Podcasts about eprivacy

¿Qué papel desempeña la formación en el cultivo de una cultura interna de protección de datos personales que vaya más allá del mero cumplimiento normativo?  Gabriela Lis cuenta con una amplia trayectoria en el ámbito de la protección de datos personales. Entre 2005 y 2016 fue asesora legal de la Dirección Nacional de Protección de Datos Personales (Ministerio de Justicia y Derechos Humanos) de Argentina. De 2022 a 2024 ejerció como External Partner en el equipo de Data Privacy Legales de Mercado Libre. Desde 2016 integra la Comisión de Relaciones Institucionales de la DMA Argentina. Es socia fundadora de la Asociación Latinoamericana de Privacidad (ALAP), y actualmente trabaja como consultora independiente en Protección de Dato Gabriela es abogada, graduada de la Universidad de Buenos Aires, con especialización en Derecho Empresarial. Magíster en el Reglamento General de Protección de Datos por la Universidad Nacional de Educación a Distancia (UNED), en el marco del programa conjunto con la Agencia Española de Protección de Datos (AEPD). Referencias: Gabriela Lis en LinkedIn Asociación Latinoamericana de Privacidad (ALAP) Asociación de Marketing y Datos de Argentina (DMA) Pablo Segura: comercio electrónico, inteligencia artificial y protección de datos (Masters of Privacy)

Ha llegado la hora de ponernos al día en las cinco áreas de siempre: ePrivacy y marco regulatorio; MarTech y AdTech; IA, competencia y mercados digitales; PETs y Zero-Party Data; Futuro de los medios.  Hemos añadido todas las referencias relevantes a la entrada de este episodio en nuestro blog: mastersofprivacy.com. Voces complementarias creadas por ElevenLabs.  

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We are today covering the first four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data.  All references and links can be found in this episode's blog post: Masters of Privacy. Allow us to thank two people in advance for their routine work in breaking down the news across some of the topics and jurisdictions covered here: Robert Bateman and his Privacy Corner and Federico Marengo with his Privacy and AI newsletter. Also, an important disclaimer: the voice that joins me today is a text-to-speech output generated with Eleven Labs.

Pour cette mini-série dédiée au tracking, j'accueille à mon micro un expert et passionné du sujet, j'ai nommé Romain Trublard, Consultant Sénior en Tracking et Analytics.Dans ce 4ème épisode, on décrypte ensemble le tracking Server Side :C'est quoi le Server Side ? Pourquoi le mettre en place ?Le fonctionnement d'un tracking classique VS un tracking server sideLes 3 idées reçues du tracking server sideLes avantages et inconvénients du tracking server sideLes questions à se poser pour le mettre en place (ou non) dans votre entreprise

Paula Ortiz es abogada con más de dos décadas de experiencia en regulación digital, con foco en publicidad y protección de datos. Durante ocho años trabajó en la Agencia Española de Protección de Datos (AEPD), representando a España en foros internacionales, incluyendo el CEPD/EDPB. Después inauguró y trabajó durante una década el departamento legal e institucional de IAB Spain, desde donde publicó más de 20 guías cubriendo aspectos legales de la publicidad digital. Además de asesorar en estos temas, Paula es co-fundadora y directora de The Legal School, desde donde ayuda a los profesionales del derecho a adaptarse a la era digital y la Inteligencia Artificial. También imparte clases en IE University,  Deusto o ISDI - además de escribir habitualmente sobre publicidad digital.  Referencias: Paula Ortiz en LinkedIn The Legal School “Consiente o paga” en la UE: una línea temporal (diagrama ilustrativo: 2016-2025) Multa a Meta (200m euros) por incumplir la Directiva de Mercados Digitales (DMA) con el modelo “Consiente o paga” (Comisión Europea) Opinión del CEPD/EDPB sobre consentimiento o pago (grandes plataformas)  ICO: Consent or Pay guidelines  Stephen Almond: The UK ICO's Vision on a Privacy-Preserving AdTech Future (Not Just ADZ, febrero de 2025 - inglés) Alessandro De Zanche: “Consent or Pay”: a gift to MFAs and old ad tech agendas Sentencia Bundeskartellamt (TJUE)  La Croqueta: cómo devolver la cordura al solapamiento entre ePrivacy y RGPD antes de que los medios espanten a la poca audiencia que aún les queda (Sergio Maldonado, Medium) Cómo la Directiva de contenidos digitales terminará con el RGPD (Sergio Maldonado, Medium - Inglés) Robert Bateman: Consent or Pay (Masters of Privacy) Romain Robert: Pay or OK in AdTech (Masters of Privacy)

Nos gustaría invitarte a participar en dos iniciativas en curso:  La primera de ellas es un programa venidero en el que abordaremos preguntas de la audiencia en el análisis de problemas complejos de adecuación normativa de soluciones de MarTech o AdTech. Para enviar vuestras preguntas podéis escribir a info@privacycloud.com con “MOP preguntas” en el asunto. La segunda es una comparativa de prestadores de MarTech en varias categorías que entrará más al detalle (de lo que hemos hecho hasta ahora) en el análisis de parámetros de protección de datos desde el diseño, la transparencia con relación a sub-encargados, o la integración con sistemas para la automatización del ejercicio de derechos. Para participar podéis escribir a info@privacycloud.com con “MOP auditado prestadores” en el asunto. Volveremos con más entrevistas en el arranque de abril.

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode's blog post.

Aquí estamos de nuevo con un Newsroom de invierno. Se repite la estructura habitual: ePrivacy y marco regulatorio; MarTech y AdTech; IA, Competencia y mercados digitales; PETs y Zero-Party Data; y Futuro de los medios. Destacamos: los SDKs bajo la lupa; espacio competitivo de la IA; agentes inteligentes; cambios en la AEPD; revolución en MarTech; caso Bindl; afinando el concepto de dato personal.  (Todos los links y referencias están disponibles en la entrada correspondiente de Masters of Privacy). Voces complementarias creadas por Evenlabs.

Gli argomenti di questa puntata: • Rivoluzione dell'advertising online: analizzeremo l'impatto dei cookie e le nuove strategie di marketing digitale con Marcello Gruppo di Ogury. Scopriremo come le aziende si stanno adattando alla privacy e alla raccolta di dati zero-party per una pubblicità più efficace e meno invasiva. • Infrastrutture IT: Con Benjamin Jolivet di Nutanix, discuteremo del futuro delle infrastrutture IT, tra cloud ibrido, multicloud e l'impatto dell'intelligenza artificiale. Approfondiremo come le aziende possono gestire la complessità e i costi crescenti in questo panorama in rapida evoluzione. • Strumenti per l'ufficio moderno: Andrea Pierani di Logitech ci presenta le ultime innovazioni per il lavoro ibrido, con particolare attenzione a Logitech Rally Board, una soluzione all-in-one per la videoconferenza e la collaborazione. Parleremo anche di come la tecnologia può migliorare il benessere negli spazi di lavoro Con: Benjamin Jolivet di Nutanix, Marcello Gruppo di Ogury, Andrea Pierani di Logitech Contattami: https://forms.gle/jtcv577NAd6gLWbi8

¿Por qué no se está aprovechando el mercado de las directrices publicadas por la AEPD para hacer medición digital sin consentimiento? ¿Cuál es el impacto real de introducir un “rechazar todo” en primera capa?  Rafa Jiménez (PDD, IESE) lleva toda la vida trabajando en la industria y es el CEO y fundador de Seal Metrics. Antes de esto fundó Adinton, un software de atribución y análisis predictivo para la gestión de presupuestos de marketing digital. También ha dirigido su propia agencia de marketing digital (Desmarkt), habiendo además sido analista web desde los orígenes de la disciplina.  Referencias: Guía de uso de cookies para herramientas de medición de audiencia (Agencia Española de Protección de Datos, enero de 2024) [EN] Directrices 2/2023 sobre el ámbito técnico del artículo 5(3) de la directiva ePrivacy (Comité Europeo de Protección de Datos, noviembre de 2024 - previa consulta pública lanzada en noviembre de 2023) Seal Metrics: Cookieless Analytics Rafael Jiménez en LinkedIn Jesús Martín: Google ante la medición sin cookies (Masters of Privacy, junio de 2023) Newsroom de invierno: medición web sin consentimiento (Masters of Privacy, enero de 2024) Muerte al faldón de cookies: la nueva frontera de la gestión del consentimiento (Sergio Maldonado, agosto de 2018) [EN] The future of consent pop-ups and programmatic advertising in a privacy-first world (Sergio Maldonado, febrero de 2022) Faldones de consentimiento: la batalla continúa (Sergio Maldonado, octubre de 2022) La Croqueta: cómo devolver la cordura al solapamiento entre ePrivacy y RGPD antes de que los medios espanten a la poca audiencia que aún les queda sobre “consent or Pay” (Sergio Maldonado, enero de 2024) [EN] Romain Robert: Pay or OK in AdTech (Masters of Privacy, enero de 2024) Monográfico: directrices ePrivacy para un mundo post-cookies (Masters of Privacy, diciembre 2023) Monográfico: cookies y derecho comparado (Masters of Privacy, febrero de 2020) Laia Bertran: el nuevo marco jurídico de las cookies (Masters of Privacy, enero de 2020).

