host Dona Fraser is joined by IAPP's Cobun Zweifel-Keegan … Continue reading Data Privacy Framework (DPF) is Here – Now What? →

Das Transatlantische Datentransferabkommen, auch bekannt als "Safe Harbor" und später als "Privacy Shield", war ein bedeutendes Abkommen, das den grenzüberschreitenden Austausch personenbezogener Daten zwischen der Europäischen Union und den Vereinigten Staaten regelte. Nach „Safe Harbor“ und „Privacy Shield“ ist das „Trans-Atlantic-Data-Privacy-Framework“ am 10.07.23 verabschiedet worden und nun der dritte Anlauf, die Datensicherheit zwischen der EU und den USA sicherzustellen. Im Podcast spreche ich mit Rechtsanwalt Stephan Schmidt über das neue Abkommen und was man darüber alles wissen sollte. Euer Feedback, alle Links zum Thema und euer Feedback unter https://digitales-unternehmertum.de/455

Il 10 luglio 2023 la Commissione europea ha emesso la decisione di adeguatezza con riferimento al DPF per garantire un adeguato livello di protezione per i dati personali trasferiti dall'UE alle aziende statunitensi. Oggi, al bancone di The Bar, Emilio Barozzi e Micol Sabatini parlano del nuovo accordo che rappresenta il “terzo step” dopo il lungo iter di negoziazione sui trasferimenti transfrontalieri UE-USA.

This time on The Roadmap, technology lawyer Rob Powell chats to data privacy expert Hannah Crowther – who gives us the lowdown on the EU Commission's decision to adopt the EU-US Data Privacy Framework – and, more importantly, what it means for you in practice.They explore:How will this impact on your review of data protection agreements?What will need to change in terms of data due diligence?When does it kick-off?Where does this leave us in terms of the Standard Contractual Clauses?How long will this latest data transfer mechanism actually last and will it be challenged?What does this mean for data transfers from the UK?Thanks for listening! If you have any feedback, questions or comments, please email us at theroadmap@bristows.com Find all the episodes as we release them here, and don't forget to subscribe! Follow us on Twitter and LinkedIn using #TheRoadmapPod

Die EU-Kommission hat am 10.07.2023 das EU-U.S. Data Privacy Framework als Angemessenheitsbeschluss nach Art. 45 Abs. 3 DSGVO veröffentlicht. Für die Praxis stellt sich zunächst die Frage, wie der Beschluss für Standardvertragsklauseln und Binding Corporate Rules wirkt, und zwar sowohl unmittelbar als auch sogar mittelbar . Diesem ersten Blick auf die Wirkung widmet sich der Podcast. Das weitgreifende Komplettangebot inklusive Formulare zu DSGVO/TTDSG/BDSG im Beratermodul Datenschutzrecht. 4 Wochen gratis nutzen! ottosc.hm/dsgvo

This week, we discuss the new EU adequacy decision for the US, based on the Data Privacy Framework (plus Max Schrems's inevitable reaction), and a proposed UK-US ‘data bridge'; fixes for three more vulnerabilities in Progress Software's MOVEit Transfer app; plus this month's Patch Tuesday and other security updates.

In this episode of Serious Privacy,Paul Breitbarth of Catawiki and  Dr. K Royal catch up on a busy 48 hours in the world of privacy and data protection. Their conversation goes from a new landmark decision by the Court of Justice of the European Union to updates on the Thingy to new FTC nominations to a proposed EU law on the cooperation between data protection authorities. They also touch on China, Nigeria, India, Ireland, Argentina, and in the U.S. ... Delaware. Whew.Links:Meta v BundeskartellamtDraft EU law on DPA cooperationThe ICCL comments on the draft EU lawThe EU-U.S. Data Privacy Framework (as adopted)The Irish gag order for data protection investigationsUK-US Data BridgeFTC NominationsFrance TikTok Law50 Years of FIPPsThe Imposter Syndrome Network PodcastFun conversations about technology careers that inform and inspire. =) Listen on: Apple Podcasts Spotify As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO

Dans cet épisode, 4 actualités sont décodées. La première concerne le nouvel accord de transfert des données transatlantiques, le Data Privacy Framework, validé par la Commission européenne mais déjà contesté, notamment par Noyb et Max Schrems. La deuxième actualité porte sur deux appels à projet du gouvernement français sur la robotique, avec une enveloppe totale de 80 millions d'euros. Sans oublier : la Chine veut encadrer les contenus générés par l'IA générative, et le géant indien Tata pourrait devenir le premier fabricant indien d'iPhone.Les épisodes de Signaux faibles sont disponibles sur Siècle Digital et les plateformes de streaming. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

"Echoes of Halliburton" Hosts: Darren Weeks, Vicky Davis Website for the show: https://governamerica.com Vicky's website: https://thetechnocratictyranny.com COMPLETE SHOW NOTES AND CREDITS AT: https://governamerica.com/radio/radio-archives/22524-govern-america-july-8-2023-echoes-of-halliburton Listen LIVE every Saturday at 11AM Eastern time at http://radio.governamerica.com Text GOVERN to 80123 to be notified of live transmissions that may occur outside of our regularly-scheduled Saturday broadcasts. These transmissions will occur when/if circumstances warrant. Biden administration is sending cluster bombs to Ukraine, despite saying in the past that it would be a war crime to use them. Joe Biden admits the military he oversees is running out of ammunition since he's giving it all to Ukraine. The deliberate compromise of U.S. military readiness and the demoralization of American armed forces. Bankers again stand to rake in billions off war and post-war rebuilding, as the American people approach $1 TRILLION in credit card debt. State Department USAID pushes Marxist cultural revolution around the world. White powder at the White House: who's doing blow near the situation room? More mysterious land purchases near military bases. The E.U.-U.S. Data Privacy Framework, and more.

In October 2022, President Biden issued an executive order regarding the European Union – U.S. Data Privacy Framework. The Framework allows for data flows between the EU and the U.S., and it was established after the European Court of Justice struck down a prior agreement known as the EU-U.S. Privacy Shield. The executive order addresses […]

In October 2022, President Biden issued an executive order regarding the European Union - U.S. Data Privacy Framework. The Framework allows for data flows between the EU and the U.S., and it was established after the European Court of Justice struck down a prior agreement known as the EU-U.S. Privacy Shield. The executive order addresses U.S. collection of signals intelligence, which has been a source of concern for EU regulators and privacy advocates. The executive order limits signals intelligence collection to defined national security objectives, requires the privacy and civil liberties of all persons be considered regardless of nationality, and the collection must be proportionate. In addition, the executive order calls for a multi-layered review process that will allow individuals to lodge complaints regarding the collection of signals intelligence.Our experts will discuss whether the Framework addresses the concerns of privacy advocates in the EU and the U.S., and they will consider the implications of the review process for U.S. intelligence collection. This program will also explore whether the EU and U.S. can reach a durable privacy agreement given the tension between EU privacy preferences and U.S. national security needs.Featuring:Max Schrems, Founder, NOYBStewart Baker, Of Counsel, Steptoe & Johnson LLPModerator: Matthew R. A. Heiman, General Counsel & Corporate Secretary, Waystar Health; Senior Fellow and Director of Planning, National Security Institute

A risk-based approach was an innovation promised by policymakers. Risk-based meant the likelihood and magnitude of adverse outcomes on people related to the processing of their data. Yet privacy regulators and courts ​often discount ​risk analysis ​that is not directly tied to individual autonomy, transparency, or the ability to exercise data subject rights, negatively impacting innovative data uses.Join us for this session​ where we will show examples of how companies can leverage a risk-based approach to manage their privacy program.

