European Union regulation on the processing of personal data
POPULARITY
Democracy is at the heart of the EU's and Member States' political foundations. Yet in an increasingly volatile global landscape— marked by the rise of authoritarianism, foreign interference, and disinformation— it cannot be taken for granted. The digital public sphere is particularly vulnerable to manipulation: recently, we have seen influencers being paid to promote certain political candidates and AI-generated fake news flooding social media platforms. Beyond external threats, there is a growing sense of disengagement among citizens from democratic participation. How can the EU address these challenges? One of the European Commission's priorities for 2025 is the European Democracy Shield, which is envisaged as a tool to combat digital propaganda, develop media literacy and support free and independent media and civil society. In his address to the IIEA, Michael McGrath, Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, speaks about the European Commission's plans to protect European democracy, in particular, through the European Democracy Shield. About the Speaker: Michael McGrath assumed the role of EU Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection on 1 December 2024, as a member of the European Commission under the leadership of President Ursula von der Leyen. Commissioner McGrath has specific responsibility for upholding the rule of law, protecting democracy and fundamental rights, tackling disinformation, improving criminal justice cooperation and strengthening the rights of victims of crime. His broad portfolio also includes improving EU competitiveness through the reform of company law and civil law. He has responsibility for consumer protection policy and for ensuring compliance with the General Data Protection Regulation across the EU. Prior to his appointment, Commissioner McGrath served as Ireland's Minister for Finance from 2022 to 2024, as Minister for Public Expenditure and Reform from 2020 to 2022, and was an elected member of the Irish Parliament from 2007 to 2024.
In this episode of RCA Radio®, host Brandon Miller is joined by Rod Mell, Executive Head – Life Science Consulting at RCA, as well as Jordan Elder, Director of Regulatory both at Regulatory Compliance Associates. We explore possible changes in the Medical Device industry in 2025 and provide you with insight on how to prepare yourself for these upcoming initiatives.Listen in as we go over updated EU MDR / EUDAMED timelines, recent and upcoming final guidance documents, the strategic priorities outlined by the FDA, the Quality Management System Regulation (QMSR Final Rule), the agency inspection focuses, and how companies can prepare themselves for success with the incoming changes. About RCARegulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:PharmaceuticalBiologic & BiotechnologySterile compoundingMedical deviceWe understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies.As your partners, we can negotiate the potential minefield of regulatory, compliance, quality, and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
In its first leading judgment (decision of November 18, 2024, docket no.: VI ZR 10/24), the German Federal Court of Justice (BGH) dealt with claims for non-material damages pursuant to Art. 82 GDPR following a scraping incident. According to the BGH, a proven loss of control or well-founded fear of misuse of the scraped data by third parties is sufficient to establish non-material damage. The BGH therefore bases its interpretation of the concept of damages on the case law of the CJEU, but does not provide a clear definition and leaves many questions unanswered. Our German data litigation lawyers, Andy Splittgerber, Hannah von Wickede and Johannes Berchtold, discuss this judgment and offer insights for organizations and platforms on what to expect in the future. ----more---- Transcript: Intro: Hello, and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting-edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day. Andy: Hello, everyone, and welcome to today's episode of our Reed Smith Tech Law Talks podcast. In today's episode, we'll discuss the recent decision of the German Federal Court of Justice, the FCJ, of November 18, 2024, on compensation payments following a data breach or data scraping. My name is Andy Splittgerber. I'm partner at Reed Smith's Munich office in the Emerging Technologies Department. And I'm here today with Hannah von Wickede from our Frankfurt office. Hannah is also a specialist in data protection and data litigation. And Johannes Berchtold, also from Reed Smith in the Munich office, also from the emerging technologies team and tech litigator. Thanks for taking the time and diving a bit into this breathtaking case law. Just to catch everyone up and bring everyone on the same speed, it was a case decided by the German highest civil court, in an action brought by a user of a social platform who wanted damages after his personal data was scraped by a hacker from that social media network. And that was done through using the telephone number or trying out any kind of numbers through a technical fault probably, and this find a friend function. And through this way, the hackers could download a couple of million data sets from users of that platform, which then could be found in the dark web. And the user then started an action before the civil court claiming for damages. And this case was then referred to the highest court in Germany because of the legal difficulties. Hannah, do you want to briefly summarize the main legal findings and outcomes of this decision? Hannah: Yes, Andy. So, the FCJ made three important statements, basically. First of all, the FCJ provided its own definition of what a non-material damage under Article 82 GDPR is. They are saying that mere loss of control can constitute a non-material damage under Article 82 GDPR. And if such a loss of the plaintiffs is not verifiable, that also justified fear of personal data being misused can constitute a non-material damage under GDPR. So both is pretty much in line with what the ECJ already has said about non-material damages in the past. And besides that, the FCJ makes also a statement regarding the amount of compensation for non-material damages following from scraping incident. And this is quite interesting because according to the FCJ, the amount of the claim for damages in such cases is around 100 euros. That is not much money. However, FCJ also says both loss of control and reasonable apprehension, also including the negative consequences, must first be proven by the plaintiff. Andy: So we have an immaterial damage that's important for everyone to know. And the legal basis for the damage claim is Article 82 of the General Data Protection Regulation. So it's not German law, it's European law. And as you'd mentioned, Hannah, there was some ECJ case law in the past on similar cases. Johannes, can you give us a brief summary on what these rulings were about? And on your view, does the FCJ bring new aspects to these cases? Or is it very much in line with the European Court of Justice that already? Johannes: Yes, the FCJ has quoted ECJ quite broadly here. So there was a little clarification in this regard. So far, it's been unclear whether the loss of control itself constitutes the damage or whether the loss of control is a mere negative consequence that may constitute non-material damage. So now the Federal Court of Justice ruled that the mere loss of control constitutes the direct damage. So there's no need for any particular fear or anxiety to be present for a claim to exist. Andy: Okay, so it's not. So we read a bit in the press after the decision. Yes, it's very new and interesting judgment, but it's not revolutionary. It stays very close to what the European Court of Justice said already. The loss of control, I still struggle with. I mean, even if it's an immaterial damage, it's a bit difficult to grasp. And I would have hoped FCJ provides some more clarity or guidance on what they mean, because this is the central aspect, the loss of control. Johannes, you have some more details? What does the court say or how can we interpret that? Johannes: Yeah, Andy, I totally agree. So in the future, discussion will most likely tend to focus on what actually constitutes a loss of control. So the FCJ does not provide any guidance here. However, it can already be said the plaintiff must have had the control over his data to actually lose it. So whether this is the case is particularly questionable if the actual scrape data was public, like in a lot of cases where we have in Germany right here, and or if the data was already included in other leaks, or the plaintiff published the data on another platform, maybe on his website or another social network where the data was freely accessible. So in the end, it will probably depend on the individual case if there was actually a loss of control or not. And we'll just have to wait on more judgments in Germany or in Europe to define loss of control in more detail. Andy: Yeah, I think that's also a very important aspect of this case that was decided here, that the major cornerstones of the claim were established, they were proven. So it was undisputed that the claimant was a user of the network. It was undisputed that the scraping took place. It was undisputed that the user's data was affected part of the scraping. And then also the user's data was found in the dark web. So we have, in this case, when I say undistributed, it means that the parties did not dispute about it and the court could base their legal reasoning on these facts. In a lot of cases that we see in practice, these cornerstones are not established. They're very often disputed. Often you perhaps you don't even know that the claimant is user of that network. There's always dispute or often dispute around whether or not a scraping or a data breach took place or not. It's also not always the case that data is found in the dark web. I think this, even if the finding in the dark web, for example, is not like a written criteria of the loss of control. I think it definitely is an aspect for the courts to say, yes, there was loss of control because we see that the data was uncontrolled in the dark web. So, and that's a point, I don't know if any of you have views on this, also from the technical side. I mean, how easy and how often do we see that, you know, there is like a tag that it says, okay, the data in the dark web is from this social platform? Often, users are affected by multiple data breaches or scrapings, and then it's not possible to make this causal link between one specific scraping or data breach and then data being found somewhere in the web. Do you think, Hannah or Johannes, that this could be an important aspect in the future when courts determine the loss of control, that they also look into, you know, was there actually, you know, a loss of control? Hannah: I would say yes, because it was already mentioned that the plaintiffs must first prove that there is a causal damage. And a lot of the plaintiffs are using various databases that list such alleged breaches, data breaches, and the plaintiffs always claim that this would indicate such a causal link. And of course, this is now a decisive point the courts have to handle, as it is a requirement. Before you get to the damage and before you can decide if there was a damage, if there was a loss of control, you have to prove if the plaintiff even was affected. And yeah, that's a challenge and not easy in practice because there's also a lot of case law already about these databases or on those databases that there might not be sufficient proof for the plaintiffs being affected by alleged data breaches or leaks. Andy: All right. So let's see what's happening also in other countries. I mean, the Article 82, as I said in the beginning, is a European piece of law. So other countries in Europe will have to deal with the same topics. We cannot come up with our German requirements or interpretation of immaterial damages that are rather narrow, I would say. So Hannah, any other indications you see from the European angle that we need to have in mind? Hannah: Yes, you're right. And yet first it is important that this concept of immaterial damage is EU law, is in accordance with EU law, as this is GDPR. And as Johannes said, the ECJ has always interpreted this damage very broadly. And does also not consider a threshold to be necessary. And I agree with you that it is difficult to set such low requirements for the concept of damage and at the same time not demand materiality or a threshold. And in my opinion, the Federal Court of Justice should perhaps have made a submission here to the ECJ after all because it is not clear what loss of control is. And then without a material threshold, this contributes a lot to legal insecurity for a lot of companies. Andy: Yeah. Thank you very much, Hannah. So yes, the first takeaway for us definitely is loss of control. That's a major aspect of the decision. Other aspects, other interesting sentences or thoughts we see in the FCJ decision. And one aspect I see or I saw is right at the beginning where the FCJ merges together two events. The scraping and then a noncompliance with data access requests. And that was based in that case on contract, but similar on Article 15, GDPR. So those three events are kind of like merged together as one event, which in my view doesn't make so much sense because they're separated from the event, from the dates, from the actions or non-actions, and also then from the damages from a non-compliance with an Article 15. I think it's much more difficult to argue with a damage loss of control than with a scraping or a data breach. That that's not a major aspect of the decision but I think it was an interesting finding. Any other aspects, Hannah or Johannes, that you saw in the decision worth mentioning here for our audience? Johannes: Yeah so I think discussion in Germany was really broadly so i think just just maybe two points have been neglected in the discussion so far. First, towards the ending of the reasoning, the court stated that data controllers are not obliged to provide information about unknown recipients. For example, like in scraping cases, controllers often do not know who the scrapers are. So there's no obligation for them to provide any names of scrapers they don't know. That clarification is really helpful in possible litigation. And on the other hand, it's somewhat lost in the discussion that the damages of the 100 euros only come into consideration if the phone number, the user ID, the first name, the last name, the gender, and the workplace are actually affected. So accordingly, if less data, maybe just an email address or a name, or less sensitive data was scraped, the claim for damages can or must even be significantly lower. Andy: All right. Thanks, Johannes. That's very interesting. So, not only the law of control aspect, but also other aspects in this decision that's worth mentioning and reading if you have the time. Now looking a bit into the future, what's happening next, Johannes? What are your thoughts? I mean, you're involved in some similar litigation as well, as so is Hannah, what do you expect, What's happening to those litigation cases in the future? Any changes? Will we still have law firms suing after social platforms or suing for consumers after social platforms? Or do we expect any changes in that? Johannes: Yeah, Andy, it's really interesting. In this mass GDPR litigation, you always have to consider the business side, not always just the legal side. So I think the ruling will likely put an end to the mass GDPR litigation as we know it in the past. Because so far, the plaintiffs have mostly appeared just with a legal expenses insurer. So the damages were up to like 5,000 euros and other claims have been asserted. So the value in dispute could be pushed to the edge. So it was like maybe around 20,000 euros in the end. But now it's clear that the potential damages in such scraping structures are more likely to be in the double-digit numbers, like, for example, 100 euros or even less. So as a result, the legal expenses insurers will no longer fund their claims for 5,000 euros. But at the same time, the vast majority of legal expenses insurers have agreed to a deductible of more than 100 euros. So the potential outcome and the risk of litigation are therefore disproportionate. And as a result, the plaintiffs will probably refrain from filing such lawsuits in the future. Andy: All right. So good news for all insurers in the audience or better watch out for requests for coverage of litigation and see if not the values in this cube are much too high. So we will probably see less of insurance coverage cases, but still, definitely, we expect the same amount or perhaps even more litigation because the number as such, even if it's only 100 euros, seems certainly attractive for users as a so-called low-hanging fruit. And Hannah, before we close our podcast today, again, looking into the future, what is your recommendation or your takeaways to platforms, internet sites, basically everyone, any organization handling data can be affected by data scraping or a data breach. So what is your recommendation or first thoughts? How can those organizations get ready or ideally even avoid such litigation? Hannah: So at first, Andy, it is very important to clarify that the FCJ judgment is ruled on a specific case in which non-public data was made available to the public as a result of a proven breach of data protection. And that is not the case in general. So you should avoid simply apply this decision to every other case like a template because if other requirements following from the GDPR are missing, the claims will still be unsuccessful. And second, of course, platforms companies have to consider what they publish about their security vulnerabilities and take the best possible precautions to ensure that data is not published on the dark web. And if necessary, companies can transfer the risk of publication to the user simply by adjusting their general terms and conditions. Andy: Thanks, Hannah. These are interesting aspects and I see a little bit of conflict between the breach notification obligations under Article 33, 34, and then the direction this caseload goes. That will also be very interesting to see. Thank you very much, Hannah and Johannes, for your contribution. That was a really interesting, great discussion. And thank you very much to our audience for listening in. This was today's episode of our EU Reed Smith Tech Law Talks podcast. We thank you very much for listening. Please leave feedback and comments in the comments fields or send us an email. We hope to welcome you soon to our next episode. Have a nice day. Thank you very much. Bye bye. Outro: Tech Law Talks is a Reed Smith production. Our producers are Ali McCardell and Shannon Ryan. For more information about Reed Smith's emerging technologies practice, please email techlawtalks@reedsmith.com. You can find our podcast on Spotify, Apple Podcasts, Google Podcasts, reedsmith.com, and our social media accounts. Disclaimer: This podcast is provided for educational purposes. It does not constitute legal advice and is not intended to establish an attorney-client relationship, nor is it intended to suggest or establish standards of care applicable to particular lawyers in any given situation. Prior results do not guarantee a similar outcome. Any views, opinions, or comments made by any external guest speaker are not to be attributed to Reed Smith LLP or its individual lawyers. All rights reserved. Transcript is auto-generated.