Occasione persa per il GDPR - Do Not Track e GPC a confrontoIl GDPR poteva semplificare la vita a tutti indicando il DNT come strumento di espressione del consenso standardizzato.Continuano ad avere paura a collaborare con gli informatici che hanno già risolto il problema dei cookie banner persino a monte e molti anni prima. Un vero peccato vedere gli algoritmi come pericolosi, invece di considerarli semplici strumenti. Eprivacy che non si aggiorna ne e' una dimostrazione.Confrontiamo i due standard, per imparare da entrambi (in area riservata), su caffe20.it/membri e privacykit.it/membri

Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert, who's here for a second time, we are going to revisit recent EDPB (or European Data Protection Board) opinions on data processor auditing requirements and Meta's Consent or Pay model, with its latest twist in mind (a brand new third option with generic, unskippable ads). References: Robert Bateman on LinkedIn EDPB Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors Meta adds a Plan C to its Pay or Consent model EDPB Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Robert Bateman: Consent or Pay (Masters of Privacy, October 2023)

Aquí estamos de nuevo con un Newsroom de otoño. Se repite la estructura habitual: ePrivacy y marco regulatorio; MarTech y AdTech; IA, Competencia y mercados digitales; PETs y Zero-Party Data; Futuro de los medios. Referencias: Post asociado con referencias y transcripción (blog de Masters of Privacy en castellano) Nobody was ready for the Privacy Sandbox, but deprecating cookie banners is long overdue (Sergio Maldonado, Medium) Multa de la AEPD a Ibercaja Multa de 310 millones a LinkedIn en Irlanda Asociación real de tenis contra la autoridad supervisora holandesa (TJUE) Directrices del CEPD sobre tratamientos basados en el interés legítimo Autoridad de Hamburgo: los LLMs no contienen datos personales APEP (21 de noviembre de 2024), Sesión Abierta: Consiente o paga y otros posibles modelos de uso de datos personales en publicidad digital.

The EDPB has finally adopted its much feared Guidelines on the scope of article 5.3 of the ePrivacy Directive, but consent may still be avoided in some cases not specifically covered by an exemption (e.g., analytics). Absent such an exception, and in light of dismal consent rates, publishers and platforms have embraced highly controversial “Consent or Pay” models. Plan C? Server-side processing (Conversion APIs, Enhanced Conversions, Data Clean Rooms…), not without its own challenges. We have gone through all of it with Peter Craddock in his second appearance on Masters of Privacy.  Peter Craddock is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. He is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Op-Ed: A critical analysis of the EDPB's "Pay or Consent" Opinion (Peter Craddock) Peter Craddock: Comparison of the final version of the EDPB's ePrivacy guidelines with the version of November 2023 (including links to more in-depth comments on those guidelines) EDPB Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms AEPD guidelines for the use of cookies without need for consent in the context of digital analytics (ES) Peter Craddock on Masters of Privacy (February 2024): Could core advertising components fall under the “strictly necessary” exemption of the ePrivacy Directive? Romain Robert: Pay or OK in AdTech - How it started and where it's going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)

Ci sono molte app che ci aiutano ad imparare, usate a scuola oppure in privato anche per imparare le lingue, ma cosa ci chiedono in cambio? Tendenzialmente i nostri dati e le nostre informazioni. Quante ce ne chiedono? E che ci fanno? Queste ed altre notizie di scienza e tecnologia all’interno della puntata del 30

Agcom e Privacy insieme per bloccare e rimuovere contenuti con i segnalatori attendibiliContenuti e documenti su:https://www.civile.it/privacy/visual.php?num=98849caffe20.it/membri 30 gg gratis poi da 4 euro al mese

Earlier this summer, Google announced that its Chrome browser would after all keep third party cookies. This interview with Robin de Wouters is the first of two episodes exploring the consequences of that update from the point of view of our usual stakeholders (DPOs, CMOs, CDOs).  Robin de Wouters is the Director General for the Federation of European Data & Marketing (FEDMA), in Brussels. He has a strong background in communication and public relations across the private, non-profit and institutional spheres. He previously worked in the field of human rights with Euromed Rights, the ONE Campaign and the United Nations. Robin is also the Vice-Chair of the Board of the European Interactive Digital Advertising Alliance (EDAA) and the Communications Director and Spokesperson for Democrats Abroad Belgium, the international arm of the US Democratic Party. References: Federation of European Data and Marketing (FEDMA) Robin de Wouters on LinkedIn Sergio Maldonado, Nobody was ready for the Privacy Sandbox, but deprecating cookie banners is long overdue Google announces they are not deprecating third-party cookies Peter Cradock (Masters of Privacy): Could core advertising components fall under the “strictly necessary” ePrivacy exemption?  CNIL publishes study on alternatives to third-party advertising cookies (Freevacy)  

Puesta al día estival cubriendo las cinco secciones habituales: ePrivacy y marco regulatorio; MarTech y AdTech; IA, Competencia y mercados digitales; PETs y Zero-Party Data; Futuro de los medios.   Referencias: Memoria de actividad 2023 de la AEPD Acciones de la FCC contra los principales proveedores de telecomunicaciones por su venta de datos de ubicación de consumidores FTC vs. X-Mode Outlogic Voces a la venta sin permiso Scarlett Johansson vs. OpenAI Opinión del CEPD sobre “consentimiento o pago” Kočner vs. Europol (compensación por daños no materiales) Reglamento Europeo de Identidad Digital  Informe del grupo de trabajo sobre ChatGPT en el CEPD Revolut lanza un negocio publicitario Walmart se vuelve más omnipresente Oracle abandona AdTech Mozilla anuncia la adquisición de Anonym Investigación a Meta por “consentimiento o suscripción” bajo el DMA Investigación a Apple por abusos en el App Store bajo el DMA Comisión Europea vs. Microsoft por la competencia desleal de Teams Meta abandona el entrenamiento de algoritmos con datos de sus usuarios Conferencia de USENIX sobre práctica y respeto de la ingeniería de privacidad 2024 (PEPR) ¡Feliz verano!  

We are closing this season with a Spring Newsroom before we officially kick off the summer, summarizing everything that's happened in the past quarter across our usual five sections: ePrivacy (enforcement, regulatory updates), MarTech/ AdTech, AI/ Competition/ Digital Markets, PETs/ Zero-Party Data, Future of media.  This includes: EDPB's ChatGPT Task Force report EU Digital Wallets Privacy Sandbox news EU Commission vs. Apple's App Store LLM updates (Llama3, GPT 4o, Gemini, Apple Intelligence) Meta AI *not* training on EU user data Mozilla's acquisition of Anonym Oracle's exit from AdTech Revolut ads Microsoft Copilot+ Recall retreat The Trade Desk's curated list of publishers FCC fines to telecom operators for the sale of location data Consent or Pay news TikTok ban. A full transcript with links and additional resources can be found on the PrivacyCloud blog.   