Der Podcast gibt einen Überblick über die nächsten Schritte auf dem Weg zum EU-US Data Privacy Framework – sowohl in Bezug auf die Rechtsetzung als auch in Bezug auf die zu beachtenden Anforderungen sowie die sich bereits abzeichnenden ToDos im Unternehmen. Das weitgreifende Komplettangebot inklusive Formulare zu DSGVO/TTDSG/BDSG im Beratermodul Datenschutzrecht. 4 Wochen gratis nutzen! ottosc.hm/dsgvo

This week, we discuss the European Parliament Committee on Civil Liberties's opinion of the EU-US Data Privacy Framework, Twitter's decision to disable free text-based 2FA, a series of attacks on GoDaddy's infrastructure and the HardBit 2.0 ransomware group's negotiation tactics.

On 13 December 2022, the European Commission published the long-awaited draft adequacy decision for the EU-U.S. Data Privacy Framework, among podcast listeners also known as the Thingy. In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool talk about the adequacy decision, and what they consider is missing from it. Resources:Draft Adequacy DecisionIAPP Privacy Shield - DPF comparisonODNI Redress ProcessExecutive Order 14086OECD Policy Framework on Digital Security As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email seriousprivacy@trustarc.com. Please do like and write comments on your favorite podcast act so other professionals can find us easier. 

Hear from the lead negotiators of the European Union-U.S. Data Privacy Framework on how it came together, what challenges were involved, and what they see on the horizon of cross-border transfers with the EU.

EU-US Data Privacy Framework – Our Expert Commentators!You have just heard from the lead negotiators for the US and EU about the current state for the new EU-US Data Privacy Framework (EUDPF), and what the path is to an Adequacy Decision.Now hear from some of our leading experts on what this means, and how companies should plan for the new EU-US DPF, including:The New Executive Order directing Federal Agencies to implement measures for complying with the European Union-U.S. Data Privacy Framework.How Companies can prepare for the new requirements in the EU-US DPF.

Was ist in der KW 50 in der Datenschutzwelt passiert, was ist für Datenschutzbeauftragte interessant? Wir geben einen kurzen Überblick der aktuellen Themen: Landgericht Essen: Scraping bei Facebook stellt keinen Datenschutzverstoß dar. Schadenersatz von Meta / Stiftung Warentest – Urteil vom 10.11.2022, Az. 6 O 111/22 (GRUR-RS 2022, 34818) Staatliche Umfrage zum Warntag löst bei Teilnehmenden Datenschutzbeschwerden aus EU-US-Data Privacy Framework: EU-Kommission veröffentlicht neuen Vorschlag für Angemessenheitsbeschluss Ursache für Datenleck bei Continental vermutlich ein nicht autorisierter Browser Datenschutzverstöße im Rahmen des Zensus 2021: Portugiesische Datenschutzbehörde verhängt Bußgeld in Höhe von 4,3 Mio. EUR Positionspapier zur Chatkontrolle beinhaltet anlasslose Durchsuchungen