Marketing McCants: Build Your Business with Cheryl McCants your Marketing Momma
Because email serves as a major personal connection between your brand and your customers, you need to pay strong attention to and obey the General Data Protection Regulation law (or GDPR). Overlooking this law can seriously cost your business. --- Support this podcast: https://podcasters.spotify.com/pod/show/cheryl-mccants/support
Reed Smith emerging tech lawyers Andy Splittgerber in Munich and Cynthia O'Donoghue in London join entertainment & media lawyer Monique Bhargava in Chicago to delve into the complexities of AI governance. From the EU AI Act to US approaches, we explore common themes, potential pitfalls and strategies for responsible AI deployment. Discover how companies can navigate emerging regulations, protect user data and ensure ethical AI practices. ----more---- Transcript: Intro: Hello and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting-edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day. Andy: Welcome to Tech Law Talks and our new series on artificial intelligence. Over the coming months, we'll explore the key challenges and opportunities within the rapidly evolving AI landscape globally. Today, we'll focus on AI and governance with a main emphasis on generative AI in a regional perspective if we look into Europe and the US. My name is Andy Splittgerber. I'm a partner in the Emerging Technologies Group of Reed Smith in Munich, and I'm also very actively advising clients and companies on artificial intelligence. Here with me, I've got Cynthia O'Donoghue from our London office and Nikki Bhargava from our Chicago office. Thanks for joining. Cynthia: Thanks for having me. Yeah, I'm Cynthia O'Donoghue. I'm an emerging technology partner in our London office, also currently advising clients on AI matters. Monique: Hi, everyone. I'm Nikki Bhargava. I'm a partner in our Chicago office and our entertainment and media group, and really excited to jump into the topic of AI governance. So let's start with a little bit of a basic question for you, Cynthia and Andy. What is shaping how clients are approaching AI governance within the EU right now? Cynthia: Thanks, Nikki. The EU is, let's say, just received a big piece of legislation, went into effect on the 2nd of October that regulates general purpose AI and high risk general purpose AI and bans certain aspects of AI. But that's only part of the European ecosystem. The EU AI Act essentially will interplay with the General Data Protection Regulation, the EU's Supply Chain Act, and the latest cybersecurity law in the EU, which is the Network and Information Security Directive No. 2. so essentially there's a lot of for organizations to get their hands around in the EU and the AI act has essentially phased dates of effectiveness but the the biggest aspect of the EU AI act in terms of governance lays out quite a lot and so it's a perfect time for organizations to start are thinking about that and getting ready for various aspects of the AAC as they in turn come into effect. How does that compare, Nikki, with what's going on in the U.S.? Monique: So, you know, the U.S. is still evaluating from a regulatory standpoint where they're going to land on AI regulation. Not to say that we don't have legislation that has been put into place. We have Colorado with the first comprehensive AI legislation that went in. And we also had, you know, earlier in the year, we also had from the Office of Management and Budget guidelines to federal agencies about how to procure and implement AI, which has really informed the governance process. And I think a lot of companies in the absence of regulatory guidance have been looking to the OMB memo to help inform what their process may look like. And I think the one thing I would highlight, because we're sort of operating in this area of unknown and yet-to-come guidance, that a lot of companies are looking to their existing governance frameworks right now and evaluating how they're both from a company culture perspective, a mission perspective, their relationship with consumers, how they want to develop and implement AI, whether it's internally or externally. And a lot of the governance process and program pulls guidance from some of those internal ethics as well. Cynthia: Interesting, so I'd say somewhat similar in the EU, but I think, Andy, the consumer, I think the US puts more emphasis on, consumer protection, whereas the EU AI Act is more all-encompassing in terms of governance. Wouldn't you agree? Andy: Yeah, that was also the question I wanted to ask Nikki, is where she sees the parallels and whether organizations, in her view, can follow a global approach for AI are ai governance and yes i like for the for the question you asked yes i mean the AI act is the European one is more encompassing it is i'm putting a lot of obligations on developers and deployers like companies that use ai in the end of course it also has the consumer or the user protection in the mind but the rules directly rated relating to consumers or users are I would say yeah they're limited. So yeah Nikki well what what's kind of like you always you always know US law and you have a good overview over European laws what is we are always struggling with all the many US laws so what's your thought can can companies in terms of AI governance follow a global approach? Monique: In my opinion? Yeah, I do think that there will be a global approach, you know, the way the US legislates, you know, what we've seen is a number of laws that are governing certain uses and outputs first, perhaps because they were easier to pass than such a comprehensive law. So we see laws that govern the output in terms of use of likenesses, right, of publicity violations. We're also seeing laws come up that are regulating the use of personal information and AI as a separate category. We're also seeing laws, you know, outside of the consumer, the corporate consumer base, we're also seeing a lot of laws around elections. And then finally, we're seeing laws pop up around disclosure for consumers that are interacting with AI systems, for example, AI powered chatbots. But as I mentioned, the US is taking a number of cues from the EU AI Act. So for example, Colorado did pass a comprehensive AI law, which speaks to both obligations for developers and obligations to deployers, similar to the way the EU AI Act is structured, and focusing on what Colorado calls high risk AI systems, as well as algorithmic discrimination, which I think doesn't exactly follow the EU AI Act, but draws similar parallels, I think pulls a lot of principles. That's the kind of law which I really see informing companies on how to structure their AI governance programs, probably because the simple answer is it requires deployers at least to establish a risk management policy and procedure and an impact assessment for high risk systems. And impliedly, it really requires developers to do the same. Because developers are required to provide a lot of information to deployers so that deployers can take the legally required steps in order to deploy the AI system. And so inherently, to me, that means that developers have to have a risk management process themselves if they're going to be able to comply with their obligations under Colorado law. So, you know, because I know that there are a lot of parallels between what Colorado has done, what we see in our memo to federal agencies and the EU AI Act, maybe I can ask you, Cynthia and Andy, to kind of talk a little bit about what are some of the ways that companies approach setting up the structure of their governance program? What are some buckets that it is that they look at, or what are some of the first steps that they take? Cynthia: Yeah, thanks, Nikki. I mean, it's interesting because you mentioned about the company-specific uses and internal and external. I think one thing, you know, before we get into the governance structure or maybe part of thinking about the governance structure is that for the EU AI Act, it also applies to employee data and use of AI systems for vocational training, for instance. So I think in terms of governance structure. Certainly from a European perspective, it's not necessarily about use cases, but about really whether you're using that high risk or general purpose AI and, you know, some of the documentation and certification requirements that might apply to the high risk versus general purpose. But the governance structure needs to take all those kinds of things into account. Account so you know obviously guidelines and principles about the you know how people use external AI suppliers how it's going to be used internally what are the appropriate uses you know obviously if it's going to be put into a chatbot which is the other example you used what are rules around acceptable use by people who interact with that chatbot as well as how is that chatbot set up in terms of what would be appropriate to use it for. So what are the appropriate use cases? So, you know, guidelines and policies, definitely foremost for that. And within those guidelines and policies, there's also, you know, the other documents that will come along. So terms of use, I mentioned acceptable use, and then guardrails for the chatbot. I mean, I mean, one of the big things for EU AI is human intervention to make sure if there's any anomalies or somebody tries to game it, that there can be intervention. So, Andy, I think that dovetails into the risk management process, if you want to talk a bit more about that. Andy: Yeah, definitely. I mean, the risk management process in the wider sense, of course, like how do organizations start this at the moment is first setting up teams or you know responsible persons within the organization that take care of this and we're gonna discuss a bit later on how that structure can look like and then of course the policies you mentioned not only regarding the use but also how to or which process to follow when AI is being used or even the question what is AI and how do we at all find out in our organization where we're using AI and what is an AI system as defined under the various laws, also making sure we have a global interpretation of that term. And then that is a step many of our clients are taking at the moment is like setting up an AI inventory. And that's already a very difficult and tough step. And then the next one is then like per AI system that is then coming up in this register is to define the risk management process. And of course, that's the point where in Europe, we look into the AI Act and look what kind of AI system do we have, high risk or any other sort of defined system. Or today, we're talking about the generative AI systems a bit more. For example, there we have strong obligations in the European AI Act on the providers of such generative AI. So less on companies that use generative AI, but more on those that develop and provide the generative AI because they have the deeper knowledge on what kind of training data is being used. They need to document how the AI is working and they need to also register this information with the centralized database in the European Union. They also need to give some information on copyright protected material that is contained in the training data so there is quite some documentation requirements and then of course so logging requirements to make sure the AI is used responsibly and does not trigger higher are risks. So there's also two categories of generative AI that can be qualified. So that's kind of like the risk management process under the European AI Act. And then, of course, organizations also look into risks into other areas, copyright, data protection, and also IT security. Cynthia, I know IT security is one of the topics you love. You add some more on IT security here and then we'll see what Nikki says for the US. Cynthia: Well, obviously NIST 2.0 is coming into force. It will cover providers of certain digital services. So it's likely to cover providers of AI systems in some way or other. And funny enough, NIST 2.0 has its own risk management process involved. So there's supply chain due diligence involved, which would have to be baked into a risk management process for that. And then the EU's ENISA, Cybersecurity Agency for the EU, has put together a framework for cybersecurity, for AI systems, dot dot binding. But it's certainly a framework that companies can look to in terms of getting ideas for how best to ensure that their use of AI is secure. And then, of course, under NIST, too, the various C-Certs will be putting together various codes and have a network meeting late September. So we may see more come out of the EU on cybersecurity in relation to AI. But obviously, just like any kind of user of AI, they're going to have to ensure that the provider of the AI has ensured that the system itself is secure, including if they're going to be putting trained data into it, which of course is highly probable. I just want to say something about the training data. You mentioned copyright, and there's a difference between the EU and the UK. So in the UK, you cannot use, you know, mine data for commercial purposes. So at one point, the UK was looking at an exception to copyright for that, but it doesn't look like that's going to happen. So there is a divergence there, but that stems from historic UK law rather than as a result of the change from Brexit. Nikki, turning back to you again, I mean, we've talked a little bit about risk management. How do you think that that might differ in the US and what kind of documentation might be required there? Or is it a bit looser? Monique: I think there are actually quite a bit of similarities that I would pull from what, you know, we have in the EU. And Andy, I think this goes back to your question about whether companies can establish a global process, right? In fact, I think it's going to to be really important for companies to see this as a global process as well. Because AI development is going to happen, you know, throughout the world. And it's really going to depend on where it's developed, but also where it's deployed, you know, and where the outputs are deployed. So I think taking a, you know, broader view of risk management will be really important in the the context of AI, particularly given. That the nature of AI is to, you know, process large swaths of information, really on a global scale, in order to make these analytics and creative development and content generation processes faster. So that just a quick aside of I actually think what we're going to see in the US is a lot of pulling from what we've seen that you and a lot more cooperation on that end. I agree that, you know, really starting to frame the risk governance process is looking at who are the key players that need to inform that risk measurement and tolerance analytics, that the decision making in terms of how do you evaluate, how do you inventory. Evaluate, and then determine how to proceed with AI tools. And so, you know, one of the things that I think makes it hopefully a little bit easier is to be able to leverage, you know, from a U.S. Perspective, leverage existing compliance procedures that we have, for example, for SEC compliance or privacy compliance or, you know, other ethics compliance programs. Brands and make AI governance a piece of that, as well as, you know, expand on it. Because I do think that AI governance sort of brings in all of those compliance pieces. We're looking at harms that may exist to a company, not just from personal information, not just from security. Not just from consumer unfair deceptive trade practices, not just from environmental, standpoints, but sort of the very holistic view of not to make this a bigger thing than it is, but kind of everything, right? Kind of every aspect that comes in. And you can see that in some of the questions that developers are supposed to be able to answer or deployers are supposed to be able to answer in risk management programs, like, for example, in Colorado, right, the information that you need to be able to address in a risk management program and an impact assessment really has to demonstrate an understanding of, of the AI system, how it works, how it was built, how it was trained, what data went into it. And then what are the full, what is the full range of harms? So for example, you know, the privacy harms, the environmental harms, the impact on employees, the impact on internal functions, the impact on consumers, if you're using it externally, and really be able to explain that, whether you have to put out a public statement or not, that will depend on the jurisdiction. But even internally, to be able to explain it to your C-suite and make them accountable for the tools that are being brought in, or make it explainable to a regulator if they were to come in and say, well, what did you do to assess this tool and mitigate known risks? So, you know, kind of with that in mind, I'm curious, what steps do you think need to go into a governance program? Like, what are one of the first initial steps? And I always feel that we can sort of start in so many different places, right, depending on how a company is structured, or what initial compliance pieces are. But I'm curious to know from you, like, Like, what would be one of the first steps in beginning the risk management program? Cynthia: Well, as you said, Nikki, I mean, one of the best things to do is leverage existing governance structures. You know, if we look, for instance, into how the EU is even setting up its public authorities to look at governance, you've got, as I've mentioned, you know, kind of at the outset, you've almost got a multifaceted team approach. And I think it would be the same. I mean, the EU anticipates that there will be an AI officer, but obviously there's got to be team members around that person. There's going to be people with subject matter expertise in data, subject matter expertise in cyber. And then there will be people who have subject matter expertise in relation to the AI system itself, the data, training data that's been used, how it's been developed, how the algorithm works. Whether or not there can be human intervention. What happens if there are anomalies or hallucinations in the data? How can that be fixed? So I would have thought that ultimately part of that implementation is looking at governance structure and then starting from there. And then obviously, I mean, we've talked about some of the things that go into the governance. But, you know, we have clients who are looking first at use case and then going, okay, what are the risks in relation to that use case? How do we document it? How do we log it? How do we ensure that we can meet our transparency and accountability requirements? You know, what other due diligence and other risks are out there that, you know, blue sky thinking that we haven't necessarily thought about. Andy, any? Andy: Yeah, that's, I would say, one of the first steps. I mean, even though not many organizations allocate now the core AI topic in the data protection department, but rather perhaps in the compliance or IT area, still from the governance process and starting up that structure, we see a lot of similarities to the data protection. Protection GDPR governance structure and so yeah I think back five years to implementation or getting ready for GDPR planning and checking what what other rules we we need to comply with who knew do we need to involve get the plan ready and then work along that plan that's that's the phase where we see many of our clients at the moment. Nikki, more thoughts from your end? Monique: Yeah, I think those are excellent points. And what I have been talking to clients about is sort of first establishing the basis of measurement, right, that we're going to evaluate AI development on or procurement on. What are the company's internal principles and risk tolerances and defining those? And then based off of those principles and those metrics, putting together an impact assessment, which borrows a lot from what, you know, from what you both said, it borrows a lot from the concept of impact assessments under privacy compliance, right? Right, to implement the right questions and put together the right analytics in order to measure whether a AI tool that's in development is meeting up to those metrics, or something that we are procuring is meeting those metrics, and then analyzing the risks that are coming out of that. I think a lot of that, the impact assessment is going to be really important in helping make those initial determinations. But also, you know, and this is not just my feeling, this is something that is also required in the Colorado law is setting up an impact assessment, and then repeating it annually, which I think is particularly important in the context of AI, especially generative AI, because generative AI is a learning system. So it is going to continue to change, There may be additional modifications that are made in the course of use that is going to require reassessing, is the tool working the way it is intended to be working? You know, what has our monitoring of the tool shown? And, you know, what are the processes we need to put into place? In order to mitigate the tool, you know, going a little bit off path, AI drift, more or less, or, you know, if we start to identify issues within the AI, how do we what processes do we have internally to redirect the ship in the right process. So I think impact assessments are going to be a critical tool in helping form what is the rest of the risk management process that needs to be in place. Andy: All right. Thank you very much. I think these were a couple of really good practical tips and especially first next steps for our listeners. We hope you enjoyed the session today and look forward if you have any feedback to us either here in the comment boxes or directly to us. And we hope to welcome you soon in one of our next episodes on AI, the law. Thank you very much. Outro: Tech Law Talks is a Reed Smith production. Our producers are Ali McCardell and Shannon Ryan. For more information about Reed Smith's emerging technologies practice, please email techlawtalks@reedsmith.com. You can find our podcasts on Spotify, Apple Podcasts, Google Podcasts, reedsmith.com, and our social media accounts. Disclaimer: This podcast is provided for educational purposes. It does not constitute legal advice and is not intended to establish an attorney-client relationship, nor is it intended to suggest or established standards of care applicable to particular lawyers in any given situation. Prior results do not guarantee a similar outcome. Any views, opinions, or comments made by any external guest speaker are not to be attributed to Reed Smith LLP or its individual lawyers. All rights reserved. Transcript is auto-generated.
This week Rick Ferguson travels to the European Union for a look into the current state of General Data Protection Regulation compliance, Charlie Hills, of WPP, gives a summary of the UK loyalty market and Amanda Cromhout shares her inspiration for setting up the Blind Loyalty Trust.