Can Google overcome competition and performance concerns to make the Privacy Sandbox a reality? Does it really matter in terms of privacy compliance, in the face of the EU ePrivacy Directive? How would Universal Opt-Outs affect the Topics API in the US? Alan Chapell is outside privacy and AI counsel for dozens of AdTech and Mart¿Tech companies. He started his career in the digital space in 1997 at Jupiter Research and is now the principal analyst at The Chapell Report, which is a monthly report focusing on the intersection between privacy, competition, addressability and AI in the digital media space.  Mr. Chapell is board chair of the Network Advertising Initiative, the premier trade association for 3rd party AdTech marketplace. He is also an accomplished musician. His band, “Chapell”, is about to release their 7th album, “The Underground Music Show”, on all major streaming services. References: Chapell & Associates and The Chapell Report UK Competition and Markets Authority update report (April 2024) on Google Chrome's implementation of the Privacy Sandbox Privacy Sandbox (documentation) CNIL's report on the Privacy Sandbox (July 2023)  Global Privacy Control (Universal Opt-Out Mechanism) Peter Craddock: Could core advertising components fall under the “strictly necessary” exception in the ePrivacy Directive? (Masters of Privacy) Network Advertising Initiative Chapell on Spotify

Estamos de vuelta con una puesta al día y tenemos de todo: TikTok prohibido, el Privacy Sandbox atascado en la cocina, opinión sobre “Consent or Pay”, Meta AI vs. Google, Worldcoin congelado, Sora investigada, Teams/Office bajo la lupa, Avast vendiendo datos, multa a Glovo, proyecto de ley federal de protección de datos en EEUU… y mucho más. Todo ello en el post y casi todo comentado en las secciones de siempre. Con Cris Moro y Sergio Maldonado.  ePrivacy y marco regulatorio Multas y sanciones La AEPD ordenó a Worldcoin dejar de recabar datos biométricos con objetivos de identificación en un plazo de 72 horas por la vía de urgencia que en el GDPR permite saltarse el “one stop shop”. Worldcoin está basada en Alemania y había preparado el terreno con la autoridad bávara de protección de datos, pero aún así escogió España y Portugal como campo de pruebas. El proyecto ha generado importante alarma social, aparentemente recabando datos altamente sensibles sobre menores y adolescentes sin un propósito definido (“distinguir a humanos de robots”) y con la vinculación de perfiles a la aplicación móvil que permite acceder a criptomonedas o servicios futuros.  La AEPD, a petición de Garante (DPA italiana), impuso una multa de 550.000 euros a Glovo por no observar los principios más básicos en el tratamiento de los datos de repartidores. Se ha apreciado falta de transparencia (información facilitada en el registro inicial), privacidad desde el diseño, uso de decisiones automatizadas a través de un sistema de ranking/scoring que determina la asignación de cada pedido, y la transferencia a terceros fuera de los países en los que operan. Después de sufrir una multa de 16.5 millones de euros por parte de la FTC en Estados Unidos, la agencia checa de protección de datos ha impuesto una nueva sanción de unos 15 millones de euros al antivirus Avast por vender datos de navegación de sus clientes en el mercado publicitario, destacando sus afirmaciones falsas sobre la forma en que se anonimizaban los datos, y el uso exclusivamente estadístico de los mismos.  El abogado general de California anunció un acuerdo extrajudicial con DoorDash (reparto a domicilio), después de encontrarse una infracción del CPPA y CalOPPA por la participación de la plataforma en una cooperativa de intercambio de datos (“Second Party Data”), siendo esto equivalente a una venta de datos personales -y exigiendo un “opt-in”- en el sentido de la propia CCPA.  La AEPD impuso multas de 10.000 euros tanto a La Vanguardia como a NH Hoteles por violaciones en el uso de cookies. El medio de prensa fue sancionado por no proporcionar información clara y completa sobre el uso de cookies, mientras que la cadena hotelera fue multada por usar cookies no exentas, propias y de terceros sin consentimiento, además de no permitir rechazar o gestionar las cookies de manera granular. Se ha concedido una rebaja del 20% a esta última por estar en proceso de actualización de estos aspectos en su web.  El mes pasado Garante, la DPA italiana, anunció que estaba investigando a Sora (texto a vídeo), y solicitó información sobre sus fuentes de entrenamiento (ha circulado un vídeo en el que una consejera de OpenAI confesaba hacer uso de todo el catálogo de YouTube), y el uso de datos personales en ese proceso. Se le han pedido categorías de datos personales, fuentes y bases legales. También en marzo, el EDPS le pidió a la Comisión Europea que deje de usar Microsoft365 -que viene a ser Office, Teams, y todo el kit de productividad de Microsoft- por no haber analizado bien el marco contractual que permite a esta empresa tratar datos en Estados Unidos. El EDPS ha explicado que la Comisión Europea no ha proporcionado las medidas adecuadas para garantizar que los datos personales transferidos fuera de la Unión Europea cuenten con un nivel de protección equivalente (después de Schrems II). Además, tampoco se ha detallado qué tipo de datos han sido compartidos con Microsoft y otras compañías asociadas. El EDPS ha impuesto la obligación de suspender todos los flujos de datos derivados del uso de Microsoft365 a la Comisión Europea a partir del día 9 de diciembre. El EDPB publicó finalmente su opinión sobre “consentimiento o pago” el pasado 17 de abril, como continuación a la cuestión planteada por varias agencias en el contexto de la opción ofrecida por Instagram y Facebook (Meta), análoga a la recientemente desplegada por los grandes medios de comunicación. Hemos debatido el asunto largo y tendido en varias entrevistas del canal en inglés de este podcast. Novedades legislativas Como continuación a una ley propuesta por el congreso de EEUU para prohibir TikTok en el país, y cuando parecía que no superaría la aprobación del Senado, la iniciativa terminó votándose y aprobándose de forma conjunta al paquete de ayudas a Ucrania e Israel, terminando firmada por Joe biden el 24 de abril y resultando en una venta forzosa (o su prohibición) en el plazo de nueve meses que podrían extenderse a doce.  Antes de eso, el 25 de marzo, el Gobernador de Florida (Ron de Santis) firmó la nueva House Bill 3 (“HB3”), que se une a un debate muy candente al prohibir a los menos de 14 años abrir una cuenta en Instagram, Snapchat u otros medios sociales, exigiendo además consentimiento parental para los menores de 16. Esta ley exige además que se eliminen las cuentas existentes de menores.  El 7 de abril se presentó un proyecto histórico de ley federal sobre privacidad en Estados Unidos. La American Privacy Rights Act establece derechos claros y nacionales de protección de datos para los estadounidenses, eliminando el actual mosaico de leyes estatales y estableciendo un derecho de acción privada para los individuos. MarTech y AdTech En el mercado ampliamente cubierto aquí de Data Clean Rooms (DCR), LiveRamp compró Habu y Snowflake había comprado Samooha anteriormente. Recientemente hemos entrevistado a Matthias Eigenmann, DPO de Decentriq, solución apoyada en Computación Confidencial. También hemos hablado con Damien Desfontaines, de Tumult Labs, sobre “privacidad diferencial” aplicada a DCRs en el caso de uso de análisis de datos combinados de dos responsables del tratamiento.  En paralelo sigue avanzando el concepto del Reverse ETL (Extract, Transform, Load), que ahora se rebautiza como Customer Data Platform modular, donde la nueva generación de data warehouses permite que las funcionalidades de activación de datos estén erigidas sobre éstas, en vez de exigir un repositorio completo e independiente (o redundante) como ha venido ocurriendo con los Customer Data Platforms en los últimos siete años aproximadamente. Aquí hemos entrevistado al CEO de Hightouch, Tejas Manohar, una empresa líder en esta tecnología. Esta misma semana Google ha anunciado que vuelve a retrasar el fin de las cookies de tercera parte por no darle tiempo a introducir las medidas exigidas por la autoridad de mercados y competencia del Reino Unido. El equipo del Privacy Sandbox sigue colaborando con la comunidad para solucionar algunos aspectos bastante pobres de la medición de resultados o la optimización de la publicidad bajo los nuevos estándares. IA, competencia y mercados digitales  A mediados de febrero, OpenAI presentó una “función de "memoria” en ChatGPT, lo que generó preocupaciones sobre la protección de datos de sus usuarios a pesar de los diversos controles individuales proporcionados para la eliminación de dicha memoria. Poco después, la misma empresa lanzó una herramienta "texto-a-video" llamada Sora. Para contrarrestar el aumento del riesgo de infracción de derechos de autor, desinformación y "deep fakes", OpenAI anunció que había incorporado el estándar de la Coalición para la Procedencia y Autenticidad del Contenido (C2PA), que muchos expertos consideraron insuficiente. Meta ha lanzado su nuevo modelo genérico de IA generativa, Llama 3, capaz de competir con la última generación de alternativas ofrecidas por OpenAI, Google, Anthropic o Mistral. Como gran novedad, la empresa ha integrado su propio agente, “Meta AI” en todas sus plataformas - comenzando con múltiples países angloparlantes. Los analistas comienzan a especular con que la reciente caída en bolsa de la empresa por el aumento exponencial de su inversión en IA (incluido su propio hardware) podría obtener un premio a largo plazo si consigue reemplazar a la propia Google en la búsqueda de respuestas directas desde aplicaciones de uso tan cotidiano como WhatsApp.  PETs y Zero-Party Data Signal ha introducido nombres de usuario en el canal de mensajería, permitiendo con ello ocultar números de teléfono en la popular alternativa a WhatsApp y Telegram.  La más reciente alternativa a X/Twitter, Bluesky, ha dejado atrás el requisito de invitación, reportando un crecimiento exponencial en volumen de usuarios y anunciando un sistema modular de gestión de “feeds” y filtros de contenido.  Futuro de los medios Del mismo modo que ya lo había hecho con Axel Springer (Der Spiegel) en Alemania, OpenAI ha firmado acuerdos con El País y Le Monde para facilitar el acceso a noticias en castellano y francés a través de ChatGPT. OpenAI se ha comprometido a facilitar resúmenes, atribución de fuentes y links a las fuentes originales, y estamos asumiendo que también podrán hacer uso de sus archivos históricos a efectos de entrenamiento en castellano y francés.  