With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast. References: Full Newsroom (Fall 2022) Tara Taubman-Bassirian on the Instagram fine Peter Hense on valid consent Cory Underwood on Google Analytics and Sephora Derek A. Lackey on Joe Biden's Executive Order (a marketer's perspective) Stephan Grynwajc on Joe Biden's Executive Order (a lawyer's perspective) Selected updates:  Enforcement Starting with Europe, the most discussed recent case, and perhaps the most complex, is Ireland's 405m EUR fine to Meta for the manner in which it exposed contact details for 13-17 year olds on Instagram business accounts. At its core: the European Data Protection Board (EDPB)'s intervention to find a compromise between the Data Protection Commissioner (leading supervisory authority for most US tech giants) and other Data Protection Agencies accusing it of resting on its laurels.  Perhaps even more relevant to the interplay that we mostly care about (MarTech/AdTech + Privacy) was the French DPA's announcement of a potential 60m EUR fine for Criteo. All hints point to a lack of proper oversight in the obtention of valid consent through publishers and advertisers. The role of these two was instrumental in building what the company had once claimed were “IDs and interests for 72% of all internet users”, so this case could bring us full circle into the Consent Management Platforms debate and whether they can be relied upon. All in all, it is no wonder that Criteo has moved firmly into first-party data territory, now calling itself a Commerce Media platform.  The Digital Analytics space got its own share of excitement too. Denmark became (with Austria, France, and Italy) the fourth country to make it clear that Google Analytics breached the GDPR unless additional measures are taken. As explained in detail by France's CNIL, the only way to avoid scrutiny was using a reverse proxy (a company's own EU-based server, filtering out important pieces of information prior to forwarding calls to Google's servers). As many will remember, this was only the tip of the iceberg of the 101 complaints filed by NYOB against companies using either Google Analytics or the Facebook pixel.  Next in line was TikTok, quickly catching up with Meta/Facebook and Google in terms of privacy violations, penalties, privacy lawsuits and privacy-related scandals. Its latest trophies: the UK's DPA (ICO)'s proposed 27m GBP fines for its mishandling of children's data (they were allowed to sign up without parental consent, information provided was insufficient, and special categories of data were being processed), a 92 million settlement in Illinois (under the State's Biometric Information Privacy Law on which every major social media platform has stumbled before) and recent coverage of the manner in which its tracking pixels follow everyone around the web. Legal updates It may not be a new law or court case, but Joe Biden's Executive Order to make room for the EU-US Data Privacy Framework (Privacy Shield 2.0) is the biggest piece of news on this front. All going well in Brussels, it could put an end to the nightmare currently faced by the millions of customers of US-based SaaS MarTech and AdTech solutions that happen to process data on US soil, including Google Analytics, Mailchimp, HubSpot, or Salesforce Marketing Cloud.  For its part, the UK wants out of the GDPR and this could actually result in a more dynamic environment (it relied on an Oxford University research that claimed that the GDPR is costing UK businesses 8% of their profits). For one thing, they are proposing to let small businesses get on with their lives.  Future of media Elon Musk completed his acquisition of Twitter, announcing monthly charges to its heaviest users - starting with those displaying a “verified” blue icon, who happen to be the ones caring the most about the status their identity or following confers to them. This was criticized as a “misinformation nightmare”, in very timely Halloween fashion. 

This week, we discuss the new mechanism for transferring EU residents' personal data to the US, the first GDPR Data Protection Seal, a new ransomware attack targeting Ukraine and its allies, and the first layer in a defence-in-depth approach to cyber security: detection.

Derek A. Lackey is Managing Director of Newport Thomson, a Privacy Agency based in Toronto. With more than 30 years of marketing, advertising and privacy experience, he is focused on data protection & privacy and its effect on the brand. Derek is the author of “CASL Compliance: A Marketer's Guide to Email Marketing to Canadians”, and looks to simplify the implementation of new data management practices within organizations.  This will be the first of two separate perspectives on the basic premises that make EU-US data transfers so difficult (in the aftermath of Joe Biden's Executive Order paving the ground for the Data Privacy Framework). We will also get a first impression of the Canadian scenario as an interesting blend of both approaches. References: Newport Thomson Derek A. Lackey on LinkedIn Joe Biden's Executive Order Max Schrems' first reaction to the EO CASL Compliance: A Marketer's Guide to Email Marketing to Canadians

President Biden signs EO in compliance with US-EU Data Privacy Framework. Byline: The EU and US signed last March the US-EU Data Privacy Framework that seeks to protect individual privacy while at the same time allowing licit data flows between the two countries. President Biden just signed a new Executive Order that would bring the US into full compliance with US laws and the agreement with the EU.

Transatlantic data flows are critical to enabling the $7.1 trillion EU-U.S. economic relationship. The EU-U.S. Data Privacy Framework will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-U.S. Privacy Shield framework as a valid data transfer mechanism under EU law. The post Protecting Personal Data? Executive Order to Implement the EU-US Data Privacy Framework appeared first on ComplexDiscovery.