212.Bölümde Szeged Üniversitesi Hukuk Fakültesi öğretim üyesi Dr. Gizem Gültekin-Várkonyi konuğum oldu. Robot Yargıçlar kitabının yazarı, Kişisel Verilerin Korunması Çalışma Kitabı'nın da editörü olan Dr. Gizem Gültekin-Várkonyi'nin uzmanlık alanı teknoloji hukuku. (00:00) - Açılış https://www.linkedin.com/posts/hamna-aslam-kahn_finally-someone-said-it-btw-activity-7203055216269733888-SXRM?utm_source=share&utm_medium=member_desktop (04:12) – Hayata nasıl gidiyor?… Avrupa'da sosyal medya bağımlılığı. (07:36) - Dr.Gizem Gültekin-Várkonyi'yi tanıyoruz. Gül Baba Türbesi - https://tr.wikipedia.org/wiki/G%C3%BCl_Baba_T%C3%BCrbesi (10:44) – Sosyal Robotlar Nedir? Japonya'da sosyal robotların yükselişi - https://www.indyturk.com/node/573651/t%C3%BCrki%CC%87yeden-sesler/japonyada-sosyal-robotlar%C4%B1n-y%C3%BCkseli%C5%9Fi-yaln%C4%B1zl%C4%B1kla-ba%C5%9Fa-%C3%A7%C4%B1kmak-i%C3%A7in#:~:text=%C3%96yle%20ki%20Tokyo%20ve%20Osaka,tasarlanm%C4%B1%C5%9F%20robotlar%20yer%20almaya%20ba%C5%9Flad%C4%B1.&text=Pepper%2C%20kitlesel%20pazara%20%C3%A7%C4%B1kan%20ilk%20sosyal%2C%20insans%C4%B1%20robottur. General Data Protection Regulation - https://gdpr-info.eu/ (15:10) – Kişisel verilerin toplanması konusunda rızamız! (17:50) – Ücretsiz kullanılan uygulamaların sakıncaları neler? https://www.clearview.ai/ (23:00) – Robot Yargıçlar hakkında… AB Yapay Zeka Yasası - https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai Yüz tanıma sistemleri (35:00) – AB Yapay Zeka ve kurallar konusunda neden bu kadar hassas? (38:00) – Robot Yargıçlar kitabı hakkında… Robot Yargıçlar var mı? Chat GPT Prompt Kullanımı (45:00) – Son sözler ve kitap önerisi Robot Yargıçlar - https://www.amazon.com.tr/Teknoloji-Hukuk-Dizisi-Yarg%C4%B1%C3%A7lar-Teknolojinin/dp/9750278275/ref=sr_1_1?__mk_tr_TR=%C3%85M%C3%85%C5%BD%C3%95%C3%91&crid=2PYA4G7U6KEI&dib=eyJ2IjoiMSJ9.aBXEv7saMeZeYhIhvpntcA.9nL4yAdl47QwFmfx-Nkk9FPY-ExMZIaONRZDLCnRVrE&dib_tag=se&keywords=robot+yarg%C4%B1%C3%A7lar&qid=1718220749&sprefix=robot+yarg%C4%B1clar%2Caps%2C69&sr=8-1 Değişen Kainat Teorisi - https://www.goodreads.com/book/show/108621673-degisken-kainat-teorisi?ac=1&from_search=true&qid=jGGih9WWQF&rank=1 (49:28) - Kapanış Dr.Gizem Gültekin-Várkonyi https://www.linkedin.com/in/gizem-g%C3%BCltekin-varkonyi/?originalSubdomain=hu Sosyal Medya takibi yaptın mı? Twitter - https://twitter.com/dunyatrendleri Instagram - https://www.instagram.com/dunya.trendleri/ Linkedin - https://www.linkedin.com/company/dunyatrendleri/ Youtube - https://www.youtube.com/c/aykutbalcitv Goodreads - https://www.goodreads.com/user/show/28342227-aykut-balc aykut@dunyatrendleri.com Bize bağış yapıp destek olmak için Patreon hesabımız – https://www.patreon.com/dunyatrendleri
Foundations of Amateur Radio Today I want to talk about something that might feel only tangentially related to our hobby, but it likely affects you. Recently the ARRL announced that it was "in the process of responding to a serious incident involving access to our network and headquarters-based systems". A day later it sought to assure the community that the "ARRL does not store credit card information" and they "do not collect social security numbers" and went on to say that their "member database only contains publicly available information". Five days after that it's "continuing to address a serious incident involving access to our network and systems" and that "Several services, such as Logbook of The World(R) and the ARRL Learning Center, are affected.", but "LoTW data is secure". Over a third of the latest announcement, more than a week ago, was to assure the community that the July QST magazine is on track but might be delayed for print subscribers. Regardless of how this situation evolves, it's unwelcome news and much wider reaching than the ARRL. LoTW, or Logbook of The World, is used globally by the amateur community to verify contacts between stations. The IARU, the International Amateur Radio Union, is headquartered at the ARRL office. I've been told that I should have empathy and consider that the ARRL is only a small organisation that may not have the best of the best in technology staff due to budget constraints and finally, that LoTW being down for a few days is not going to kill anyone. All those things might well be true and mistakes can and do happen. The ARRL has been in existence for well over a century, bills itself as the answer to "When All Else Fails" and has even registered this as a trademark, but hasn't actually said anything useful about an incident that appears to have occurred on the 14th of May, now over two weeks ago. By the way, that date is based on the UptimeRobot service showing less than 100% up-time on that day, the ARRL hasn't told us when this all occurred, it didn't even acknowledge that anything was wrong until two days later. This raises plenty of uncomfortable questions. What information did you share with the ARRL when you activated your LoTW account? For me it was over a decade ago. I jumped through the hoops required and managed to create a certificate. What information I shared at the time I have no idea about. As I've said before, I do know that security was more extreme than required by my bank, even today, and the level of identification required was in my opinion disproportionate to the information being processed by the service, lists of amateur stations contacting each-other. Something to take into account, on the 30th of October 2013, Norm W3IZ wrote in an email to me: "Data is never removed from LoTW." - I have no idea how much or which specific information that refers to. If you used the ARRL Learning Center, what information did you share? If you're a member of the ARRL, or you purchased something from their online store, what data was required and stored? Is the data at the IARU affected? What infrastructure, other than the office, do they share? While I've been talking about the ARRL, this same issue exists with all the other amateur services you use. QRZ.com, eQSL.cc, eham.net, clublog.org, your local regulator, your amateur club, your social media accounts, all of it. What information have you shared? Do you have an internet birthday, address and middle name? Recently I received a meme. It shows two individuals talking about life, the universe and everything. They discuss their favourite books, the first movie they ever watched, the name of their pets, what car they learnt to drive in, their interests and other things you talk about when you meet someone new and interesting. The last image of the meme shows the heading: "Security Questions Answered, Welcome Amanda." So, my question is this: What's your favourite colour and your mother's maiden name? Seriously, next time you access a service online, have a look at what data that service has. When you sign up, consider the requirements for the service and how much information that's worth. Do you really need to send your birthday, your gender and your physical address with a copy of your passport or another government approved identity document? If you're being asked for the name of your first pet, consider answering something unique. In my case, I generate a random string of characters to use as an answer for each security question. The ARRL "incident" is the tip of the iceberg. This problem is't going away, it's only going to get bigger and happen more often. Final observation. With the potential of a global shopping list for thieves coming out of the database at the ARRL, will you be sharing your station address next time and if you're subject to the GDPR, the General Data Protection Regulation, perhaps it's time to ask your online service providers just exactly what they're doing to protect your information, and that includes the ARRL. I have sent two emails to the ARRL in relation to these questions, but have yet to receive an acknowledgement, let alone answers. By the time this reaches you, perhaps the ARRL has answers to my questions and more. I'm Onno VK6FLAB
Richart Ruddie is the Founder of Captain Compliance, a data security company helping businesses operate in compliance with regulations related to data privacy and security. He is a Strategic Advisor at BRANDefenders, a digital marketing company that offers numerous branding services. Richart has founded multiple online marketing, SEO, and reputation management businesses, including Alpha Paw, Class Updates, and The Reputation Management Company. He has also been featured in Entrepreneur Magazine, Forbes, The Wall Street Journal, and more. In this episode… Ensuring compliance with the General Data Protection Regulation is essential for the success of any business, as violations of privacy laws can lead to hefty fines. However, navigating the intricate web of regulations can be daunting for organizations of all sizes. According to compliance expert Richart Ruddie, the constantly evolving regulations have made taking control of online privacy and ensuring compliance a significant challenge for many brands. Compliance requirements range from data retention policies to cookie compliance, and companies are struggling to find the right solutions to obtain user consent. Richart shares his journey of building a compliance and data security company to provide clients with the knowledge and tools they need to navigate compliance requirements. In this episode of the Quiet Light Podcast, Pat Yates sits down with Richart Ruddie, Founder of Captain Compliance, to discuss data privacy and compliance. Richart shares how he got into the field, data privacy and compliance for ecommerce brands, the services Captain Compliance offers, and website cookies compliance and consent.
Keigh-Lee Paroz is a U.K. based data privacy expert who is deeply passionate about human rights, accessibility, gender equality, and the ways in which technology can influence all three. This week, she's joining Wolf and Stef to explain Europe's General Data Protection Regulation and how better security practices can build a better world. Show Notes
In this week's episode, we take a look at five book marketing tactics that readers hate, along with five ones they usually enjoy. I also take a look at my advertising results for January 2024. For this Coupon of the Week we're doing one of my older books, specifically the entire TOWER OF ENDLESS WORLDS series. If you use this coupon at my Payhip store, you can get 50% all the ebooks on the entire series: WINTERTOWER The coupon code is valid until February 22nd, 2024. So if you're looking for something to read, we've got you covered! TRANSCRIPT 00:00:00 Introduction and Writing Updates Hello, everyone. Welcome to Episode 186 of The Pulp Writer Show. My name is Jonathan Moeller. Today is February the 2nd, 2024. Today we're going to talk about five marketing tactics that readers hate. We'll also discuss my ad results for January 2024 and have an update on my current writing projects and have it a reader question or two in the mix. As a side note, this is the first time ever I am recording this podcast on Windows 11. I finally upgraded my desktop computer to Windows 11 in an effort to solve a driver problem that I've been having. It was something with my video driver where it had stopped receiving or the manufacturer had stopped putting out updates for Windows 10 but Windows 11 drivers were available. I've been putting that off for like two years, but I finally thought, well, nothing else has worked. Let's try and upgrade this desktop to Windows 11 and I'm pleased to report that it seems to have in fact fixed my video driver problem, so I am pleased with that. Hopefully it won't totally screw up the recording of this podcast, but I can see the file increasing in size as I record this, so I assume that it is in fact being successfully recorded. First up, let's do Coupon of the Week and this time we're doing Coupon of the Week for one of my older series, specifically the entire Tower of Endless World Series now that we finally have those up on Payhip. The problem was I had created those ebooks way back in 2012 when the software wasn't quite as nice, so I wasn't happy with the formatting, so it was a side project over a week or two to rip apart the formatting and get them all uploaded and you know looking nice, but that's done. If you use this coupon at my Payhip store you can get 50% off the ebooks in the entire series and that is WINTERTOWER and that will be WINTERTOWER, again, that's WINTERTOWER and you can find that in the show notes, along with links to the ebooks on the store. This coupon code will be valid until February 22nd, 2024. So if you're looking for something to read, we have got you covered. Now here is where we are at with my current writing projects. I am almost done with the Sevenfold Sword Online: Leveling, the second book in My Sevenfold Sword Online Lit RPG series. I just have a couple more scenes to write in the last chapter and then I need to write the epilogue and then the rough draft will be done. It will be about 90,000 words or so. I haven't decided if it's going to be a long series yet or not, because as I've mentioned before on this show, the first book did not do as well as I'd hoped, and with a year's worth of sales data, now I think it's pretty conclusive the market for LitRPGs is pretty much entirely in Kindle Unlimited and audiobook. So I'm hoping to have a audiobook for this soon after it comes out and I'm going to see how the book does and after the first 30 days I will decide whether it will be a trilogy with everything wrapping up with the third book, or if it's going to be a longer series, if it's viable to continue writing it, or if I should just wrap it up with the trilogy and move on. So that will be determined within 30 days after the book is out. After Sevenfold Sword Online: Leveling is published, my next main project will be Ghost in the Veils and I'm actually 2,000 words into that. That will be the second book in my Ghost Armor series and that will hopefully be out before April because April is when the recording slot for that to become an audiobook is scheduled and I really, really need to have it done by that. I'm also about 22,000 words into Wizard Thief, which is the sequel to Half-Elven Thief back in December and that will come out sometime after Ghost in the Veils, probably not that long after Ghost in the Veils, because I'm pretty far into that book. Since I mentioned before December 2023 was my best month ever for self-published audio, I should probably mention where I'm at with audiobooks. Right now, recording for Shield of Storms is underway and hopefully that should be out sometime in March, if all goes well. So that's where I'm at with my current writing projects. 00:04:10 Reader Question Now we have a reader question this week from Nico, who asks: Hi, Jonathan. I have read several of your books on Audible (I suppose means he's listened to several books on Audible). Now I'm starting the Frostborn saga. Some time ago I committed a mistake and read the Dragontiarna saga without reading the previous sagas, now I'm starting Frostborn, but it is constantly mentioning Ridmark's, previous adventures and I cannot find any books of this and I really don't want to make the same mistake as Dragontiarna. Well, first thing, thanks for listening, Nico. I'm glad you're enjoying all those audiobooks. I think what Nico is asking is what is the proper order to listen or read the Ridmark and Andomhaim stories because it seems like he started with Dragontiarna and then went back to the older series. I have to admit, when I wrote these I had in mind that they would each be stand alone and readers could read the series or whatever order they like, but I found in practice after almost 11 years of doing this, that that is not the case and people prefer to read everything in order. The proper order of the series is first the Frostborn series, second the Sevenfold Sword series, third the Dragontiarna series, fourth the Dragonskull series, and now fifth the Shield War series, of which Shield of Storms is the first book. Anything that Ridmark mentions about his previous adventures early in the Frostborn series is not something I've actually written. It's all like a back story to his character at that point that I haven't actually written, whereas if you're reading from Ridmark's perspective in Shield of Storms, and he mentions his previous adventures at that point, there's a good chance that this is referencing events that happen like Frostborn or Dragontiarna or Sevenfold Sword. As I mentioned, I did intend for each of these series to be entirely stand alone, but in practice it actually hasn't worked out that way. Though I am grateful that people keep reading them. 00:06:08 January 2024 Ad Results Now, since it's the start of February and we're a couple days past the end of January, let's see how my ads did for January 2024 because, like it or not, if you're selling something online, digital advertising is an inescapable part of your business model for most people. As usual, I advertised on Facebook, Bookbub, and Amazon. We'll go through that list in that order. First up, my Facebook ads. For Cloak Games and Cloak Mage, I got back $4.22 for every dollar I spent and 8.5% of the profit came from the audiobooks, which was a big improvement from past months. For the Ghost series, I got back $4.36 for every dollar I spent and 15% of the profit came from the audiobooks, probably because there's a lot more of them. Next up is the Bookbub ads. I've only been advertising Frostborn there, though I might expand that to include the Silent Order series in February and March. For Frostborn, I got back $6.14 for every dollar I spent, with a whopping 49.9% of the profit from the audio. So I very nearly made more from the Frostborn audiobooks than I did from the ebooks in January 2024. Now on to Amazon ads. I tend to target Amazon ads for individual books rather than series. In this case, Dragonskull: Sword of the Squire got back $2.05 for every dollar spent, with 44% of the profit coming from the audiobook. Sevenfold Sword: Creation, which I've been advertising in preparation for Sevenfold Sword Online: Leveling, got back $2.46 for every dollar spent, with 46% of the profit coming from the audiobook. Half-Elven thief, which currently has no audiobook, got back $3.27 for every dollar spent and finally, Silent Order Omnibus One back $15.60 for every dollar spent. I strongly suspect this was an anomaly due to Silent Order: Iron Hand having a big spike in free downloads for the month of January. So once again, we see that having audiobooks makes it a lot easier to generate a profit on ads, especially if you have a completed audiobook series. Of course, as we all know, the effort and money to get to a completed audiobook series is immense. I suspect that's why AI audio is so alluring to people. Of course, in my opinion, it's a false allure, since I suspect the vast majority of listeners have gone from passively to actively hating AI audio and will actively avoid it, save for circumstances like it's the night before your econ or biology final and you have to drive 12 hours, so you might as well have your phone read the PDF file of your textbook aloud to you, that kind of thing. People do seem to be a bit more forgiving of AI audio in certain nonfiction scenarios like that. But overall, it seems like the listener base for audiobooks still strongly prefers human narrated audiobooks. If you are thinking about doing AI narrated audiobooks, probably should proceed with caution there. So as always, thanks to everyone who bought or listened to my books in the month of January 2024. Since we were just talking about ads, that seems like a good way to segue to our main topic this week: 5 marketing tactics that readers don't like. 00:09:29 Main Topic: 5 Marketing Tactics Readers Don't Like As I mentioned earlier in the show, online marketing is an inescapable fact of selling things online. If you are selling anything online, be it books or cosmetics or machine parts or nails or anything else, at some point, you're probably going to have to do some online advertising. However, the point of advertising is not to annoy people. The point of advertising is to introduce your product or service to people who would benefit from using your product, your service, people whose lives would be better for having you as your product or service. As authors, we want to introduce our books to people who will read them and enjoy them and have you know, perhaps the troubles of their lives momentarily lightened as they are able to read a book and enjoy an adventure story and take their mind off their troubles for a little while. That is the purpose of online advertising: to get your books in front of the audience that will appreciate them. Now where this goes wrong is if you are using marketing tactics that are annoying. We can all think of examples of very annoying marketing tactics. In the Internet age, the pop up ad is one. If you go on the radio, the ads where the guy talks really fast about used cars and then he has a long disclaimer at the end. On TV or Internet videos, those ads for a pharmaceutical product that sounds like the villain from a Doctor Who episode in the ‘70s like Vondacraz, and how the end of the commercial if you take Vondacraz, there's a list of