Dr. Augustine Fou has nearly three decades of experience in digital marketing, including client-side experience at American Express and agency-side experience at IPG and Omnicom, where he served as Group Chief Digital Officer of eight agencies serving pharma and medical device clients. Dr. Fou also taught digital strategy at Rutgers University's executive education program and NYU's School of Continuing and Professional Studies. With Dr. Fou we will aim to answer the following questions: Does programmatic advertising have to be necessarily bad for privacy? Can we once and for all dismantle the fairy tale of marketing attribution? How about advertising fraud controls? Is it possible that killing third party cookies is not only better for privacy but also better for business outcomes?  References: Dr Augustine Fou's recent articles Dr. Augustine Fou: How to optimize towards humans and not just away from fraud (LinkedIn) Fou Analytics Sergio Maldonado: “Analytics CEO makes a passionate case against marketing attribution” (Chief Marketing Technologist, Scott Brinker)

¿Cómo se aborda desde el marco legal argentino la protección de datos en entornos digitales? ¿Qué cambios se avecinan? Mariano Peruzzotti es un profesional reconocido internacionalmente en el ámbito de la protección de datos, con particular exposición a su solapamiento con la propiedad intelectual y otros desafíos del entorno digital, incluyendo los derivados del uso de la inteligencia artificial o el Big Data. Es socio de Ojam Bullrich Flanzbaum, ha sido reconocido por Chambers & Partners y es co-Chair del capítulo de Buenos Aires de la IAPP, así como Chair del comité latinoamericano del Grupo 6 de The Sedona Conference. Referencias: Perfil de Mariano Peruzzotti en Ojam Bullrich Flanzbaum Mariano Peruzzotti en LinkedIn Ley 25.326 de Protección de Datos Personales (Argentina) Estado de la Convención 108+ (Consejo de Europa)  

Nina Müller and Sergio Maldonado discuss a few recent events across the EU, the UK, and the US: Yahoo/Uber ePrivacy fines, Google Chrome (Incognito Mode) settlement, US Congress Social Media hearing, upcoming UOOM/ Global Privacy Control enforcement across various states, and Spain's AEPD Guidelines to circumvent cookie consent requirements for high-level Digital Analytics.  Please find relevant links and additional updates across all of our usual core sections (ePrivacy and regulatory updates; MarTech and AdTech; AI, competition, and digital markets; PETs and Zero-Party Data; future of media) on the PrivacyCloud website.

Could we re-interpret article 5.3 of the ePrivacy Directive so that the “strictly necessary” (to provide a service) consent exemption gives shelter to the core technical building blocks of advertising solutions making journalism possible? Can we not deal with personal data (should it be involved at all) or behavioral targeting (should it be the case) separately under the GDPR? Peter Craddock helps us answer that question. Our guest is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. Peter is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Maybe no consent needed for advertising under ePrivacy "cookie" rule? (Peter Craddock) EDPB seeks to redefine ePrivacy – Part II: Overbroad notions and regulator activism? IAB Europe Responds to the EDPB Public Consultation on their Draft Guidelines 2/2023 EDPB ePrivacy Guidelines: Comments Highlighting Risks to Businesses with Digital Activities (Keller and Heckman) Romain Robert: Pay or OK in AdTech - How it started and where it's going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB Guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)  

Volvemos a la carga con las novedades más candentes en las áreas de siempre.  Con Cris Moro y Sergio Maldonado.  ePrivacy y marco regulatorio Multas y sanciones 41 estados (de los 50 en EEUU) demandaron a Meta a finales de octubre acusando Instagram y Facebook de introducir elementos de manipulación de la dopamina que generan adicción de forma deliberada, contribuyendo a problemas de salud mental. Este nuevo ángulo puede evitar que Meta se acoja a la inmunidad que le otorga la Sección 230 con respecto al daño que pueda ocasionar a otros el contenido publicado por sus usuarios. En diciembre, Google aceptó un acuerdo extrajudicial de 5.000 millones de dólares en California por el seguimiento que hace de la actividad de los usuarios cuando estos han seleccionado el modo “Incógnito” de su navegador, que se supone que venía precisamente a ofrecer este nivel superior de intimidad.  A finales del mismo mes la CNIL impuso una multa de diez millones de euros a Yahoo! por servir veinte cookies con independencia de que el usuario las aceptara o negara en el gestor de consentimiento facilitado. Una vez más, se trata de una empresa que bajo el RGPD debería ser multada en Irlanda (“one stop shop”), pero la Directiva ePrivacy (integrada en el artículo 82 de la Ley de Protección de Datos francesa) se queda en el ámbito nacional. Novedades legislativas, jurisprudencia y directrices El 1 de diciembre se aprobó el Reglamento de Ciber-Resiliencia. Todos los juguetes o dispositivos electrónicos conectados a internet tendrán que seguir el marco de seguridad contemplado desde enero de 2027. El 11 de diciembre California aprobó una propuesta para exigir a las páginas web que respeten las señales de opt-out de los navegadores, lo cual por fin forzará a Chrome, Safari y Edge a unirse a Brave, DuckDuckGo y Firefox en el soporte de Global Privacy Control y otros estándares similares. Otros estados como Colorado ya han codificado similares exigencias.  La UE llegó a un acuerdo sobre el Reglamento de IA en el trílogo de diciembre, incluyendo requisitos para modelos fundacionales. Ahora tendrá que ser ratificado por los estados miembros.  La AEPD ya había publicado una nueva guía para el uso de cookies el año pasado y la única novedad iba a ser su fecha límite de aplicación el 11 de enero, pero ahora ha publicado una nueva Guía para el uso de cookies “analíticas” que permite hacer medición de tráfico en páginas web sin pedir consentimiento.  MarTech y AdTech Google lanzó Ads Data Manager para ayudar a los anunciantes a gestionar sus datos de primera parte (a diferencia de Ads Data Hub, que venía a ser su Data Clean Room para hacer peticiones a los datos de primera parte ostentados por el propio buscador). Los Data Clean Rooms han estado muy calientes este trimestre. Snowflake compró Samooha hace unas semanas y LiveRamp ha comprado Habu en días pasados. IA, Competencia y Mercados Digitales  El New York Times denunció a OpenAI y a Microsoft en diciembre por incumplimiento de derechos de autor en el uso de sus artículos para entrenar algoritmos que terminan escupiendo contenidos destinados a competir con la actividad periodística llevada a cabo por este medio. PETs y Zero-Party Data En septiembre comenzó a aplicarse el Reglamento de Gobernanza de Datos de la UE, que promueve el uso de datos abiertos o el reciclaje de datos para su aprovechamiento general y democratización. En el caso de datos personales crea la figura de intermediarios de confianza para solventar la posible contradicción que pueda presentarse con el marco de protección de datos personales.  Futuro de los medios 83 editores españoles (a través de la Asociación de Medios de la Información - AMI) denunciaron a Meta a final de año por incumplir sistemáticamente el GDPR desde 2018, pidiendo una compensación de más de 550 millones de euros por los daños y perjuicios acusados en el sector como consecuencia. OpenAI ha llegado a un acuerdo con Axel Springer (Business Insider, Político, etc.) para usar sus contenidos en el entrenamiento de algoritmos, pero también para ofrecer noticias frescas a las puertas del año que albergará lo que se ha bautizado como “las primeras elecciones de gran impacto sometidas a los riesgos de la IA generativa”.