The US-EU Trans-Atlantic Data Privacy Framework, announced in March of this year, is a new agreement governing trans-Atlantic data flows between the United States (US) and the European Union (EU) – specifically data flows from EU countries to the U.S. that contain personal information of EU residents. The new framework is intended to replace the previous Privacy Shield Framework, which the EU Court of Justice found did not provide adequate protection of privacy, as required by the General Data Protection Regulation and other law.In this podcast, experts discuss whether the new Trans-Atlantic Data Privacy Framework effectively addresses the concerns of the EU Court of Justice providing for a solid legal basis for future Trans-Atlantic data transfers.Featuring:Stewart Baker, Partner, Steptoe & Johnson LLPTheodore Christakis, Professor of International and European Law, University Grenoble AlpesPeter Swire, Elizabeth and Tommy Holder Chair, Scheller College of Business, Georgia Institute of Technology[Moderator] Paul Rosenzweig, Professorial Lecturer in Law, The George Washington UniversityVisit our website – www.RegProject.org – to learn more, view all of our content, and connect with us on social media.

In this episode Alexander and Simon talk about some services impending doom, the Power BI March update, the new trans-atlantic data privacy framework, Bravo for Power BI and Alexander fails miserably trying to pronounce where the upcoming Finnish Azure datacenter will be located. See acast.com/privacy for privacy and opt-out information.

On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy between the European and the US regions.

La notizia è che USA e EU stanno cercando di trovare un accordo, il nuovo Privacy Shield per gestire il trasferimento dei dati personali.Per capire cosa è, perché è importante, cosa c'entra Google Analytics, chi è Schrems e a cosa porta il Trans-Atlantic Data Privacy Framework ho arruolato Giuseppe Vaciago di 42LawFirm.Uno speciale per capire davvero.»»»Io sono Matteo Flora, mi occupo di #Reputazione Digitale, la insegno in Università e faccio consulenza ad Aziende, Enti e Professionisti con le mie aziende.Vengo dalla Sicurezza informatica - ma vengo in pace - e qui con “Ciao Internet” ti racconto tre volte alla settimana come la Rete ci Cambia, come capirla e usarla al meglio per migliorare la tua vita e professione, non solo digitale.Se vuoi è il momento giusto per iscriverti - FALLO SUBITO - e se hai bisogno di ancora più spunti ci sono “2 Minuti di Internet”, la newsletter settimanale, ed il Gruppo e Canale Telegram per discutere assieme, trovi i link qui sotto.Le mie Aziende » http://matteoflora.com/#aziendeCommunity Telegram » https://mgpf.it/tgNewsletter e Corso Gratis » https://mgpf.it/nlFacebook » https://mgpf.it/fbPodcast » https://mgpf.it/pcPer contatti commerciali: sales@matteoflora.com

On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy between the European and the US regions.

The recently announced Transatlantic Data Privacy Framework will foster data flows between the US and the EU, addressing the concerns raised by the Schrems II. decision. The US-made an unprecedented commitment to strengthen the privacy protection applicable to US signals intelligence activities within the new framework. New safeguards will be implemented to protect citizens' rights while advancing cross-border data flows. The next step is to translate this framework agreement into legal documents that will be put into practice on both sides of the Atlantic. But what does this mean for data privacy in practice? What are the major challenges, and what can we expect in the long run? We spoke to J. Scott Marcus, Senior Fellow at the EU's economic think tank, Bruegel, about the history and future of transatlantic data flows. Read on to learn how synthetic data can solve cross-border data sharing!

The National Institute of Standards and Technology's cybersecurity guidance has found a high degree of acceptance both in and out of government. Now NIST has launched a project to develop a data *privacy* framework. It all starts with a public workshop scheduled for October 16th. Naomi Lefkovitz, senior privacy policy advisor and program manager gave Tom Temin the details.