like 40 seconds of side effects, ranging from horrible tortures to death. Those commercials are also annoying. For books specifically, there are different things you can do in marketing that turns out to annoy your readers, which again is defeating the purpose of advertising. The purpose of advertising is to get your book in front of the audience that will benefit from or enjoy from reading the book. It's not to annoy the reader. Annoying the reader is a failure of advertising. So with that in mind, we would, we're going to take a look at five marketing tactics that readers don't like and then five ones that they do like. So let's start with the five marketing tactics readers don't like, number one among them is when every Tweet/post/newsletter from an author is an ad or promoting the next book. You can all think of examples like that, where you go on an author's Twitter feed or Instagram feed or Facebook feed and it's nothing but a wall of links advertising in their book. There's no interesting content there, nothing amusing, not even, you know, funny memes. It's just an endless wall of text of links leading to the book and that is both boring and annoying. If you follow an author on social media and then their feed is nothing but “buy my book, buy my book, buy my book” it's very quickly going to be annoying and you're going to unfollow that author pretty quickly. A subset of this problem is where the author doesn't actually engage with readers on any of these platforms. I get a lot of Facebook comments on my Facebook page and I try to at least like all of them and you know respond to them when appropriate. And so I try to keep up with that. I'm not perfect but you know, I make good faith effort doing it. But if you never engage with anyone on your social media platforms, then what's the point of having a social media platform? Frequency and aggressiveness of promo is also a huge turn off for readers. Aggressive, in your face sales tactics might work in a very limited number of fields, though I can't think of any of them, and they definitely don't work in books and selling books. If you get too aggressive, that is a huge turn-off for readers and they will go elsewhere. So that is also something to avoid. Our second marketing tactic that readers don't like our book marketing/ blurbs that don't work. What do we mean by that? One thing is book marketing or a blurb that gives away too much of the plot. Like if you're advertising a murder mystery and the ad gives away the ending, there's really no point in reading the book now, is there? So you will want to avoid that. Another thing is low energy copy where the book description or the text in the ad is just boring and drags and this is clear evidence that copywriting is a distinct skill from writing interesting fictional prose. So this is why doing a little bit of copywriting and practicing it and maybe taking like a, you know, short course online course on it isn't necessarily the worst idea for an author. Too many cliches strung together as a substitute for book copy, like for example “a sparkly friends to lovers, cozy fall young adult romance for fans of the Gilmore Girls, Happily Ever After guaranteed.” That is just a string of cliches joined together, and that is also boring ad copy. Finally lazy ad copy that doesn't actually reflect the desired audience but just tries to grab the latest buzzwords like “Game of Thrones meets Harry Potter meets The Hunger Games.” What does that even mean? Game of Thrones and Harry Potter and Hunger Games are all very distinct books that are very different from one another. The only remotely tenuous connection between Game of Thrones and Harry Potter is that both had magic, though the magic of Game of Thrones is way different than the magic in Harry Potter and Hunger Games isn't fantasy at all. It's basically dystopian science fiction. So you can see how joining together those different books into “Game of Thrones meets Harry Potter meets Hunger Games” is a very ineffective marketing tactic. The third ineffective marketing tactic is poorly targeted ads/poor category choices, like a nonfiction book with ads targeted for genre fiction. This used to be a fairly serious problem on Amazon where someone would have the bright idea of putting their, for example, their romance novel in a very specific nonfiction category like custom woodworking. Amazon has a lot of little niche nonfiction categories like that, where there are a lot of specialist nonfiction that tends not to sell very much and only a few people who are interested in their specialist nonfiction. So what happened is like this romance author would put his or her book into specialist woodworking and then, you know, sell 2 copies there and you're number one in the category. Then this author could go around boasting and saying, “hey, my book is number one in its category in Amazon,” even though it's in totally the wrong category and it's in a category of again specialist nonfiction where you only need to sell like you know two or three copies in a week to get to #1. Amazon eventually cracked down hard on that. So if you are publishing your book now, you'll definitely want to make sure it is in categories that at least correspond somewhat with reality. This is also important in advertising because very often new authors, when they try to advertise, will be like, well, I want to advertise my book to everyone who's interested in books, and that is way, way too broad. The number one rule of thumb in digital advertising is that the more narrowed down you can get on your audience, the better your results are going to be. I write epic fantasy for the most part, and when I ever has my epic fantasy books on Facebook, I try to narrow the interest down as much as possible to like you know, people who have read George R.R. Martin, Robert Jordan, Brandon Sanderson, J.R.R Tolkien books in the United States and then I will use a very specific audience like that. Where this can really go wrong is if you are advertising your book to totally in the wrong audience, like for example you have written a really dark and gritty horror thriller and you're advertising it to an audience that enjoys reading happily ever after clean romance. The disconnect will be immense and you will, at best you'll just waste your money and at worst, you'll waste a bunch of money and get a lot of negative reviews. So that's why it's important to dial down your audience in your digital marketing as much as possible, as specifically as possible, because you're much, much more likely to get a better result. The fourth ineffective tactic we'll discuss today is relying on things that used to work but are now obsolete or way less effective than other things a writer could do instead. Add most of these tactics are the expectation that the reader will be the one making the effort, which is a bad idea. You want the process of buying your book to be as smooth and frictionless as possible, to use another common ecommerce term. One example of something that might have worked once but doesn't anymore is book signings as a beginning/niche author. I've never done an official book signing in the (how long has it been now?) in the 13 years I've been an indie author and the 11 years I've been working on Ridmark books, I have never once done an official book signing and I do not think the lack of that has hurt me in any way because it's such an ineffective way to sell books. It's an enormous amount of energy to travel around, haul your books around with you, set the table, network with bookstores and so forth, and at best, you might sell one or two copies. Now, this is different for, you know, really big name writers like, you know Stephen King or Nora Roberts or Brandon Sanderson. They can do a book signing and expect to have a reasonable number of people. But even still it's still a lot of work because, you know, both Stephen King and Nora Roberts are both over seventy I believe, and not that interested in doing a lot of travel anymore. And even Brandon Sanderson, who isn't even yet 50, even after COVID did a lot less traveling, and now just has his yearly convention in Utah. I think it's called the Dragonsteel Convention, where his fans can come and, you know, do the book signing experience and the convention experience. and he doesn't have to travel around the country, because that is definitely something exhausting to do. I'd say book signings, except for very specific and very limited circumstances, are generally a waste of time. Another thing that used to be effective, but is not anymore in the year of our Lord 2024, would be blog tours, where you go around to different people's blogs and give interviews and such like. Blogs are still out there. People still read blogs. I have a blog on my website I post on pretty regularly with writing updates. But as for marketing and selling books, it is really just a waste of time. You might sell one or two if you're lucky, but that would be too much work. Another one that used to work but probably doesn't anymore is giveaways with complicated rules and multiple steps. Amazon has been in a lot of lawsuits involving its software patent on one click shopping. The reason Amazon is Amazon/has grown to such size and success is because it's made e-commerce experience as seamless as it can be, which is a lot harder to do than it looks. You can buy a ton of stuff on Amazon and all you really need to do is just click that on the Buy Now button and so long as your credit card on file is current, Amazon will ship you a bunch of stuff or send you Kindle ebooks or music or whatever to your digital account and then you're good to go. In fact, that's one of the rules for people who are setting up their e-commerce sites. You need to make the experience as smooth and seamless as possible because the more steps there are between the person deciding to want to buy the book and actually making the payment, the more likely they're going to say “this is too much hassle” and drop out. The one exception I'd say to this is when you're setting up your newsletter, you do need to send a confirmation e-mail and this is automated with most mail providers. You do need to send that confirmation e-mail for what's called double opt in, because the European Union says we have to with the General Data Protection Regulation that they did a couple of years ago, so that would be a necessary step of extra complication that basically boils down to “the government says you have to.” But other than that, you should try and make any sales or any giveaways you do as seamless as possible. Another thing that may have worked once upon a time but does not is Kindle lockscreen ads. If you have a Kindle e-reader or Kindle Fire tablet, you'll know that when you power it up, you usually have an ad on the lockscreen for a book or something and you can tap on it and go to the book. I have never heard of anyone having good success with those. And I strongly suspect the reason is because they're annoying. I mean, when you pull out your Kindle, you want to go read whatever book you're currently reading. You don't want to get distracted with whatever else it is, and you just want to swipe the Kindle lockscreen ad either way, as fast as possible so you can get to your book. So Kindle lockscreen ads are also something I would review avoid. The fifth and final ineffective tactic I would say is too many advanced reader reviews. They can come across as inauthentic or sponsored. For a while, some authors were doing with their advanced readers something saying “Hey, here's your advanced copy of the book. Be sure to leave your review, and here's some sample text for you can copy and paste for your reviews.” Doing too much of that comes off as inauthentic and it seems like you might just be as well hiring bots to leave reviews for your books, so it's probably best to avoid that. 00:23:31 Five Marketing Tactics Readers Tend to Like No, we don't want to be all negative here, so let's flip the coin around and come to five marketing tactics that readers tend to like. Number one: behind the scenes about the process of writing (typical day) or steps to put out a book. I do this pretty frequently on my Facebook and website where I'll say you know, this week I wrote X number of words of Sevenfold Sword Online or today I worked on making the cover for this book or listened to the audiobook proof or did this or that related to writing. That usually is a good engagement because the main reason most people ( if you are an indie writer), the main reason most people come to your website and social media is to find out when the next book is coming. And so if you talk about how you're working on the next book, that is pretty good social media content right there. Number two: humor and genuine engagement with the audience. Humor is subjective, so a low hanging fruit content for humor would be memes. I do enjoy a good Star Trek or Star Wars meme and you know, post them every so often, not every day obviously, because that would get excessive. But occasionally when I can't think of anything else to say, I fall back to a good old Star Wars meme. I do try to reply to comments. It's a good idea to do that. I don't get every comment because there's a lot of them. But if you make a good faith effort to reply to them, and you know at least engage with people, that is good. One thing I definitely do is when I have a new release day and post a link to the book, I do try to reply to everyone and thank everyone who says they bought the book that day. It does take a bit of time to do that, but since someone is spending actual hard currency on your book, it seems only proper to thank them for doing so. Number three would be bonus content like cut scenes or bonus chapters or scenes from alternate character perspectives, or extra information about the books that way. The way I implemented that is the short stories I've written where a lot of the short stories, in fact most of the short stories are not vital to the main plot of the books, but are sort of like DVD extra scenes and then I give them away to my newsletter subscribers, which is very good for newsletter engagement and people do very much enjoy the free short stories because people always like free stuff. Number four would be eye-catching covers and ads that fit the genre well. That is something that either comes with practice if you do your own covers or you need to pick a good cover designer and explain exactly what you want. Your book cover (when you have a book cover) has three missions and has to convey them all in under a second. And it has to..in under a second, a reader should be able to look at your book cover and see what the title is, what the author is, and what the genre is. If your cover meets all those missions and it looks decent, it is a good cover and it's meeting the mission of a book cover. If it doesn't do any of those things, it's time for a rethink. And finally, the fifth and perhaps best marketing tactic of all is word of mouth, where people hear about your book within communities they already engage in regularly and are intrigued enough to go take a look at it. This is something you can't force. People have tried. It usually doesn't work, or if they get away with it for a little while it, tends to backfire. But word of mouth is a huge thing, and it's something that can only happen organically and over time, where people recommend your book to their friends or their other members of their online community on Facebook groups or Reddit or whatever. So there you have it: five marketing tactics that readers hate, and five marketing tactics that readers tend to like. So that's it for this week. Thanks for listening to The Pulp Writer Show. I hope you found the show useful and a quick word of thanks to my transcriptionist, who, in addition to transcribing in this episode, also help me pull together the research for it. I'll remind you that you can listen to all the back episodes on the show on https://thepulpwritershow.com. If you enjoyed the podcast, please leave a review on your podcasting platform of choice. Stay safe and stay healthy and see you all next week.
Helen Dixon is Europe's most powerful privacy regulator. As the head of Ireland's data privacy watchdog, she has overseen the largest investigations to date into tech companies for violations of the EU's landmark General Data Protection Regulation. But next month, she is leaving the role after nearly a decade. On POLITICO Tech, reporter Clothilde Goujard talks with Dixon on her way out the door.
One of the primary challenges is the potential for AI to be used to violate privacy. What risks does AI create? Does it create privacy risks? How do we solve these challenges? How can organizations embrace privacy? These are the questions that our guest today who is a senior data protection consultant at White Label Consultancy and previously worked for other data protection consulting companies will discuss. KEY CONVERSATION POINTS Define AI in one word Generative AI Large language models AI and privacy How can companies embrace AI challenges Do you use AI personally ABOUT THE GUEST Federico Marengo is senior data protection consultant at White Label Consultancy and he previously worked for other data protection consulting companies supporting the implementation of privacy programs in organisations and as an external DPO. He is a lawyer, master in public administration (University of Buenos Aires), LLM (University of Manchester), and PhD (Università Bocconi, Milano). He is specialised in the legal and privacy challenges that AI poses to the rights of data subjects and how companies can comply with data protection regulations and use AI systems responsibly. This is also the topic of his PhD thesis. He is the author of “Data Protection Law in Charts. A Visual Guide to the General Data Protection Regulation“, e-book that provides visualisations of the GDPR to make the mandatory texts more comprehensible, and "Privacy and AI. Protecting Individuals in the Age of AI", where he addresses the legal and privacy issues raised by AI in relation to data subjects and provides recommendations to companies to remain compliant. The books are available in digital format and in paperback (Amazon). ABOUT THE HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy. Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Websites www.fit4privacy.com , www.punitbhatia.com, https://www.linkedin.com/in/fmarengo/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy --- Send in a voice message: https://podcasters.spotify.com/pod/show/fit4privacy/message
Jennifer Mitchell is a Partner and the Head of Privacy Governance and Technology Transactions at Baker Hostetler, a law firm specializing in digital risk advisory and cybersecurity, blockchain and digital assets, financial services, and more. Jennifer's law career spans over 15 years with legal, compliance, and operations expertise. At Baker Hostetler, Jennifer provides business solutions to uphold evolving US state privacy laws in compliance with the General Data Protection Regulation, HIPAA, and California Consumer Privacy Act. In this episode… The amended California Consumer Privacy Act defines employees as consumers. So what does that mean for employee privacy rights? The CCPA affects employee rights by requiring employers to implement security measures to protect employees' personal information. These measures include implementing data security policies and procedures, conducting regular security audits, and training employees on data security best practices. Privacy lawyer Jennifer Mitchell explains that CCPA gives workers the right to request their employers disclose the personal information employers have collected about them. This gives employees the freedom to either opt out of selling their data or have their information deleted from their employer's records. Additionally, CCPA prohibits companies from discriminating against employees who request their rights. Join Jodi and Justin Daniels in today's episode of the She Said Privacy/He Said Security Podcast, where they welcome Jennifer Mitchell, Partner at Baker Hostetler, to discuss employee privacy under the California Consumer Privacy Act. Jennifer discusses the difference between “right to know” and “right to delete,” opportunities for employee privacy rights to build relationships between companies and employees, and how company employee monitoring may potentially violate employee privacy rights.
AI Today Podcast: Artificial Intelligence Insights, Experts, and Opinion
In this episode of the AI Today podcast hosts Kathleen Walch and Ron Schmelzer define the terms Anonymization, General Data Protection Regulation (GDPR), Uncanny Valley, explain how these terms relate to AI and why it's important to know about them. If you're not familiar with the General Data Protection Regulation (GDPR) is a European Union regulation focused on data protection and privacy first published in 2016. Continue reading AI Today Podcast: AI Glossary Series – Anonymization, General Data Protection Regulation (GDPR), Uncanny Valley at Cognilytica.
Al Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al's experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.