Romain Robert is member of the litigation chamber of Belgium's Supervisory Authority. He worked in various Brussels law firms between 2002 and 2011. Between 2007 and 2011, he was also a researcher at the Research Centre in Law and Society at the University of Namur. In 2011, he joined Belgium's Supervisory Authority as a legal advisor. He worked as legal officer at the Policy and Consultation Unit of the European Data Protection Supervisor (EDPS) as of 2015 and joined the Secretariat of the European Data Protection Board (EDPB) in May 2018. In April 2020, Romain joined NOYB - an NGO conducting strategic litigation to enforce digital rights - where he was Program Director until July 2023. References: Romain Robert on LinkedIn EDPS Opinion on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content Sergio Maldonado, How the Digital Content Directive will break the GDPR NOYB Robert Bateman: Consent or Pay EDPB Guidelines 05/2020 on consent Giovanni Buttarelli (former EDPS), “Privacy 2030: A Vision for Europe” (IAPP)

Versión muy resumida del debate surgido tras la publicación de las nuevas Directrices del Comité Europeo de Protección de Datos sobre el ámbito técnico del artículo 5(3) de la Directiva ePrivacy.  Referencias: Masters of Privacy: Entrevista a Renzo Marchini CEPD/EDPB, Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive Resumen de las directrices publicado por Renzo Marchini (EN): “New Guidance released on the technical scope of Art 5(3) ePrivacy Directive - a landgrab by the EDPB”

Renzo Machini is a London-based partner at Fieldfisher's Data and Privacy team. He holds CIPP/E, CIPT and FIP certifications from the IAPP and is well versed in Cloud Computing, Big Data and other technologies overlapping with privacy and GDPR compliance. He has authored  "Cloud Computing: A practical introduction to the legal issues" and, prior to becoming a solicitor, he worked for five years as a software engineer at Logica (now CGI), a major independent UK software house. With Renzo we are directly addressing the biggest elephant in the ePrivacy room today: What are the unintended consequences of the EDPB's recent Guidelines on the technical scope of article 5.3 of the ePrivacy Directive? References: Renzo Marchini on LinkedIn EDPB, Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive Renzo Marchini, “New Guidance released on the technical scope of Art 5(3) ePrivacy Directive - a landgrab by the EDPB” Renzo Marchini, “Cloud Computing: a practical introduction to the legal issues.” (Cambridge University Press).

Nell'episodio di oggi della nuova serie dedicata al mondo del Legal Tech l'intervista a Sergio Calderara, Head of Legal Affairs di Green Network. Sergio ha in precedenza ricoperto vari ruoli in-house in società italiane, maturando un'esperienza nei settori dell'energia, dell'ICT e del gioco lecito, sempre focalizzandosi sull'innovazione tecnologica. Già socio di un primario studio legale italiano, ha trascorso periodi lavorativi all'estero in Francia e Inghilterra, e in seguito in Brasile, dove all'attività professionale ha affiancato incarichi di docenza universitaria a Brasilia. Da svariati anni è docente nell'ambito di master universitari focalizzati in Diritto di impresa su temi legati al diritto delle nuove tecnologie.Riguardo l'azienda, Green Network è stata fino a pochi anni fa uno dei principali operatori energetici in Italia, con presenza anche in Regno Unito e Francia. Avendo ceduto il proprio ramo d'azienda di vendita luce e gas ad altro operatore del mercato nel gennaio di quest'anno, il gruppo attualmente continua ad operare principalmente nei settori dell'efficientamento energetico e antisismico e nella produzione da fonti rinnovabili.L'episodio vede la partecipazione di Matia Campo, Avvocato specializzato nel settore delle nuove tecnologie. Dopo lunga esperienza in house, Matia ha ripreso la libera professione divenendo Partner dello Studio CMS Adonnino Ascoli & Cavasola Scamoni, dove opera con particolare focus su intelligenza artificiale, robotica, big data, Fintech, cloud e cybersecurity. Matia è ideatore della rubrica “La Pecora Elettrica”, dedicata alla divulgazione del diritto delle tecnologie. CMS è uno studio legale oltre 70 uffici in più di 40 Paesi e più di 4.800 avvocati in tutto il mondo. In Italia, CMS Adonnino Ascoli & Cavasola Scamoni è presente sin dal 1901 con due sedi dislocate a Roma e Milano.Matia fornirà il suo punto di vista sul case study Green Network da professionista esperto di tematiche legale e regolamentari legate alla tecnologia.Modera l'episodio Vincenzo Marzetti, fondatore del podcast Inside Finance. Se apprezzate il nostro lavoro come occasione unica di divulgazione economico-finanziaria vi invitiamo a sostenere il podcast condividendo i nostri episodi nelle vostre pagine social. Maggiori informazioni sul sito zeroin.it oppure inviando una mail a segreteria@insidefinance.it Buon ascolto.

Nina and Sergio run through the most relevant news of the past three months at the usual intersection of marketing, data, privacy, and technology - stopping at a few less commented and yet quite relevant fines, guidelines, or upcoming legal frameworks. In particular, this episode covers:  Dark patterns in recent EU enforcement actions  EDPB Guidelines on the technical scope of the ePrivacy Directive The 23andMe data breach 40 states suing Meta over Insta/FB's impact on the mental health of teenagers Best of all, we managed to avoid OpenAI's drama. With Nina Müller and Sergio Maldonado. References: [ES] AEPD fine resulting from the use of dark patterns in the acceptance of third party recipients (Expansion) Irish watchdog fines TikTok €345M for mishandling kids' data (The Register) 23andMe user data targeting Ashkenazi Jews leaked online (NBC News) EDPB Draft Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive  Dozens of states sue Meta over youth mental health crisis (The Verge) Masters of Privacy - Arielle Garcia: How privacy awareness leads to respectful, effective marketing

Cristiana Santos is Assistant Professor in Privacy and Data Protection Law at Utrecht University, holding a joint international Doctoral Degree in Law, Science and Technology from the University of Bologna, and a Ph.D. in Computer Science from the University of Luxembourg. She is an expert of the Data Protection Unit at the Council of Europe; expert for the implementation of the EDPB's Support Pool of Experts; and expert of the Digital Persuasion or Manipulation Expert Group. She holds an International Chair Starting Career position at the National Institute for Research in Digital Science and Technology (INRIA, 2023-2026) to work on technical and legal aspects of data protection. Prior to joining academia, Cristiana was a lawyer and worked as a legal adviser and lecturer at the Portuguese Consumer Protection Organization. Victor Morel holds a Ph.D in Computer Science from INRIA and works at the Security & Privacy Lab of Chalmers University in Gothenburg (Sweden). He is working on usable privacy for IoT applications, and his interests encompass privacy, data protection, networks security, usability and Human-Computer Interactions, applied cryptography, and the broad spectrum of ethics in technology. He is also a member of FELINN's collegiate council, a French association (1901) defending decentralization, privacy, and free software through popular education. Cristiana and Victor have co-authored a recent paper titled “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls”. With them we are directing our attention to consent walls in the context of publishers and the open market, having already dedicated two recent interviews to the “consent or pay” model as it concerns Instagram and Facebook (ie. Meta). We will also try to understand the challenges and potential conflicts of interest faced by CMP (Consent Management Platform) vendors.  References: Cristiana Santos at Utrecht University Victor Morel's bio and projects Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls (Cristiana Santos, Victor Morel, Viktor Fredholm, Adam Thunberg, 20/9/2023) Upcoming Workshop on Privacy in the Electronic Society - with Victor Morel (Copenhagen, November 26th 2023) EDPB: Report of the work undertaken by the Cookie Banner Taskforce CJEU to consider questions from IAB Europe TCF decision (Techcrunch) German court bans LinkedIn from ignoring “Do Not Track” signals (Townflex) Your Consent Is Worth 75 Euros A Year -- Measurement and Lawfulness of Cookie Paywalls (20/9/2022) IAB TCF 2.2 specification  

Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert we have addressed the recent public outcry about Instagram and Facebook becoming paid services for whoever does not want to see ads or consent to the data processing involved in running them. Given that we have already got used to seeing cookie walls on European news websites (in Germany, France, or Italy), we have aimed to open the wider debate around “Consent or Pay” business models. References: Le Conseil d'État annule partiellement les lignes directrices de la CNIL relatives aux cookies et autres traceurs de connexion Victor Morel, Cristiana Santos, Viktor Fredholm, Adam Thunberg: “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls” Report of the work undertaken by the EDPB Cookie Banner Taskforce IAB Europe Transparency and Consent Framework 2.2 (stops conflating legitimate interest and consent) EDPB Guidelines 05/2020 on consent under Regulation 2016/679 Robert Bateman on Twitter Robert Bateman on LinkedIn Giovanni Buttarelli (former EDPS), “Privacy 2030: A Vision for Europe” Google Privacy Sandbox

Aprovechando que ha terminado el periodo de gracia de quince meses para la aplicación del Reglamento de Gobernanza de datos (Data Governance Act), hoy lanzamos una puesta al día rápida de lo que ha pasado en las últimas semanas antes de que se acumulen demasiadas cosas en este otoño vertiginoso. En las categorías habituales:  ePrivacy y novedades legales MarTech y AdTech IA, competencia y mercados digitales PET y Zero-Party Data Futuro de los medios Referencias principales: Masters of Privacy (EN): Entrevista con Eve-Christie Vermynck de Skadden Arps (brechas de seguridad). Masters of Privacy (EN): Entrevista con Cory Underwood de Search Discovery (datos sensibles en la normativa federal y estatal de EEUU). Masters of Privacy (EN): Entrevista con Sille Sepp de MyData Global (en relación al Reglamento de Gobernanza de datos). Cláusulas contractuales modelo de la Comisión Europea para el uso de servicios de inteligencia artificial en el sector público.  Texto completo con más referencias: https://mastersofprivacy.com/es/newsroom-de-octubre-llega-la-dga-instagram-de-pago-y-mmm-2-0/ 

Cory Underwood is a Privacy and Data Analytics Engineer with a strong marketing data technology background and a good knowledge of both US and EU ePrivacy law. Cory supports the data privacy offerings of Atlanta-based Search Discovery (a data strategy and activation company), leveraging eight years of experience in privacy efforts and multiple privacy related certifications to enable clients to understand the impact of privacy changes.  With a combined thirteen years of experience in technology, Cory specializes in speaking and writing on his blog (cunderwood.dev) about upcoming privacy changes, allowing readers to take a proactive approach to compliance challenges. In our second interview with Cory we have looked for answers to the following questions:  What does it take for Digital Marketers to comply with State-level Privacy laws in California, Virginia, Colorado, and beyond? Will the US internet suffer the fate of European websites, annoying consumers with user-unfriendly consent pop-ups that mean little and cost millions? Why do some US websites insist on replicating the European ordeal if there are no opt-in requirements? What will be the side effects of large platforms adapting to the EU's Digital Services Act in terms of transparency and return on investment for SMEs? Where will Topics API, the star framework of Chrome's Privacy Sandbox fall in terms of consent requirements? References: Cory Underwood on LinkedIn Cory Underwood on X Cory Underwood's blog Search Discovery: An audit of 500 sites for CCPA and Colorado Privacy Act compliance Global Privacy Control Sephora settlement CNIL's considerations on the Privacy Sandbox and Topics API, July 2023 (FR) Apple's Link Tracking Protection and other Privacy features in iOS 17 Meta's Robyn (open framework for Media Mix Modeling) Apple's Private Click Measurement specification for privacy-first optimization Masters of Privacy: Cory Underwood on Global Privacy Control and a GDPR-compliant Google Analytics (September 25th, 2022)  

Estamos de vuelta. Aquí va una versión grabada de lo sucedido en el verano que ahora despedimos, en cinco apartados, con ligeros cambios con respecto a trimestres previos: ePrivacy y novedades legales MarTech y AdTech Inteligencia Artificial, competencia y mercados digitales PETs y Zero-Party Data Futuro de los medios Visita el post asociado a este episodio en nuestro blog para una larga lista de referencias y notas.  

Today, I welcome Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent). Simone is a Professor of Computer Science at Karlstad University with over 30 years of privacy & security research experience. Victor is a post-doc researcher at Chalmers University's Security & Privacy Lab, focusing on privacy, data protection, and technology ethics.Together, they share their privacy decision-making classification scheme and research across two dimensions: (1) the type of privacy decisions: privacy permissions, privacy preference settings, consent to processing, or rejection to processing; and (2) the level of decision automation: manual, semi-automated, or fully-automated. Each type of privacy decision plays a critical role in users' ability to control the disclosure and processing of their personal data. They emphasize the significance of tailored recommendations to help users make informed decisions and discuss the potential of on-the-fly privacy decisions. We wrap up with organizations' approaches to achieving usable and transparent privacy across various technologies, including web, mobile, and IoT. Topics Covered:Why Simone & Victor focused their research on automating privacy decisions How GDPR & ePrivacy have shaped requirements for privacy automation toolsThe 'types' privacy decisions & associated 'levels of automation': privacy permissions, privacy preference settings, consent to processing, & rejection to processingThe 'levels of automation' for each privacy decision type: manual, semi-automated & fully-automated; and the pros / cons of automating each privacy decision typePreferences & concerns regarding IoT Trigger Action PlatformsWhy the only privacy decisions that you should 'fully automate' are the rejection of processing: i.e., revoking consent or opting outBest practices for achieving informed controlAutomation challenges across web, mobile, & IoTMozilla's automated cookie banner management & why it's problematic (i.e., unlawful)Resources Mentioned:"Automating Privacy Decisions – where to draw the line?"CyberSecIT at Chalmers University of Technology"Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms"Consent O Matic browser extension Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

This episode proposes best practices for CX leaders navigating the issue of large language model (LLM) hallucination. It was inspired by (1) conversations with several customer support and AI leaders, and (2) research on the recent failure by the chatbot used by the National Eating Disorders Association (NEDA).  To briefly summarize, CX leaders should: Distinguish between (1) the risk of LLM hallucinations that occur during normal usage, and (2) hallucinations that are intentionally triggered by angry customers or trolls. Address these two type of of hallucination in the contract, by shifting greater risk upon the AI vendor for the former, and less risk upon the AI vendor for the latter.Have conversations with senior leadership to ensure everyone is onboard to confront intentionally triggered hallucinations. Use cell phone verification via text message for chats that you suspect may be trying to trigger hallucination.Potentially use the discovery process allowed during litigation to clear a company's reputation in the event of intentionally triggered hallucination. This show is hosted by John Walter. He is the COO of ZMAXINC, which has been advising large brands on the selection of human agent outsource vendors for 27 years. Today the company also advises on the selection of AI vendors. John is also an attorney and a member of the AI, Big Data, and E-Privacy committees of the American Bar Association.To contact or follow John on LinkedIn, here is a link to his profile: https://www.linkedin.com/in/jowalter/To learn more about ZMAXINC,  here is a link to the company website:  https://www.zmaxinc.com/ 