In this episode of the I Can't Sleep Podcast, fall asleep learning about GDPR. What is GDPR? Funny you should ask. It's... wait, you'll have to listen to the episode to get that answer. Just know that it's super boring and you won't have long to learn about it because you'll be asleep. Good luck with this one. Happy sleeping! DoorDash Get 50% off up to $20 and zero delivery fees on your first order when you download the DoorDash app and enter code ICANTSLEEP. BetterHelp Visit BetterHelp.com/icantsleep today to get 10% off your first month HelloFresh Go to HelloFresh.com/50icantsleep and use code 50icantsleep for 50% off plus free shipping! Ad-Free Episodes Want an ad-free experience? Follow this link to support the podcast and get episodes with no ads: https://icantsleep.supportingcast.fm/ Jupiter CBD Oil Save 20% off your first purchase by entering GETSLEEP upon checkout, or click here: https://www.getjupiter.com/share/icantsleep SleepPhones Follow this affiliate link to purchase headphones you can fall asleep with: https://www.sleepphones.com/?aff=793 then enter the code ICANTSLEEP10 at checkout to receive a discount. This content is derived from the Wikipedia article GDPR, available under the Creative Commons Attribution-ShareAlike (CC BY-SA) license. The article can be accessed at https://en.m.wikipedia.org/wiki/General_Data_Protection_Regulation. Learn more about your ad choices. Visit megaphone.fm/adchoices
What are the 17 United Nations Sustainable Development Goals? What are the biggest challenges in pursuing and achieving those goals? How does technology play a role? And what's the best way for government, academia, and industry to cooperate and collaborate in support of fundamental research? We will learn those answers and more in this episode with Declan Kirrane, the Chairman of the Science Summit at the United Nations General Assembly, and founder and managing director of ISC Intelligence in Science. Declan has more than 25 years of experience as a global senior advisor to governments and industry on science research, science policy and related regulation. He has been actively promoting a more significant role for science within the context of the United Nations General Assembly since 2010. This has culminated in the annual Science Summit within the context of the UN's General Assembly. The focus of the Summit is on the role and contribution of science to attain the United Nations Sustainable Development Goals – or SDGs. The current edition – UNGA78 - takes place from September 12-29, and will bring together thought leaders, scientists, technologists, policymakers, philanthropists, journalists, and community leaders to increase health science and citizen collaborations to promote the importance of supporting science. And we are thrilled that Oracle will be part of the Science Summit with a few of our executives speaking and attending, including Alison Derbenwick Miller, global head and VP of Oracle for Research. -------------------------------------------------------- Episode Transcript: http://traffic.libsyn.com/researchinaction/Research_in_Action_S01_E19.mp3 00;00;00;00 - 00;00;22;29 What are the United Nations Sustainable Development Goals? What are the biggest challenges in pursuing and achieving those goals? And what's the best way for government, academia and industry to cooperate and collaborate in support of basic research? We'll get the answers to all this and more on Research in Action. 00;00;23;02 - 00;00;49;08 Hi, and welcome back to Research and Action, brought to you by Oracle for Research. I'm Mike Stiles and today's distinguished guest is Declan Kirrane, who is the chairman of the Science Summit at the United Nations General Assembly and the founder and managing director of ISC Intelligence and Science. And we're talking to a guy with more than 25 years of experience as a global senior advisor to governments and industry on science research, science policy and regulation around science. 00;00;49;10 - 00;01;17;07 Declan has been promoting a bigger role for science in the context of the U.N. General Assembly since 2010, and that's led to an annual science summit that focuses on the role and contribution of science to reach the United Nations Sustainable Development Goals or SDGs. The current edition UNGA 78 is happening September 12th through 29th and will bring together thought leaders, scientists, technologists, policymakers, philanthropists, journalists and community leaders. 00;01;17;09 - 00;01;37;02 We'll talk about increasing health science and citizen collaborations and why it's important to support science overall. Now, Oracle's actually going to be part of that science summit a few of the executives will be there speaking, including Alison Derbenwick Miller, who's global head and VP of Oracle for Research. Declan, thank you so much for being with us today. 00;01;37;08 - 00;01;58;13 Thanks, Michael. Great to be here. Thank you for the opportunity. Delighted to be here. What we want to hear all about the science summit at the U.N. General Assembly. But before we go there, tell me what got you not just into science, but science policies and your role in creating this summit? Well, first is, I suppose, the simple answer to that is happenstance. 00;01;58;13 - 00;02;21;10 I have to tell you, it was not planned. My primary degree is the history of art. And then I did law and probably needed a job after all of that. And then as a lot of people did in the late, late eighties, emigrated to the U.S. of A and on the basis that there was nothing going on in Ireland. 00;02;21;10 - 00;02;51;23 So opportunity beckoned and therefore from that worked on Wall Street and at a boutique mutual fund company. And then between one thing and another, I ended up in a in a boutique similar boutique company in Paris. And from that to Greece and from that, I got into more consulting side of things and from that started working for global multilateral bodies such as the World Bank and the IMF on a contract basis. 00;02;51;23 - 00;03;23;25 And then from that got more into telecoms and from that into into science coming out. And I suppose from the area of telecoms, infrastructure and data rather than, if you like, a bank scientist. And I suppose my history of art background gave me a wonderful perspective on policy, at least that's what I argue. And, and from that I got very interested and from the insights, but partly because the European Commission invited me and a couple of others to set up a dissemination service. 00;03;23;25 - 00;03;57;19 It's called Cordis. Cordis and the Cordis Information Service was designed by the European Commission to provide information on ongoing collaborative research and to provide information on publicly funded research opportunities in the course. The reason the European Union did that was to was to ensure that the information resulting from funding they're providing reached a very, very wide audience. So my job was to to do that and we built that out and that brought me into the area of science policy. 00;03;57;22 - 00;04;27;19 And I gradually began to understand the huge importance of science policy. And of course, 20 years ago science policy was not a thing, you know, it doesn't really exist in terms of policy making headlines, but it gradually came to be and as you know, it's it's part of the lexicon now. A lot of governments around the world have science policy priorities, and it's recognized as a driver for economic development and global competitiveness and driving solutions to global challenges. 00;04;27;19 - 00;04;51;05 So sciences is a thing, but 20 years ago it wasn't. So it's a relatively recent and I began quickly to appreciate the policy dimension of that, and that led me to work on policy that led me to understand policy mechanisms. And, you know, from my standpoint, I mean, there's no point in looking at some global challenges or many global challenges from a national perspective. 00;04;51;12 - 00;05;21;24 Really, it has to be global, it has to be international. That led me to engage with the United Nations. And from that, we just started to build from, as you say, from 2010, to start to build, engage with nations. And I really want to stress these were designed to be very, very simple to present not to a scientific forum, but to the U.N. for it to the mother ship, to the General Assembly, to diplomats, to policy and political leaders, and show them what science is. 00;05;21;24 - 00;05;43;04 And to give you a practical example, our first meeting was on biobanking. And you know, the main attention, wasn't it? What's biobanking? You see, that's exactly what we want. The want the question we wanted them to ask. And from Matt and that first mission, I think there's about 18 people in the room and we had about four or five diplomats last year at the Science summit. 00;05;43;06 - 00;06;07;02 We had approximately 60,000 participants. We had just under 400 sessions and we had 1600 speakers. So we've come a long way. And that really now is it's it's it's established. But we want to keep promoting. We want to keep science in the eye of the U.N. and we want to ensure that the future recognizes the contribution of science. 00;06;07;05 - 00;06;27;29 That's quite a journey. I think you did just about everything except science. Are you sure you weren't in the circus as well? Yeah, well, it's it's, you know, it's all true, you know, So, yeah, it's it's put a lot of it. Last 20 years has been on primarily on science. Yeah. Well in the intro I mentioned the United Nations Sustainable Development Goals or SDGs. 00;06;27;29 - 00;06;54;00 And our listeners are pretty savvy. They probably know about those, but I'm not savvy. So what are SDGs and how do they speak to global health and humanity in the in the in the mid nineties the the United Nations. And when I say the United Nations, I mean many of the United Nations constituent entities and agencies obviously were very concerned about what we generally call global challenges. 00;06;54;00 - 00;07;18;29 And in the area of health and other forms of well-being, the environment, climate, food security and safety and so on and so forth. And that led to a consensus that there needed to be, quote unquote, you know, how's this for a cliche? We have to do something. So that we have to do something resulted in the Millennium Development Goals, which were, as you can imagine, launched on the year 2000. 00;07;19;02 - 00;07;44;01 And they set forward these goals to to address challenges. And that that 50 years went by pretty quickly. And that then led on to a similar mechanism where you identify a challenge, you define a response to it, and then you allocate specific targets within that and get everyone to sign up to that and off you go now. 00;07;44;03 - 00;08;12;18 So that then that broad approach was repeated for the United Nations SDGs, the Sustainable Development Goals, of which there are 17. And they cover the headlines that you'd imagine between poverty reduction, hunger reduction, improved health, a life below water, life on land, addressing obviously biodiversity, climate and many other areas. And then we're in the middle of these now. 00;08;12;21 - 00;08;45;10 But already the world is turning its attention to the post SDG agenda. And this is where this probably where we are now. The United Nations is organizing the summit of the future September 2024, and that I suppose you could characterize that meeting rather I do as a a banging of heads together because there is a sense of crisis, there is a sense the SDGs are not being achieved, that progress towards the attainment of the SDGs is insufficient. 00;08;45;12 - 00;09;07;19 It is exclusive. It excludes many constituencies, many countries, and again, I won't enumerate them here, but I just present that as as the scenario. So there's now a lot of momentum behind what we know. What do we do next? Why old humble viewers? I don't think it's going to be a if you like, a goals oriented process. I think that's too simplistic. 00;09;07;19 - 00;09;41;01 The world. I think as we found out, is much, much more complex. And I think the issue of inclusion and equity are issues that are present in a way that they were not when the Millennium Development Goals and the Sustainable Development Goals were designed 30 and 50 years ago, respectively. And I think this equity dimension is going to give a far stronger voice to less developed nations. 00;09;41;01 - 00;10;07;05 And just on the back of an envelope calculation, I think if you take the OECD countries and change, you've probably got 30 nations that we could call a developed. And then I suppose the big questions that what about everybody else? And that is becoming a very stark consideration, which was not there. And this needs to be addressed in terms of inclusion and equity to a much, much greater extent than is currently the case. 00;10;07;05 - 00;10;37;01 And arguably then will lead to a more successful approach to whatever succeeds the SDGs, the SDGs. I'm interested in the mechanics behind that because I'm just kind of reading between the lines of what you're saying and it's like for this thing to have true accountability and for these goals to have any teeth at all. There does need to be a someone accountable, be a very good grasp of who the participants are going to be and some form of deadline. 00;10;37;04 - 00;11;01;19 Absolutely correct. Mike And that that was that the plan A the problem with that in in in in a word is it doesn't really work you've so many moving parts you've so many constituencies that it's you know, having this set table of goals and table of targets and allocating milestones know simply doesn't work. Now, why doesn't it work? 00;11;01;21 - 00;11;29;07 I believe in my view it is that many less developed nations don't have the wherewithal to achieve these SDGs. One needs investment, one needs skills, one needs training, one needs cooperation, one is finance. I mean, these are all requirements to make change it, particularly in the area of or particularly in every area. But if you look at health, if you look at energy transformation, if you look at digital transformation, they don't happen without moolah, without money. 00;11;29;14 - 00;11;48;22 So the question is, well, where's I coming from? The answer, I'm afraid, is it's not. And that leaves a lot of they again, when I say lesser developed nations, I mean that is the majority that's 150 nations on the on the on the on a rough calculation. And they're not they don't feel involved. They don't feel they're taken seriously in terms of support for the investment. 00;11;48;24 - 00;12;13;12 And I think they're looking looking at the developed world and they're saying, well, okay, you benefited from carbonized development then and now we're supposed to do on carbonized development and how is that going to work for us? And there's no answer to that. So I think it's extremely complex. And as you say, trying to build consensus around this is extremely difficult because any move forward does require political consensus as very, very hard to get these days. 00;12;13;12 - 00;12;30;16 I mean, you can you can look at Ukraine, you can look at you can look at the Sahel, you can look at many parts of the world where consensus are at a political level. It's very difficult, if not impossible. And then you factor into that, well, how do you then adopt action plans? How do you adopt roadmaps? Again, extremely difficult. 00;12;30;16 - 00;12;54;14 So I in my view, the the SDGs have come a bit unstuck because of the inability of developed nations to provide the necessary wherewithal, including funding. And therefore, of course, the other side of that coin is the inability of of many, many nations to advance those objectives, to achieve the goals that have been set out to reach those targets. 00;12;54;14 - 00;13;32;09 And that simply is not happening. And on SDG eight in the High-Level Policy Forum in July of this year and the the process of reporting on SDH was abandoned for reasons which I think are quite obvious, and no one had anything to report. So I point to that specifically. And also I was with a number of African nation ambassadors for dinner in Brussels two weeks ago, and they pointed out that they've stopped wearing their SDG lapel pins, you see. 00;13;32;11 - 00;13;56;13 And there's two reasons for that. One is in protest at the slow progress towards the SDGs, and secondly, because of, as they see it, their exclusion from the decision making process associated with the SDGs, which, as you can imagine, has a, you know, an annual review mechanism and and and all that sort of stuff. They feel excluded from that. 00;13;56;13 - 00;14;27;04 And my own view is they are for the reasons I've I think I've mentioned or alluded to and this brings this this promotes exclusion and inequity. And again, to repeat this, this wasn't in fashion 50 years ago to the extent that it is today. Now, it is a very, very strong policy and political force. And the institutions, the multilateral institutions that take leadership on these issues now have to find ways to to address that and to build inclusion in a very, very significant and meaningful way. 00;14;27;04 - 00;14;50;08 It's not just the family photo opportunities. It's making sure that these communities, that the stakeholders feel they're involved and they are involved. They're seeing the benefits. And I suppose to that extent, it's it's you know, it's politics as usual. Boy, those those challenges are just huge. It's it's quite an undertaking to to pursue those. But I guess that's what also makes it exciting as well. 00;14;50;10 - 00;15;11;10 Since this show is called Research and Action, we do talk a lot about the need to knock down barriers and support research, but research has several stages from basic all the way through clinical. What is especially important about supporting basic research and getting that right? What are those benefits? I suppose so. Simply put, you know, that's where it all starts. 00;15;11;10 - 00;15;45;05 And when we talk about basic research, we talk about basic research, but I would also call it pre competitive research. So that's a start for, you know, is everybody's friends and everybody is collaborating before they before they apply for a patent or before they discover discover something they can monetize or exploit or innovation in whichever way. And I think a very important aspect of this is the fact that it's by and large government funded, and this gives it a very important dimension, not to mention is seeding the potential for innovation. 00;15;45;07 - 00;16;08;28 And I often reflect that if you if you the government plays a huge role in science and technology. And now I don't have the details in front of me, but, you know, as far as I understand it, about a Tesla Enterprise wouldn't be where it is today without a small business loan from the US government. And of course, Mr. Gates was a beneficiary of government contracts at a very early stage in the development of Microsoft. 00;16;08;28 - 00;16;30;01 So just to point there to the importance of government funding across the board with respect to the government investment in science and technology in the pre competitive space, there's a clear recognition that without a synchrotron or without the government investing in synchrotron or large scale science facilities, then I think we're not going to have stakeholders who can build those. 00;16;30;03 - 00;16;52;12 So it simply simply won't happen. Many, many outcomes I think are evident in terms of the investment and in science and technology. You know, basically we have an advance in knowledge. Basic research seeks to understand the fundamental principles underlying various phenomena. And I think the curiosity driven research around this then leads to much innovation. But of course you don't know that at the beginning. 00;16;52;12 - 00;17;10;28 So I think there has to be a very strong political commitment to Blue skies research. And again, I stress the word political committee because it is a policy decision for a government, any government to invest in pretty competitive research, in science, capacity building, which is predominantly pre competitive and on in there in basic science. So I think that's that's hugely important. 00;17;10;28 - 00;17;34;11 Just to point to the policy dimension, I think that then leads to various innovations and that that that is applying. So you see a very clear narrative between basic research, innovation and applied research. Many groundbreaking innovations and technological advancements have emerged from the discoveries made in basic research. And I think this needs to be spelt out very often when a policymaker gets up in the morning. 00;17;34;18 - 00;17;56;18 That can be a complicated narrative. You know what I want to be getting from this? Why spend vast sums of money on basic research, blah, blah, blah? But I think when you look at the evidence, I think then the case is is compelling. But of course, that needs to be understood continuously, primarily by policymakers. And it does bring long term benefits, The outcomes of basic research might not lead to immediate benefits or applications. 00;17;56;18 - 00;18;25;27 However, these insights often lay the groundwork for future breakthroughs, which could and very often do have significant societal, economic or technological impacts over time. Problem solving is another reason to fund and do basic research educational value. Basic research plays a critical role in educating the next generation or generations, indeed, of scientists, researchers and thinkers. It provides a training ground for students to learn research methodologies, critical thinking and analytical skills. 00;18;26;00 - 00;18;52;06 And these values have multiple applications, multiple applications. And then we have cross-disciplinary insights. I think this is self evident. Basic research often leads to unexpected connections between different fields of study. These interdisciplinary insights can spark collaborations and innovations that otherwise wouldn't come to the fore. Intellectual curiosity, I think, needs also to be highlighted. Then we have the benefits coming from scientific advancement. 00;18;52;10 - 00;19;26;18 So I think Mike, there are many, many, many benefits in that. And I'd just like to point to really one example of basic research. You may not be a follower of radio astronomy or you might be about South Africa won a global competition to build the square kilometer Array telescope, the SKA, and that was a global competition in 2011 against the UK, against Chile, China, Brazil and Canada. 00;19;26;18 - 00;19;50;25 I believe there may be one or two other countries there as South Africa won the right to host and to build the UK and it is now doing that. It's probably a 30 year project. But here you have an example of of an African nation competing to build a hugely complex scientific instrument in the middle of the Karoo desert. 00;19;50;25 - 00;20;30;21 Now why do that? Many reasons to do it. But one of the compelling reasons that I learned from exposure to the project is the enormous commitment that the South African government and now, of course, to have partner countries, including Australia, that huge commitment they have made to education and training the next generation through the scale. And you will see in the system you'll see that many US multinationals, the Dell Corporation, IBM, Microsoft have very strong project association and collaboration with the UK and South Africa. 00;20;30;24 - 00;21;00;04 When the Economist wrote about the UK in 2016, I believe it was, they said this is the world's largest science project. And I think, you know, just it's worth reflecting on that. And this has enormous, enormous future potential. It has existing benefits to the scientific community and of course it is a huge flagship idea that provides a lightning rod for scientific collaboration across Africa and across the world. 00;21;00;11 - 00;21;26;13 At a very practical level, it brings many scientists to visit the facility to work with African and South African collaborators. So this is an ongoing benefit. I think a wonderful example of what our research infrastructure is, what basic science is, and why it should be funded. Yeah, what you just described is an enormous success story. But, you know, candidly, my optimism is challenged because so much of this does rely on government participation. 00;21;26;19 - 00;21;54;08 Yet it feels like as long as money and politics is in the picture, those are the anchors that can weigh things down. And against that backdrop is the science summit. So how did the science summit become a reality and was there any resistance to it or did anybody think this wasn't a good idea or not worth doing? The as far as I've learned, I mean, the response has been universally very, very positive, extremely positive. 00;21;54;11 - 00;22;26;03 And that's because the science summit is designed aimed to advance a greater awareness of the contribution of science to the SDGs. Now, how do you do that? You do that by bringing folk together. And those folk are not just the scientists. I mean, we're not organizing an ecology conference, we're not organizing a radio astronomy conference, we're organizing a science engagement process with U.N. leadership. 00;22;26;06 - 00;22;54;09 And more than that, we are showing how science needs to be inclusive. So to that end, we have a very strong narrative around inclusion. We have a very strong narrative around development, finance for scientific education, for science, performance and investment in science. And through doing that, we are education policymakers. We are engaging with policy makers. And I need to stress this invariably is it is a process. 00;22;54;16 - 00;23;15;28 But at the end of the day, policymakers that I have engaged with at many levels in Africa, Europe and the United States, they want to make the world a better place. I don't think there's any any doubt about that at very often in that quest, they are very remote from the outputs of science for the evidence that is there that shows that science delivers. 00;23;15;28 - 00;23;38;28 Of course, it's in the system. But very often the political system of political decision making is very human. It's a very natural process. It's not always empirical. And I think as you know, and possibly in in the Western world, we see that policy making is becoming more political with a small P. So it's into that environment that we are going and showing how science makes a difference. 00;23;39;05 - 00;24;08;26 Practically. We're showing how science delivers on the SDGs, we're showing how science delivers on the future challenges. And with reference to a very important aspect, we're also highlighting the the importance of enabling access to data now, and this is you'll probably be familiar with the European Union's General Data Protection Regulation, and there are other regulatory regimes in in the United States and Canada, Japan and Brazil and and elsewhere. 00;24;08;28 - 00;24;33;19 And now we are looking at the evolution of regulation concerning artificial intelligence. Now, these regulatory processes as one outcome have impacts on access to data and the use of data for scientific purposes. There is no global regulator, there's no global policymaker. How do we address a global coordination on these issues? And that's something we want to raise within the context of Science Summit to ensure that science is data enabled. 00;24;33;21 - 00;25;00;25 When we talk about science capacity building, essentially we are talking about improving the flow of data, access to data, use of data from machine learning and AI and other purposes, and extending that capability globally. And when that can happen, then you will see dramatically improved outcomes in terms of health research at the environment, biodiversity, energy and many, many other areas. 00;25;00;29 - 00;25;44;06 But we're not there yet. That very much is in the future. So we're trying to align the debate around the objective of creating these new innovations with the need for aligning energy policy, energy technology and other information technology around alignment on regulations. That's huge, huge importance. So we see that. We see the opportunity after the United Nations General Assembly to talk to governments, to talk to political leaders, to talk to Balsillie was to talk to diplomats, to talk to regulators, to talk to bureaucrats and show them what this is, how this matters, and very importantly, how they can include optimized policies to support science in future policies at the bloc level, at nation level. 00;25;44;06 - 00;26;13;20 And we have many, many meetings bringing forward scientists to show what they do, what's necessary in terms of government regulation and support to enable. So we're talking about creating the enabling policy and regular Tory environment for more and better science. And funnily enough, we don't say that's more that's about more money. We don't feel that. We don't think that what there is, is more opportunity and a great need for alignment at government and policy level. 00;26;13;23 - 00;26;39;06 And if every country in the world goes it alone in terms of creating regulation and creating policies, then we're looking at extreme fragmentation. There is much, much untapped potential for governments to work together, and that's one reason we're very happy to be working with Oracle, because, you know, from there, you know, as a company and, you know, forgive me if this is too simplistic, but they, they they create these machines that can communicate data. 00;26;39;06 - 00;27;07;29 And this is a this is a vital and vital a vital need globally. And how they do that and future, I think, will point to many, many future opportunities, which is a very important consideration, because with the science summit and at the level of the U.N., there's there's a huge recognition of the need to work with industry players and the importance of working with industry to deliver innovations, because it's not going to be a university center in it. 00;27;07;29 - 00;27;33;27 With the greatest respect to Cork University in Ireland, they're not going to be making the mess that's going to come through a company. So and industry. So this collaboration opportunity between academia, between governments and industry, I think is ripe for transformation, I think has enormous potential to address global challenges. So can you give us kind of a feel for what kind of speakers and sessions can be expected at the summit? 00;27;34;04 - 00;28;02;24 Yes, Michael, we've got a very inclusive approach to the summit, so we're covering a lot of things, but I suppose I would accept that we have a bias towards health on the health research. On the 13th of September, we have an all day plenary on on One Health, which is a perspective that brings together planet people and animal health into a, if you like, a one world view. 00;28;02;27 - 00;28;26;10 We have a lot of amazing speakers from the five continents who will be coming to that meeting. And what we want to do then is this is relatively rare. It's a relatively new area. By that I mean it's a relatively new or a policymaking. So where want to advance policymaking in this area? We want to also promote interdisciplinary research and show how research matters across these three areas because they cannot be addressed in isolation. 00;28;26;12 - 00;28;56;06 And we'd argue at the moment, by and large, that they are. If you look at national funding systems and national priorities and all the rest of it, they look at animal health or they look at human health or they look at biodiversity. But looking at all three I think is vital. That's our that's our flagship session on Wednesday the 13th on the 14th, Thursday the 14th, we're going to focus on on pandemic preparedness and we're going to bring together the leadership from the National Research Foundation in South Africa, from the African Union Commission, from the European Union. 00;28;56;06 - 00;29;33;16 Delighted to have Irene North steps. The director for the People Directorate in Brussels is coming to join us. For three days. We have Professor Cortes at Lucca from the Medical University of Graz, who leads many European Union research initiatives. But he was the main instigator of the European Union's biobanking research infrastructure, of biobanking, of molecular resources. We should infrastructure, which does pretty much as it says on the can, and we're looking to create a UN version of that, if you like, And look at how this capacity for biobanking is going to contribute. 00;29;33;16 - 00;29;57;01 So and pandemic burden, it's very, very important that we also have President Biden's science adviser, Dr. Francis Collins, former director of the and I and the in the United States, Then we will also have representatives from Dr. Sao Victor. So from the U.S. Academy for Medicine, National Academy for Medicine. He'll be presenting the US approach to pandemic preparedness, which is called 100 days Mission. 00;29;57;06 - 00;30;22;17 What you Need to Do in the first hundred Days. We're very excited about that and very, very much looking forward to using that as a template for a global approach. And while there's been a lot of focus on global strategies, which we obviously very much support, we want to take that global strategy approach to the level of action in terms of what capacity is needed, where's that capacity needed, How can the capacity be delivered? 00;30;22;19 - 00;31;09;02 So very much looking forward to pandemic preparedness as a highlight of the summit. Then on Friday, Friday the 15th of September would have a one day plenary on genomics capacity building with a focus on Africa. But the approach will be global, But bring it forward. Will How does the capacity work for pandemic? Sorry for genomics and has been led by global industry in terms of Illumina and it's been led again by data experts, and that really looks at a future for genomics capacity building in Africa, without which we are going to be or Africa is going to be extremely hampered in the development of medicine and related therapies. 00;31;09;04 - 00;31;37;12 So there are three of the sessions. We also have the Obama Foundation having a meeting on the on the 17th of September. We're going to bring philanthropic organizations together, are for lunch on the 15th. We are going to have a number of sessions around the Amazon with the Brazilian Fapesp, the Rio National Research Agency, and they'll be looking at the future of Amazon from the perspective of collaborative research and development and science. 00;31;37;15 - 00;32;06;00 We will be working with a number of legal experts with the law firm Ropes and Gray, who will bring together experts to identify scenarios for an enabling regulatory environment for genomics that's going to take place on the afternoon of the 16th. We are going to have a number of focus days. The government of of government of Ethiopia will be joining us and they'll be presenting how the Ethiopian government presents or approaches the SDGs. 00;32;06;00 - 00;32;27;18 From the point of view of enabling science. We have a similar approach from the government of Ghana. We will have the nice people from Mongolia, the government of Mongolia. They will be presenting a regional approach from the roof of the world, and we would have the same from Nepal, from India, from Japan, from Brazil and many other nations. 00;32;27;23 - 00;32;58;22 And that national approach is very, very important because again, we want to highlight the need for synergies, highlight the similarity between national approaches and then how they can be brought together and benefit from one another. We will also have a presentation from the editor of Nature, Magdalena Skipper at They'll be presenting a what they call a storytelling evening, and that's that's designed to inform and show how science careers evolve. 00;32;58;28 - 00;33;27;05 So so the community can get an understanding of of how that has worked in a number of individuals so very much at look at looking forward to that. I think that personal aspect is is very, very important. And we will be having a number of sessions with with investors how they are approaching investing in science and technology, how that investment can be better aligned between governments, industry, not for profits, philanthropy. 00;33;27;05 - 00;33;50;18 And we're feeling we're seeing that a lot of these organizations have similar objectives. So there's enormous potential to see how they can be more aligned, work together for common objectives and thereby increase possible benefits and outputs. So very much look forward to dose those discussions. In terms of our principal outputs, what we want to do really is three levels. 00;33;50;18 - 00;34;12;01 First is we want to increase participation and collaboration. So we want to bring people together. And one of the main outputs of the science summit last year, researchers discovered each other. They went away and they started collaborating. That wouldn't have happened if they hadn't met at the science. So that's one level. Second level is what our agenda is. 00;34;12;04 - 00;34;44;27 So the United Nations will convene the summit of the future in 2024. So the question we're asking everybody is what should the science agenda for that meeting look like? And we want to compile it. And with the 400 odd sessions we're running, we want to work with them and see how can they contribute to that, What priorities can they put forward and how do they look in terms of a specific objective which the United Nations can support in terms of energy attainment or the post SDG agenda? 00;34;44;29 - 00;35;22;06 And the third element we want to advance is better policy making, make better policies. We will have tennis knocked and Dennis is the chair of the Inter-Parliamentary Union Science Committee. The Inter-Parliamentary Union is a global organization and represents 138 parliaments around the world. This dialog is hugely, hugely important. So we're going to be working with Denis to see how his members so those legislators in those 140 odd countries can incorporate better global ideas into policymaking at a local level. 00;35;22;06 - 00;35;52;29 And I'm talking about I'm talking about Nepal, I'm talking about Ghana, I'm talking about Kenya, I'm talking about many, many countries. And then what we what we hope that that will achieve is real sustained change. And as we move towards the end of this decade, that's going to be hugely, hugely demanding. But I think if we build this global momentum and we drive this cooperation and instill a sense of cooperation among scientists globally, and also we say that, you know, scientists in fact, are policy policymakers. 00;35;52;29 - 00;36;10;12 I don't see this divide between policymakers and scientists. I think scientists have a huge amount to contribute to policymaking. So, in fact, they're the policymakers. They know a lot about health, They know a lot about what policies are needed to deliver better health. And we want to give them a voice. Well, as I mentioned, Oracle will be speaking and participating at the summit. 00;36;10;12 - 00;36;37;01 And you touched on it a little bit. But when you think about the role for industry players, especially technology giants like Oracle and what's needed to pursue the SDGs, we've talked on the show a good bit about the concept of open science and increasing access to scientific data. It feels like big advances in global health can't happen if those developing or lower middle income countries are kept at arm's length from data. 00;36;37;04 - 00;37;00;02 Absolutely, Mike. Absolutely. Very, very well said. And as I've outlined, is that one of the main impediments potentially to this is regulation by advanced nations, which impacts on less developed nations. So I think an industry has a huge role to play in that because, you know, industry and providing the wherewithal to to advance this data exchange. So we very much look to industry leadership. 00;37;00;02 - 00;37;16;20 And I think Oracle is going to be very instrumental there in showing and leading the way in terms of how data is enabled and how data systems can allow access to data use of data, and of course the use of data for machine learning. And I think that's something we need to learn a lot about, particularly in developing nations. 00;37;16;23 - 00;37;35;25 I also think that the United Nations Global Sustainability Report, the latest version of which is available in draft, and I think the final version will be published at the end of this month. Points to a huge role for for industry. My own view is that I think industry need to be much more at the table at this U.N. table. 00;37;35;25 - 00;37;56;24 I'm delighted to see that Oracle is joining us in this quest, because I think we need to build a narrative and I think it'll be for industry are going to be a very credible partner in terms of telling governments what is necessary, what's needed in terms of creating the space for data to do what data needs. And again, in particular in the countries that are going to be challenged in their quest for access to data. 00;37;56;27 - 00;38;33;03 And that presumes that they have the capacity to have the infrastructure. Many don't, but they're going to need to have that and the industry going to be critical in delivering that. And I think that's that's terribly, terribly clear. So that role for industry in delivering, I think, spans the optimization of policy, the optimization of regulation, the deployment of technology, the maintenance and sustainability of that technology, and of course for the advancement of that technology into different areas in its application, particularly in ICT application, in the areas health and energy and the environment, biodiversity, climate and so forth. 00;38;33;06 - 00;38;55;25 And I think this is something that provides a gives me a lot of optimism in future. And I think also almost we're looking at a, if you like, a post, arguably a post regulatory model where where technology will allow us to define the the remit of Data Act access. I don't think we're there yet, but I think this is this is possibly in future. 00;38;55;27 - 00;39;16;01 And again, Oracle and the colleagues from Oracle will be engaging in a number of discussions on the regulatory side, on the technical side, on the access to data side that's going to help the communities understand not necessarily the solution, but at least define the questions. I think define the questions. Then we have a much greater opportunity in obtaining the answers. 00;39;16;03 - 00;39;39;17 Well, also in my intro, I mentioned that you are founder and managing director of ISC Intelligence and Science. Tell us about that endeavor. What does that do? Well, that that mainly is devoted towards building body types, capacity and advising governments on science. Capacity Building that many faces is based around scientific infrastructures. And of course they come in in many, many flavors. 00;39;39;22 - 00;39;59;29 But ours really is around the design of research infrastructures that that tends to be quite a long, competitive, drawn out, complicated process. Of course, for any funding, there is a there is a competitive process. This takes a a number a number of years, very often for an award, then a subsequent number of years for a design phase to be completed. 00;40;00;05 - 00;40;21;02 Before then you move into construction and operation. Our primary focus is on the design phase and we've done that in in Africa. We do it in India, in in North America, Latin America. And one of our main reasons for focusing on this area is because it means the capacity is there to to allow science to do what it does. 00;40;21;02 - 00;40;46;01 I've mentioned the case of the SKA and in Africa there are many others. But I would say hitherto there's been a lot of differentiation between science capacity. And of course this is this is quite understandable. But I think increasingly in future that capacity will be effectively one big data machine. It won't matter what flavor of science you're doing, you're going to be dipping into a common data reserves. 00;40;46;01 - 00;41;23;05 Now, there's some caveats around that, such as a a synchrotron, for example, or a light source. I think these are, as you can imagine, specific unique instruments. But we're looking forward very much to have the director of the Office of Science in the United States, Dr. Esmond Barrett, talk to us about how this can work on a global level and what are the challenges and how the US experience in building these science infrastructures and capacities can then help many, many other countries to to advance towards not net, not necessary do the same, but at least be on a path to access such capacity. 00;41;23;05 - 00;41;52;08 So ESI has been very, very involved in that and also involved in the regulatory aspects of the impact of updated regulation on science is something we're very exercised about. If we feel that the scientific community historically, by which I mean maybe over the last 15 years have been very slow to understand the implications of regulation of science, but equally the regulatory bodies at national level, equally have been very slow to understand the impacts of science because their primary concerns are not science. 00;41;52;13 - 00;42;23;27 The primary concerns are as they see them is the protection of individual data, etc., etc., etc. and that's very worthy and noble. But then once you pull the thread, you see that that has aspects and implications for scientific endeavor. So we're working in that interface, ensuring or trying to ensure or trying to increase respective awareness and visibility. And now this is has a very sharp focus in the advent of a EIA, the Artificial Intelligence Act in the European Union, which will be defining for reasons we mentioned earlier. 00;42;23;27 - 00;42;43;12 Also, we are very active in that space and we're very particularly active and, and how this seen, how this impacts on less developed nations. Well, Declan, again, we appreciate you being on the show today. If people wanted to learn more about the science Summit or ISC intelligence and science, how can they do that? Main ways. The website for the Science Summit is Science Summit. 00;42;43;15 - 00;45;13;24 It is sciencesummitunga.com the company website is ISC intelligence dot com and then you'll find the usual links to Twitter and all the rest there. Very good. We've got it. And if you listen are are interested in how Oracle can simplify and accelerate your own scientific research. Just take a look at Oracle dot com slash research and see what you think and of course join us again next time for research and action.