With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast. __ Notes: A more comprehensive coverage of all relevant updates can be found on our blog. The topics below have been specifically addressed during this recording: GDPR fines reached a new record when the Irish DPA, following considerable pressure from the EDPB, issued a 1.2bn EUR fine to Meta for its inability to comply with the Schrems II CJEU doctrine. The company behind Facebook, Instagram, and WhatsApp was also asked to cease all data transfers to the US. It was made clear that there is no possible way to either rely on SCCs (already updated to their latest post-Schrems II version, and already complemented with additional safeguards that only stopped short of end-to-end encryption) or any of the available derogations. This leaves the upcoming EU-US Data Privacy Framework as the only way out of the current deadlock, which affects a vast majority of businesses operating in the European Union.   LinkedIn is expecting its own GDPR fine in Ireland. Microsoft has set aside $425m for the expected DPC blow, as the supervisor completes an investigation initiated in 2018. The Austrian supervisor sided with NOYB/Max Schrems and considered that a website had breached the GDPR through the inclusion of a Meta/Facebook pixel and Single Sign-On widget (resulting in a personal data transfer to the United States). It appears from the decision that isolating any of these two features would not have made a difference, and, as well explained by Jorge García Herrero (ES), this misses a few key technical details: Whereas the SSO will only result in a transfer of limited information from Meta to the website (ie. In the opposite direction), the Facebook pixel collects entirely new hits or “events” for existing users of the platform. Also, Meta was here considered a mere data processor despite the fact that the company seems to be in full control of the purposes and means of the processing (note: the EDPB Guidelines on targeting social media users make Meta a joint controller in the use of Facebook pixels for paid advertising scenarios). TikTok suffered additional blows on the basis of both the privacy risks entailed in the Chinese Government accessing personal information about US or EU citizens, and the ability of its secret algorithm to curate the specific content made available to said individuals, thus exerting an undesirable level of influence. While its US CEO, Shou Zi Chew, testified before Congress, The US Federal Government, as well as many others throughout Europe, forbid their own personnel the use of the app on their official devices. Montana announced fines for the Google Play and Apple iOS stores if the app was not hidden for Montana-based individuals by January 1st 2024. The EU Commission announced that it would stress-test Twitter's ability to respond to disinformation in line with the upcoming Digital Services Act to ascertain whether it will already be at risk of breaching the new legal framework before it enters into force on August 25th. The company had announced its withdrawal from a voluntary code of conduct. Filtering out the robots on a given website (through the typical prompt that only a human should be able to respond to successfully) has just become more expensive. France's CNIL issued an #ePrivacy fine to scooter company Citiscoot for its retrieval of device information in the use of Google reCAPTCHA (it was accompanied by a separate breach of the GDPR due to its excessive collection of geo-location data). For its part, the Finnish DPO ordered (FI) the Finnish Meteorological Institute to disable the same tool (Google reCAPTCHA) on the basis of the resulting EU-US data transfers in the current post-SchremsII scenario - in this case Google Analytics was also involved in this decision for the same reasons, and the Institute ending up removing both tools from its website as well as being asked to delete all of the historical data available.  CNIL issued a 380k EUR fine to pan-European medical advice service Doctissimo for various GDPR infringements as well as a breach of the ePrivacy Directive (responsible for 100k of the total amount) consisting in serving two advertising cookies after users have selected the Reject All option in the website's consent banner.  FTC enforcement actions involving the use website/app user data for digital marketing purposes (healthcare, children): GoodRx, Betterhelp, Edmodo, Premom. The CNIL published the results of its own research on the use of cookies (assisted by CookieViz, an auditing tool developed internally, now open sourced) and the evolution of acceptance rates and third party cookie numbers over time. Other than a reminder of the 421 EUR piling up in cookie-related fines since 2020, the report contains interesting conclusions: 68% of French internet users consider that the information provided by the advertising ecosystem is insufficient or non-existent 39% are now rejecting all cookies, with 49% actively managing their consent preferences (analytics-related cookies are normally favored). The share of sites serving more than 6 third-party cookies dropped to 12% from 24%,  with 29% of all websites not serving any third-party cookies at all (vs. 20%) The IAB released TCF 2.2 on May 16th, finally removing the extremely confusing legitimate interest selectors for advertising and content personalization, replacing purposes and feature descriptions with a more user-friendly language, standardizing information about vendors, and providing a path for end users to withdraw their consent. CMPs are due to implement these changes by September 30th 2023. Following the TCF 2.2 announcement, Google has started reviewing and certifying Consent Management Platforms introducing new requirements under its Additional Consent Mode specification (important to remember that Consent Mode's Ghost call is still considered in breach of ePrivacy unless consent is specifically requested).

In this episode Jacob speaks with privacy attorney Donata Stroink-Skillrud. Donata is the chair of the American Bar Association's ePrivacy committee, and has an excellent understanding of privacy laws in the US and the EU.She shares the impact of US and EU privacy laws on businesses, how they can plan to comply, and much more!Here are some key topics we discussed:The importance of privacy lawsDifferences between EU and US approaches to privacyThe impact of GDPR and why many consider it to be the gold standard in privacy lawsCurrent and emerging state-level privacy laws in the USImplications of privacy laws for small businessesThe importance of only collecting the information you needThe status of the US's federal privacy law and how it compares to the GDPRHow GRC compliance frameworks like NIST's Privacy Framework and ISO 27001 can help complyDonata's website: https://termageddon.comFollow Donata on LinkedIn: https://www.linkedin.com/in/donata-stroink-skillrud/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e7&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

Trimestre completamente desbocado en lo que a noticias se refiere. Volvemos a cubrir las cinco categorías habituales (ePrivacy, Martech & AdTech, Competencia y mercados digitales, Zero-Party Data y Customer Centricity, futuro de los medios), destacando:  El vacío que deja la multa récord a Meta Fuegos cruzados en IA generativa e impacto en el marco legal Resolución sobre el píxel de Facebook y la infracción derivada de su incorporación a una web Sanciones en Francia y EEUU por integrar cookies de tercera parte y código de optimización publicitaria en apps móviles sin consentimiento (respectivamente) Sentencia TJUE sobre datos anónimos vs. pseudonimización Orientaciones AEPD, APEP, ISMS Forum para validar el cifrado como medida de seguridad Apple: Privacy Manifests y salvaguardas de VisionOS Cambios en el TCF 2.2 de la IAB e implementación de estos en Google Consent Mode Últimos tests para eliminar cookies de tercera parte en Chrome Directrices para Data Clean Rooms (IAB Tech Labs) Referencias: Resolución de la DPA austriaca sobre el uso de Facebook Pixel y Facebook Login en una web Jorge García Herrero: ¿El Facebook Login incumple el RGPD? Multa de CNIL a Doctissimo por varias infracciones, incluyendo haber servido dos cookies publicitarias una vez que se optaba por “Rechazarlas todas” en el gestor de consentimiento Acción de la FTC contra una aplicación móvil por compartir datos con fines publicitarios Sentencia del TJUE sobre anonimización y pseudonimización Orientaciones para validar el cifrado como medida de seguridad de los datos personales de la AEPD, ISMS Forum y APEP Privacy Manifests de Apple (Junio de 2023) TCF 2.2 de la IAB Pruebas de Google como alternativa a cookies de tercera parte en DV360 y Google Ads Directrices para el uso de Data Clean Rooms (IAB Tech Lab) Google "We Have No Moat, And Neither Does OpenAI" Adam Klee (Licorice) en Masters of Privacy Mattia Fosci (Anonymised) en Masters of Privacy CMA update report on implementation of the Privacy Sandbox commitments

Luis Gallego es consultor estratégico e Interim Manager para la transformación digital de pequeñas y medianas empresas. Anteriormente y durante más de 25 años dirigió el comercio electrónico, marketing digital y transformación de multinacionales como AXA, KIA Motors o Leroy Merlin. En su actual etapa es además profesor en distintas escuelas de negocio sobre transformación digital, Datos, UX o Diseño Organizacional (incluyendo el Programa de Dirección en Transformación Digital del Instituto de Empresa), y es coordinador de proyectos de impacto para MIT Professional Education. También escribe con regularidad en El Economista. Con Luis hemos hablado de: Las nuevas oportunidades abiertas a pequeñas y medianas empresas en comercio electrónico o aprovechamiento de datos El impacto del marco legal de la protección de datos sobre la capacidad de éstas para hacer frente a los gigantes del sector El posible desacoplamiento entre la ética de los datos y el mero cumplimiento legal El papel fundamental de la formación “vitalicia”, tanto para profesionales en la gran empresa como para pequeños empresarios Piezas clave de una relación basada en el respeto. Referencias: Luis Gallego en LinkedIn “Ahora toca Phygital” (Luis Gallego, El Economista, 2023) Programa de Dirección en Transformación Digital del Instituto de Empresa  MIT Professional Education

Since the GDPR came into force in 2018, privacy has become an integral part of any technology, new or old and AI is no different. In this episode, I discuss some of the important privacy aspects of ChatGPT and other AI tools, together with Avishai Ostrin, Director of Advisory Services at Privacy Team. This isn't the first time Avishai and I have combined forces. We co-authored an article about blockchain and privacy last year, titled: Privacy on the Blockchain — What role does privacy play in a world where nobody is ‘doxxed'? At the beginning of the episode [___], we discussed a case where someone asked ChatGPT for information about himself, and due to false information on the web, where the AI was drawing its data from, the AI said he was dead. The gentleman is actually a computer scientist and leading privacy technologist who helped develop Europe's GDPR and ePrivacy rules by the name of Alexander Hanff and he wrote an article all about it, with his take on ChatGPT, at least from a privacy perspective, here: https://www.theregister.com/2023/03/02/chatgpt_considered_harmful/ Enjoy! UPDATE: Since recording this episode (just a few days ago - to give you an idea as to the speed that things are moving), ChatGPT resumed service in Italy - https://techcrunch.com/2023/04/28/chatgpt-resumes-in-italy/