In 2020, the U.S. Federal Trade Commission put out a call for advertising experts to advise the regulatory body on advertising and privacy. Raashee Gupta Erry, then a director at GroupM's Essence, answered that call. Gupta Erry initially took an interest in the privacy side of the ad industry in 2018 when working with clients to prepare for Europe's General Data Protection Regulation privacy law. Joining the FTC offered an opportunity for her to get a U.S. perspective on privacy regulation from the inside — and for the government regulator to get a peek under the hood of the ad industry from an insider whose experienced spanned brand side at Volkswagen and Samsung, agency side at Essence and Digitas and ad tech side at Neustar. “The FTC wanted to have somebody from the industry who understands all the sides of the ecosystem, who understands how the players operate, what are the sort of systems [and] processes [and] workflows. So it was an opportunity for me to help them, educate them and strengthen their work as well as learn about the privacy world,” Gupta Erry said on the latest Digiday Podcast episode. Gupta Erry's initial task at the FTC was mapping out the mechanics of the advertising ecosystem. Eventually her remit broadened to involve her in the organization's investigation and enforcement efforts that related to advertising and privacy. “[I] got to dig into some of the topics that we all in the industry grapple with, like [Google's] Privacy Sandbox or [Apple's anti-tracking feature] ATT, algorithmic harm, AI bias,” she said. Having left the FTC last fall, she is now back to working with advertising companies on their privacy practices through her consultancy Uplevel Digital. And given the flurry of privacy laws taking effect in the U.S. this year, there's no shortage of work that companies need to do to keep in compliance, especially as enforcement efforts by regulators including the FTC ramp up. “We're looking at 11 or 12 [state-level privacy laws] at this point. So as more of them come into place, there's going to be more regulators, state regulators, looking at these companies,” said Gupta Erry.
Rohan Massey is a Partner at Ropes & Gray, a global law firm operating in the US, Asia, and Europe providing counsel in labor and employment issues, tax and benefits, and creditors' rights. Rohan advises on complex global data and security compliance programs covering asset management and financial services, life sciences and clinical trials, and marketing. He's an expert on the intersection of the extraterritorial scope of national data protection laws and data transfer issues for global organizations. In this episode… Cross-border data transfer is the exchange of electronic personal information across international borders. The European Union governs these transactions through a protection law known as the General Data Protection Regulation. Many large corporations operate in multiple countries, so acceptable contract agreements between partnering companies must be heavily enforced using a data privacy framework. Data and cybersecurity experts like Rohan Massey work to implement and educate organizations about data privacy frameworks. These tools provide immediate support when concerns such as data breaches pose a threat to data privacy. DPFs are designed to adjust as events unfold. In regard to compliance, decision-making, and communication, corporations should consider adopting a data privacy framework. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Rohan Massey, Partner at Ropes & Gray, for an in-depth conversation about the data privacy framework in relation to cross-border transfers. Rohan explains how the data privacy framework affects international corporations, the treatment of HR data versus “regular” data under DPF, and when companies should consider using standard contractual clauses.
The European Union's General Data Protection Regulation supposedly protects people from government data abuse. In reality, it empowers governments. Original Article: "The GDPR Paradox: Empowering Government in the Name of Data Protection"
The European Union's General Data Protection Regulation supposedly protects people from government data abuse. In reality, it empowers governments. Original Article: "The GDPR Paradox: Empowering Government in the Name of Data Protection"
Today on the show, Senior Practice Director Conan D'Arcy is joined by Associate Ilana Kunkel to discuss the EU's proposal to reform the General Data Protection Regulation's (GDPR) enforcement processes. Conan and Ilana unpack what's in the proposal and its likely timeline and reflect on the legacy of the GDPR amidst continued speculation around the possibility of major reforms to the EU's landmark digital protection legislation. Hosted on Acast. See acast.com/privacy for more information.
The European Commission and Parliament were busily debating the Artificial Intelligence Act when GPT-4 launched on 14 March. As people realised that GPT technology was a game-changer, they called for the Act to be reconsidered.Famously, the EU contains no tech giants, so cutting edge AI is mostly developed in the US and China. But the EU is more than happy to act as the world's most pro-active regulator of digital technologies, including AI. The 2016 General Data Protection Regulation (or GDPR) seeks to regulate data protection and privacy, and its impacts remain controversial today.The AI Act was proposed in 2021. It does not confer rights on individuals, but instead regulates the providers of artificial intelligence systems. It is a risk-based approach.John Higgins joins us in this episode to discuss the AI Act. John is the Chair of the Global Digital Foundation, a think tank, and last year he was president of BCS (British Computer Society), the professional body for the IT industry. He has had a long and distinguished career helping to shape digital policy in the UK and the EU.Follow-up reading:https://www.globaldigitalfoundation.org/https://artificialintelligenceact.eu/Topics addressed in this episode include:*) How different is generative AI from the productivity tools that have come before?*) Two approaches to regulation compared: a "Franco-German" approach and an "Anglo-American" approach*) The precautionary principle, for when a regulatory framework needs to be established in order to provide market confidence*) The EU's preference for regulating applications rather than regulating technology*) The types of application that matter most - when there is an impact on human rights and/or safety*) Regulations in the Act compared to the principles that good developers will in any case be following*) Problems with lack of information about the data sets used to train LLMs (Large Language Models)*) Enabling the flow, between the different "providers" within the AI value chain, of information about compliance*) Two potential alternatives to how the EU aims to regulate AI*) How an Act passes through EU legislation*) Conflicting assessments of the GDPR: a sledgehammer to crack a nut?*) Is it conceivable that LLMs will be banned in Europe?*) Why are there no tech giants in Europe? Does it matter?*) Other metrics for measuring the success of AI within Europe*) Strengths and weaknesses of the EU single market*) Reasons why the BCS opposed the moratorium proposed by the FLI: impracticality, asymmetry, benefits held back*) Some counterarguments in favour of the FLI position*) Projects undertaken by the Global Digital Foundation*) The role of AI in addressing (as well as exacerbating) hate speech*) Growing concerns over populism, polarisation, and post-truth*) The need for improved transparency and improved understandingMusic: Spike Protein, by Koi Discovery, available under CC0 1.0 Public Domain Declaration
This week's show is live from Dallas as I attend the Parks Associates Connections smart home event, so I start out discussing some of the themes I've seen so far, including the growing importance of data privacy, local processing and generative AI. We also talk about the five-year-anniversary of the General Data Protection Regulation in … Continue reading Episode 424: Trust, AI, and the economy drive IoT conversations The post Episode 424: Trust, AI, and the economy drive IoT conversations appeared first on IoT Podcast - Internet of Things.
In May 2018, the European Union's General Data Protection Regulation (GDPR) became effective. The immediate impact was seen in the millions of dollars and man hours spent on compliance; the loss of certain websites or services from the European Union, such as the Los Angeles Times; and changes to user experiences and privacy choices. Advocates of the GDPR have argued that the tradeoffs are worth it for improved cybersecurity and the increased privacy rights of EU citizens, but critics have pointed to the potential impact on other values, such as speech and innovation, and have questioned if the GDPR has actually led to improvements or just increased red tape.Five years on, the impact of the GDPR on Americans and American companies as well as their European counterparts continues to be felt. As the United States debates its own potential federal data privacy law and sees an emerging patchwork of state laws, what lessons can we learn from the GDPR about benefits and consequences of data privacy regulation? Hosted on Acast. See acast.com/privacy for more information.
Five years have gone by since the implementation of the European Union's General Data Protection Regulation but managers at Meta Platforms aren't likely celebrate the milestone. On Monday of this week, the tech giant's Facebook social-media platform received a whopping $1.3 billion fine. The Meta unit was also told to stop transferring personal data from the EU to the US, in what is being described as the most consequential GDPR enforcement action that could be taken. On this week's podcast, our reporters mull over the impact of the EU privacy regulators' decision and what the GDPR has meant globally for privacy and data-security legislation.
The fine for the transfer of user data is the largest since the E.U. implemented the General Data Protection Regulation.
The owner of Facebook has been fined $1.3 billion for breaking EU rules on data protection, the largest fine ever handed down under the European Union's General Data Protection Regulation privacy law. Rahul Tandon speaks to the European Data Protection Board chair Dr Andrea Jelinek about why they've enforced the fine. We get the latest as China's chip war escalates as the country bans products from US companies. And we find out how how American singer Jason Derulo made unexpected millions.
Episode #5 printables: Kirby 40mm Fume Extractor. wikipedia: The Kirby Company is a manufacturer of vacuum cleaners and home cleaning accessories, located in Cleveland, Ohio, United States. It is a division of Right Lane Industries. lugcast: We are an open Podcast/LUG that meets every first and third Friday of every month using mumble. wikipedia: The PlayStation Portable (PSP) is a handheld game console developed and marketed by Sony Computer Entertainment. wikipedia: Rammstein is a German Neue Deutsche Härte band formed in Berlin in 1994. Goodluck with all the rest of the band/music chatter. I can't understand any of it. youtube: Burger Dance. Please no. Why did I signup for this. wikipedia: Syphilis is most commonly spread through sexual activity. wikipedia: Death was an American death metal band formed in Altamonte Springs, Florida, in 1984 by Chuck Schuldiner. Death is considered to be among the most influential bands in heavy metal music and a pioneering force in death metal. wikipedia: Death is a Detroit rock band formed in Detroit, Michigan in 1971 by brothers Bobby, David, and Dannis Hackney. wikipedia: BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. dell: Latitude E6410 Laptop. slackware: Slackware is a Linux distribution created by Patrick Volkerding in 1993. puppylinux: Puppy Linux is an operating system and family of light-weight Linux distributions that focus on ease of use and minimal memory footprint. tails: Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. debian: Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. wikipedia: Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. pine64: ROCK64 is a credit card sized Single Board Computer powered by Rockchip RK3328 quad-core ARM Cortex A53 64-Bit Processor and support up to 4GB 1600MHz LPDDR3 memory. docker: realies/nicotine. wikipedia: rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files. funkwhale: Listen to your music, everywhere. Upload your personal library to your pod, share it with friends and family, and discover talented creators. mumble: Mumble is a free, open source, low latency, high quality voice chat application. youtube: Ernie (The Fastest Milkman In The West). Why?! youtube: Shaddap You Face - Joe Dolce. ironmaiden: Iron Maiden are an English heavy metal band formed in Leyton, East London, in 1975 by bassist and primary songwriter Steve Harris. wikipedia: Kamelot is an American power metal band from Tampa, Florida, formed by Thomas Youngblood, in 1987. wikipedia: Nightwish is a Finnish symphonic metal band from Kitee. wikipedia: Kitee is a town and a municipality of Finland. It is located in the province of Eastern Finland and is part of the North Karelia region. wikipedia: Evanescence is an American rock band founded in Little Rock, Arkansas in 1995 by singer and musician Amy Lee and guitarist Ben Moody. wikipedia: Deep Purple are an English rock band formed in London in 1968. wikipedia: Pink Floyd are an English rock band formed in London in 1965. wikipedia: Black Sabbath were an English rock band formed in Birmingham in 1968 by guitarist Tony Iommi, drummer Bill Ward, bassist Geezer Butler and vocalist Ozzy Osbourne. toastmasters Toastmasters International is a nonprofit educational organization that teaches public speaking and leadership skills through a worldwide network of clubs. bbc: The British Broadcasting Corporation is the national broadcaster of the United Kingdom, based at Broadcasting House in London. matrix: An open network for secure, decentralized communication. wikipedia: The General Data Protection Regulation is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area. wikipedia: The Gopher protocol (/ˈɡoʊfər/) is a communication protocol designed for distributing, searching, and retrieving documents in Internet Protocol networks. wikipedia: Gemini is an application-layer internet communication protocol for accessing remote documents, similar to the Hypertext Transfer Protocol (HTTP) and Gopher. wikipedia: Slipknot is an American heavy metal band formed in Des Moines, Iowa, in 1995 by percussionist Shawn Crahan, drummer Joey Jordison and bassist Paul Gray. wikipedia: After Forever was a Dutch symphonic metal band with strong progressive metal influences. The band relied on the use of both soprano vocals and death growls. metallica: Metallica is an American heavy metal band. wikipedia: Queen are a British rock band formed in London in 1970 by Freddie Mercury (lead vocals, piano), Brian May (guitar, vocals) and Roger Taylor (drums, vocals), later joined by John Deacon (bass). wikipedia: Brexit (a portmanteau of "British exit") was the withdrawal of the United Kingdom (UK) from the European Union (EU) at 23:00 GMT on 31 January 2020 (00:00 1 February 2020 CET). The UK is the only sovereign country to have left the EU or the EC. imdb: A WWII bomb group commander must fill the shoes of his predecessor and get the performance rating up to snuff. wikipedia: Twelve O'Clock High is a 1949 American war film about aircrews in the United States Army's Eighth Air Force, who flew daylight bombing missions against Germany and Occupied France during the early days of American involvement in World War II. wikipedia: The Boeing B-17 Flying Fortress is a four-engined heavy bomber developed in the 1930s for the United States Army Air Corps (USAAC). IRC IRC is short for Internet Relay Chat. It is a popular chat service still in use today. wikipedia: Next Unit of Computing (NUC) is a line of small-form-factor barebone computer kits designed by Intel. plex: With our easy-to-install Plex Media Server software and Plex apps on the devices of your choosing, you can stream your video, music, and photo collections any time, anywhere, to whatever you want. ubuntu: Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software. ebay: Buy & sell electronics, cars, clothes, collectibles & more on eBay, the world's online marketplace. amazon: Amazon Renewed is your trusted destination for pre-owned, refurbished products. wikipedia: Ryzen is a brand of multi-core x86-64 microprocessors designed and marketed by AMD for desktop, mobile, server, and embedded platforms based on the Zen microarchitecture. wikipedia: Apple M1 is a series of ARM-based systems-on-a-chip (SoCs) designed by Apple Inc. as a central processing unit (CPU) and graphics processing unit (GPU) for its Mac desktops and notebooks, and the iPad Pro and iPad Air tablets. wikipedia: The Apple M2 is an ARM-based system on a chip (SoC) designed by Apple Inc. as a central processing unit (CPU) and graphics processing unit (GPU) for its Mac notebooks and the iPad Pro tablet. wikipedia: A system on a chip or system-on-chip (SoC /ˌˈɛsoʊsiː/; pl. SoCs /ˌˈɛsoʊsiːz/) is an integrated circuit that integrates most or all components of a computer or other electronic system. wikipedia: ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured for various environments. youtube: One Woman’s Wilderness. wikipedia: Felix Unger (born 2 March 1946 in Klagenfurt, Austria) is a heart specialist who served as the president of the European Academy of Sciences and Arts for three decades. geekflare: How to create APT Proxy using a Raspberry PI with apt-cacher-ng? gpd: The world's smallest 6800U handheld Exclusive performance optimization tool Support SteamOS system. pine64: ROCK64 is a credit card sized Single Board Computer powered by Rockchip RK3328 quad-core ARM Cortex A53 64-Bit Processor and support up to 4GB 1600MHz LPDDR3 memory. wikipedia: Digital subscriber line (DSL; originally digital subscriber loop) is a family of technologies that are used to transmit digital data over telephone lines. wikipedia: Windows Subsystem for Linux (WSL) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting. wikipedia: In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. wikipedia: A Chromebook (sometimes stylized in lowercase as chromebook) is a laptop or tablet running the Linux-based ChromeOS as its operating system. virtualbox: VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. wikipedia: Telemetry is the in situ collection of measurements or other data at remote points and their automatic transmission to receiving equipment (telecommunication) for monitoring. gnu: Published software should be free software. To make it free software, you need to release it under a free software license. microsoft: MICROSOFT SOFTWARE LICENSE TERMS. apple: software license agreements for currently shipping Apple products. cdc: Health Insurance Portability and Accountability Act of 1996 (HIPAA). nhs: The NHS website for England. wikipedia: Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. wikipedia: Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a discontinued series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems. wikipedia: Microsoft Edge is a proprietary, cross-platform web browser created by