Peter Hense is a partner at Spirit Legal, Germany. He specializes in data privacy litigation, particularly in the area of Advertising Technology. In this episode we discuss the uselessness and potential demise of Consent Management Platforms (CMPs) in a first-party data future. We will also touch on Data Clean Rooms and whether they actually deserve the label. References:  Peter Hense on Twitter Spirit Legal Introductory article (Sergio Maldonado) Brave's announcement: Automated removal of consent pop-ups Consent-O-Matic: OneTrust files patent to circumvent CMP blockers (Vice Media) Tilman Herbrich on Data Clean Rooms

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Why So Many Cookie Banners?, published by jefftk on October 10, 2022 on LessWrong. Sometimes you'll see people saying things like: Using cookies to track state on a website, that is only used for that website, is fine. You don't need to ask for consent.—rrwo Or: You don't need a cookie banner to be allowed to create cookies. You only need them if you're using them for something like tracking.—y4mi Something like, "as long as you design your site properly and don't abuse storage you don't need to ask your European visitors for permission." While I'm not working in this area anymore, am not a lawyer, and am not attempting to give you legal advice, if you read the regulation this interpretation is completely off. Cookie banners are a response to the 2002 ePrivacy Directive (full text, guidance). While the ePrivacy Directive may be superseded soon by the (pretty similar) ePrivacy Regulation, it's still the current rule. It requires you to get consent from visitors before you store information on their computer (cookies, localStorage, etc) unless this behavior is "strictly necessary in order to provide an information society service explicitly requested by the subscriber or user" [1]. This isn't "in order to" or even "necessary in order to", it's "strictly necessary in order to". Which is quite firm! This excludes, for example, using a cookie for basic single-site analytics (4.3), where you want to figure out where users are getting stuck on your site or to populate a "users who viewed this product ended up buying this other product" box. Even though this information helps you improve your site for future visitors, including potentially this one, it isn't 'strictly necessary' for serving this user right now. If the user puts an item in their shopping cart you can set a cookie, because that's how you honor their request, but it's still quite restrictive (2.3): a merchant could set the cookie either to persist past the end of the browser session or for a couple of hours in the future to take into account the fact that the user may accidentally close his browser and could have a reasonable expectation to recover the contents of his shopping basket when he returns to the merchant's website in the following minutes. Maintaining a shopping cart across days isn't "strictly necessary" and so requires explicit consent. Despite it being a useful thing users may be expecting: if I put things in my cart, don't check out, and come back the next day, I'm going to be frustrated if the site has forgotten my selections! Similarly, say you have a "language" dropdown or a "dark mode" checkbox". Unless you have explicitly marked the UI control with text like "uses cookies" (3.6) you can't persist this setting for future visits. The overall effect of this is that most sites will not be ePrivacy-compliant unless they either (a) get cookie consent from users or (b) hire a lawyer to review each of the things they do in the context of ePrivacy, and make careful changes to keep everything within the tight bounds of "strictly necessary". It's not surprising we see so many cookie banners! [1] Technically it's also allowed if it's "for the sole purpose of carrying out the transmission in the electronic communications network and provided that the information is not stored for any period longer than is necessary for the transmission and for traffic management purposes, and that during the period of storage the confidentiality remains guaranteed". But the "strictly necessary" criterion covers almost everything in practice. Thanks for listening. To help us out with The Nonlinear Library or to learn more, please visit nonlinear.org.

Cory Underwood combines in-depth technical expertise in the MarTech and Analytics space with a thorough understanding of the ePrivacy legal framework. He has hands-on experience in Distributed System Design, A/B Testing, Tag Management or Analytics - and writes extensively about the intersection of digital analytics and cross-border privacy compliance. References: Cory Underwood's blog Global Privacy Control Sephora settlement  CNIL's suggestions for a GDPR-compliant Google Analytics deployment California Age-Appropriate Design Code Act American Data Privacy and Protection Act

World Renowned Privacy Lawyer With Over 25 Years Of Experience Shares The Secrets To His Success!Attention Data Privacy Professionals who want to take their career to the next level Hi, my name is Jamal Ahmed and I'd like to invite you to listen to this special episode of the #1 ranked Data Privacy podcast. In this episode we're joined by Eduardo Ustaran, Global co-head of the Hogan Lovells Privacy and Cybersecurity practice to talk about his illustrious career. Find out about his 'accidental' start in Data Privacy, the key privacy challenges every Privacy Pro must be aware of, plus a Q&A with the Privacy Pros community! Discover: The future of Data Privacy and how Privacy Pros can keep up with emerging technologies How to approach updates to Standard Contractual Clauses for International Data Transfers Why Data Protection should be a concern for everyone What it takes to sustain a thriving career in Data Privacy What the industry is missing and how to stand out You can't afford to miss this episode! Global co-head of the Hogan Lovells Privacy and Cybersecurity practice Eduardo Ustaran is widely recognized as one of the world's leading privacy and data protection lawyers and thought leaders. With over 25 years of experience, Eduardo advises multinationals and governments around the world on the adoption of privacy and cybersecurity strategies and policies. Eduardo has been involved in the development of the EU data protection framework and was listed by Politico as the most prepared individual in its 'GDPR power matrix'. Based in London, Eduardo leads a dedicated team advising on all aspects of data protection law – from strategic issues related to the latest technological developments such as artificial intelligence and connected devices to the implementation of global privacy compliance programs and mechanisms to legitimize international data flows. Eduardo is the author of The Future of Privacy (DataGuidance, 2013), a ground-breaking book where he anticipates the key elements that organizations and privacy professionals will need to tackle to comply with the regulatory framework of the future. Eduardo is co-founder and editor of Data Protection Leader, a member of the panel of experts of DataGuidance, and a former member of the Board of Directors of the IAPP. Eduardo is executive editor of European Data Protection Law and Practice (IAPP, 2018), and co-author of Data Protection: A Practical Guide to UK and EU Law (OUP, 2018), Beyond Data Protection (Springer, 2013), E-Privacy and Online Data Protection (Tottel Publishing, 2007) and of the Law Society's Data Protection Handbook (2004). Eduardo has lectured at the University of Cambridge on data protection as part of its Masters of Bioscience Enterprise, and regularly speaks at international conferences. Follow Jamal on LinkedIn:https://www.linkedin.com/in/kmjahmed/ ( https://www.linkedin.com/in/kmjahmed/) Connect with Eduardo on LinkedIn: https://www.linkedin.com/in/eduardoustaran/ (https://www.linkedin.com/in/eduardoustaran/) Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers► https://my.captivate.fm/%C2%A0https://newsletter.privacypros.academy/sign-up ( https://newsletter.privacypros.academy/sign-up) Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyPros (https://www.youtube.com/c/PrivacyPros) Join the Privacy Pros Academy Private Facebook Group for:Free LIVE Training Free Easy Peasy Data Privacy Guides Data Protection Updates and so much more Apply to join here whilst it's still free: https://www.facebook.com/groups/privacypro (https://www.facebook.com/groups/privacypro)

It is the fifth anniversary of GDPR, which went into effect and 2018. Since its passage, there have been significant efforts at compliance, At the same time, unfortunately, consumers still felt nudged or bullied by big tech companies into agreeing to business under the old rules, posing the question is the spirit behind the legislation on a level playing field. Then came the pandemic, and in March 2020, the world changed. Virtually every business was forced online and reached out to their consumers digitally. However, GDPR was not at the forefront of most business activities as companies focused on customer retention and not necessarily if they were compliant. Technology has also changed- it went into warp speed in 2020, forcing legislators to keep up with new technology channels. This episode talks about what has happened and what will happen in the upcoming years as countries try to formulate new ePrivacy Regulations.

It is the fifth anniversary of GDPR, which went into effect and 2018. Since its passage, there have been significant efforts at compliance, At the same time, unfortunately, consumers still felt nudged or bullied by big tech companies into agreeing to business under the old rules, posing the question is the spirit behind the legislation on a level playing field. Then came the pandemic, and in March 2020, the world changed. Virtually every business was forced online and reached out to their consumers digitally. However, GDPR was not at the forefront of most business activities as companies focused on customer retention and not necessarily if they were compliant. Technology has also changed- it went into warp speed in 2020, forcing legislators to keep up with new technology channels. This episode talks about what has happened and what will happen in the upcoming years as countries try to formulate new ePrivacy Regulations.