Microsoft. oggcamp: OggCamp is an unconference celebrating Free Culture, Free and Open Source Software, hardware hacking, digital rights, and all manner of collaborative cultural activities and is committed to creating a conference that is as inclusive as possible. penguicon: A happy place where hackers, makers, foodies, open source software junkies, anime buffs, and science fiction fans of all ages and backgrounds come together. mozillafestival: MozFest is a unique hybrid: part art, tech and society convening, part maker festival, and the premiere gathering for activists in diverse global movements fighting for a more humane digital world. fosdem: FOSDEM is a free event for software developers to meet, share ideas and collaborate. wikipedia: A hybrid integrated circuit (HIC), hybrid microcircuit, hybrid circuit or simply hybrid is a miniaturized electronic circuit constructed of individual devices, such as semiconductor devices (e.g. transistors, diodes or monolithic ICs) and passive components (e.g. resistors, inductors, transformers, and capacitors), bonded to a substrate or printed circuit board (PCB). wikipedia: A real-time clock (RTC) is an electronic device (most often in the form of an integrated circuit) that measures the passage of time. eurovision: The Eurovision Song Contest. wikipedia: Blue laws, also known as Sunday laws, Sunday trade laws and Sunday closing laws, are laws restricting or banning certain activities on specified days, usually Sundays in the western world. wikipedia: A census is the procedure of systematically acquiring, recording and calculating information about the members of a given population. businesspundit: The Commercialization Of Our 25 Favorite Holidays wikipedia: Leave It to Beaver is an iconic American television situation comedy about an American family of the 1950s and early 1960s. wikipedia: The COVID-19 pandemic, also known as the coronavirus pandemic, is an ongoing global pandemic of coronavirus disease 2019 (COVID-19) caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). The novel virus was first identified in an outbreak in the Chinese city of Wuhan in December 2019. who: COVID-19 transmission and protective measures. forbes: CDC: 10 Ways To Dine Safely At A Restaurant With Coronavirus Around. restaurant: COVID-19 Restaurant Impact Survey. subway: Subway is an American multinational fast food restaurant franchise that specializes in submarine sandwiches, wraps, salads and drinks. dominos: Domino's Pizza, Inc., trading as Domino's, is a Michigan-based multinational pizza restaurant chain founded in 1960 and led by CEO Russell Weiner. mcdonalds: McDonald's Corporation is an American multinational fast food chain, founded in 1940 as a restaurant operated by Richard and Maurice McDonald, in San Bernardino, California, United States. wikipedia: In public health, social distancing, also called physical distancing, is a set of non-pharmaceutical interventions or measures intended to prevent the spread of a contagious disease by maintaining a physical distance between people and reducing the number of times people come into close contact with each other. wikipedia: Due to the COVID-19 pandemic, a number of non-pharmaceutical interventions colloquially known as lockdowns (encompassing stay-at-home orders, curfews, quarantines, cordons sanitaires and similar societal restrictions) have been implemented in numerous countries and territories around the world. wikipedia: COVID-19 lockdowns by country. bbc: Covid-19: What is the new three tier system after lockdown? wikipedia: A telephone directory, commonly called a telephone book, telephone address book, phonebook, or the white and yellow pages, is a listing of telephone subscribers in a geographical area or subscribers to services provided by the organization that publishes the directory. cdc: It’s important to keep your blood sugar levels in your target range as much as possible to help prevent or delay long-term, serious health problems, such as heart disease, vision loss, and kidney disease. wikipedia: Whisky or whiskey is a type of distilled alcoholic beverage made from fermented grain mash. wikipedia: Powerade is a sports drink created, manufactured and marketed by The Coca-Cola Company. katexic: busthead (bust-head). noun. Cheap, strong liquor, usually of the illegal variety. skrewballwhiskey: The Original Peanut Butter Whiskey. olesmoky: Peanut Butter Whiskey. thepartysource: Blind Squirrel Peanut Butter Whiskey 750 ml. Thanks To: Mumble Server: Delwin HPR Site/VPS: Joshua Knapp - AnHonestHost.com Streams: Honkeymagoo EtherPad: HonkeyMagoo Shownotes by: Sgoti and hplovecraft
One step forward, two steps back…or at least made with caution. Meta announces their Segment Anything Model, and in that same breath, we're talking about ChatGPT and safety, as well as the limitations of being able to detect the usage of ChatGPT. Paul and Mike break it down: Meta AI announces their Segment Anything Model An article from Meta introduces their Segment Anything project, aiming to democratize image segmentation in computer vision. This project includes the Segment Anything Model (SAM) and the Segment Anything 1-Billion mask dataset (SA-1B), the largest segmentation dataset ever. This has wide-ranging applications across different industries. Meta cites that it could do things like be incorporated into augmented reality glasses to instantly identify objects you're looking at and prompt you with reminders and instructions related to an object. In marketing and business specifically, Gizmodo calls the demo of SAM a Photoshop Magic Wand tool on steroids, and one of its reporters used it to do sophisticated image editing on the fly with ease by simply pointing and clicking to remove and adjust images. Right now, the model is available only for non-commercial testing, but given the use cases, it could find its way into Meta's platforms as a creative aid. Paul and Mike discuss the opportunities for marketers and the business world at large. Does ChatGPT have a safety problem? Is OpenAI's April 5 statement on their website is a response to calls for increased AI safety, like the open letter signed by Elon Musk and others, and Italy's full ban on ChatGPT? A new article from WIRED breaks down why and how Italy's ban could spur wider regulatory action across the European Union—and call into question the overall legality of AI tools. When banning ChatGPT, Italy's data regulator cited several major problems with the tool. But, fundamentally, their reasoning for the ban hinged on GDPR, the European Union's wide-ranging General Data Protection Regulation privacy law. Experts cited by WIRED said there are just two ways that OpenAI could have gotten that data legally under EU law. The first would be if they had gotten consent from each user affected, which they did not. The second would be arguing they have “legitimate interests” to use each user's data in training their models. The experts cited say that the second one will be extremely difficult for OpenAI to prove to EU regulators. Italy's data regulator has already been quoted by WIRED as saying this defense is “inadequate.” This matters outside Italy because all EU countries are bound by GDPR. And data regulators in France, Germany, and Ireland have already contacted Italy's regulator to get more info on their findings and actions. This also isn't just an OpenAI problem. Plenty of other major AI companies likely have trained their models in a way that violates GDPR. This is an interesting conversation and topic to keep our eyes on. With other countries follow suit? Can we really detect the use of ChatGPT? OpenAI, the maker of ChatGPT, just published what it's calling “Our approach to AI safety,” an article outlining specific steps the company takes to make its AI systems safer, more aligned, and developed responsibly. Some of the steps listed include delaying the general release of systems like GPT-4 to make sure they're as safe and aligned as possible before being accessible to the public, protecting children by requiring people to be 18 or older, or 13 or older with parental approval, to use AI tools. They are also looking into options to verify users. They cite that GPT-4 is 82% less likely to respond to requests for disallowed content. Listen for more. Why now? Are we confident they're developing AI responsibly?
Series 11 Episode 30 Hi and welcome, this is Cory… The European Union has had it in one form or another since 1995. Now the Australian government is looking to making changes to the way data protection should operate in 21st century Australia after they published recommendations of a review into this country's privacy laws. According to the details published by The Daily Aus on their Instagram feed, the review was asked to think about how privacy laws should be updated to encompass digital privacy. In 1995, the EU launched the Data Protection Directive, but that was when the internet was still young. In 2016, the European Union adopted the GDPR - the General Data Protection Regulation. It's seen by many countries as the gold standard. https://www.instagram.com/p/Co1gjYxrgfv/ https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en https://ministers.ag.gov.au/media-centre/landmark-privacy-act-review-report-released-16-02-2023 Follow and turn notifications on so you can be alerted when new episodes are released. The CORY feed. A Podcast from Cory O'Connor - on Anchor, Apple, Google, iHeart Radio, Spotify and more. Find clickable links and contact information for the show at the following website. https://coryoconnor.com/pod --- Send in a voice message: https://anchor.fm/corypod/message
On this week's episode, Michael's joined by Felicity “Flick” Fisher, Partner and de facto COO of the law firm, Fieldfisher. Flick breaks down all things privacy and data related, including the European Union's General Data Protection Regulation, where privacy and data laws may be headed, and the impact privacy advocates have had on the space. Now amongst the top InfoSec legal experts, Flick's journey in the space began when she moved to the Bay Area in 2015. Initially joining her firm, Osborne Clark's, Palo Alto office to focus on transactions in the tech industry, her move coincided with the emerging push for increased data privacy regulations. In January 2016, Flick moved to Fieldfisher as an Associate and the fourth employee of its newly formed Privacy, Security, and Information Group, immersing herself in all data privacy matters, with a particular interest in EU compliance as the GDPR was implemented. Since then, Flick has become a Partner, stepping into a de facto COO role, and overseeing the firm's day-to-day operations. Where to find Flick: LinkedInAs mentioned on the episode:Mark Webber, Fieldfisher's US Managing Partner, Technology & DataMax Schrems - Austrian lawyer & digital privacy activistFieldfisher's Privacy BlogEuropean Data Protection Board
Madeleine interned with GE Aviation, She heard about privacy with the General Data Protection Regulation. Madeleine qualified as a solicitor of England and Wales, And she teaches others about what the CIPP/E entails! Madeleine's CIPP/E course: https://www.inhousew.com/
The International Association of Privacy Professionals' Europe Data Protection Congress attracted large crowds in Brussels last week, with a plenty of meaty policy and enforcement issues on the table. Irish Data Protection Commission head Helen Dixon suggested that the EU's General Data Protection Regulation's system of cross-border enforcement wasn't “built for speed;” while a trio of Meta Platforms companies — Facebook, WhatsApp and Instagram — are being scrutinized by the bloc's national data-protection authorities over privacy concerns. Privacy advocate Max Schrems delighted the audience with some props – a black box and rubber stamp – to criticize a new court set up by the latest EU-US data transfer agreement, which he vowed to challenge. MLex's Brussels-based data-privacy team was able to beat the crowds, follow the ins and outs of the debates and buttonhole key players at the margins of the conference. Our reporters recorded this podcast as the conference wound down.
After years of discussion and soul-searching, Indonesia's ambitious data-protection legislation, which borrows heavily from the European Union's General Data Protection Regulation, has landed. The new rules will change the way businesses process data and how that data can be transferred across borders. But many of the new law's key provisions still require further detail before companies can map out their compliance plans.
Since May 25, 2018, the General Data Protection Regulation (GDPR) has harmonized the rules on the processing of personal data, both private and public, across the Europe. Similar regulations have since popped up worldwide, with the US following suite with similar regulations like CCPA in California and regulations in most of the 50 US States. One of the unique aspects of these regulations, especially the EU's GDPR is it is not only directly applicable in all EU member states but anyone who does business in the EU. While the data protection laws give users new rights and control over their data this poses a huge challenge for businesses. All processes must be checked to ensure that they comply with the regulation because any violation can cause a serious fine of up to €20 million or 4% of the firm´s worldwide annual revenue, whichever is higher. In this episode we talk with Daniel Johanssen, CTO of Usercentrics on how data protection and consent regulations have developed since 2018, and what the new landscape looks like and how SMB's are adapting to GDPR legislation.
Since May 25, 2018, the General Data Protection Regulation (GDPR) has harmonized the rules on the processing of personal data, both private and public, across the Europe. Similar regulations have since popped up worldwide, with the US following suite with similar regulations like CCPA in California and regulations in most of the 50 US States. One of the unique aspects of these regulations, especially the EU's GDPR is it is not only directly applicable in all EU member states but anyone who does business in the EU. While the data protection laws give users new rights and control over their data this poses a huge challenge for businesses. All processes must be checked to ensure that they comply with the regulation because any violation can cause a serious fine of up to €20 million or 4% of the firm´s worldwide annual revenue, whichever is higher. In this episode we talk with Daniel Johanssen, CTO of Usercentrics on how data protection and consent regulations have developed since 2018, and what the new landscape looks like and how SMB's are adapting to GDPR legislation.
What risks do emerging technologies like the Metaverse and Empathic AI pose? While most of us are aware of data privacy and manipulation risks, we tend to think of them in the context of known technologies like social media. What happens when the tech becomes more immersive? The answer is that areas like human rights come under threat. On this episode, I'm joined by Kate Jones, an Associate Fellow at Chatham House, an independent policy institute. She began her career as a government lawyer and became a diplomat before developing an interest in human rights and emerging technologies. In her research, Kate explores topics such as governance of new technologies, the ethical implications of artificial intelligence and the prevention of online harms and political manipulation. In a wide-ranging discussion, Kate and I explore:* How her career took her from the law, to diplomacy and onto the risks of emerging tech* The Metaverse and the rationale for regulation in emerging tech;* The need for governance over the deployment of emerging tech;* Human rights: what they are, how they are sadly misunderstood and how the human rights movement is shooting itself in the foot;* AI, ethics and human rights * The risks of empathic AI * The future of managing the risks of emerging tech* The relevance of ESG to emerging managing emerging tech risk; and* The role investors can play in resolving this. To find out more about Kate, visit her website: https://katejones.uk/ For more on her work with Chatham House: https://www.chathamhouse.org/about-us/our-people/kate-jonesTo read her paper on Online Disinformation and Political Discourse: Applying a Human Rights Framework: https://www.chathamhouse.org/2019/11/online-disinformation-and-political-discourse-applying-human-rights-frameworkDuring our discussion, we also talk about: The article that Kate wrote on the importance of regulating the Metaverse: https://www.worldpoliticsreview.com/the-metaverse-like-regulating-social-media-but-on-steroids/The Metaverse: https://www.wired.com/story/what-is-the-metaverse https://www.vice.com/en/article/93bmyv/what-is-the-metaverse-internet-technology-vr https://www.forbes.com/sites/deborahlovich/2022/05/11/what-is-the-metaverse-and-why-should-you-care/The EU Digital Services Act: https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-packageGDPR, the General Data Protection Regulation: https://gdpr-info.eu/The UK Human Rights Act: https://www.equalityhumanrights.com/en/human-rights/human-rights-actThe UN Human Rights Council Panel on Disinformation & Human Rights: https://www.ohchr.org/en/statements-and-speeches/2022/06/high-level-panel-discussion-countering-negative-impact Caroline Criado Perez's Invisible Women: https://carolinecriadoperez.com/book/invisible-women/ The UN Sustainable Development Goals: https://sdgs.un.org/goalsEmpathy in AI: https://www.kairos.com/blog/empathy-in-ai-series-part-1-what-is-empathy
Marketers' longtime reliance on third-party consumer data is fast becoming obsolete. For example, advertising on social media platforms like Instagram and Facebook, where targeting audiences can yield highly successful campaigns, has always been a cornerstone of the direct-to-consumer marketing strategy. However, it is more important than ever to create direct connections with consumers in light of iOS14's restrictions on third-party cookies for tracking, Chrome's deprecation of third-party cookies in browsers beginning in 2022, and the General Data Protection Regulation. That's why it's perfect timing that Gen Furukawa will be on the podcast today. He is here to share a more legitimate, effective, and cheaper alternative to better understand your customers and cater to their specific needs. Gen has been in the e-commerce space for 10+ years, with the last seven years in the e-commerce SaaS environment. Before Prehook, Gen was part of the founding team and VP of Jungle Scout, the leading software for Amazon sellers. He also hosts the e-commerce marketing podcast, Cart Overflow, where he shares what the best brand operators, agencies, and tech platforms are doing to grow their e-commerce revenue. In this episode, Gen emphasizes three quiz benefits of e-commerce quizzes: They reduce customer acquisition cost The end of third-party cookies and increase in data protection Personalization attracts customers By the end of this episode, you will learn how to leverage quizzes in your direct-to-consumer business, whether or not a quiz is suitable for your brand, and how to create one. In addition, you will gain priceless insights on how to achieve personalization at scale, why fastest-growing direct-to-consumer brands use quizzes, how to promote them, and tips to increase their opt-in rate. Episode Highlights [01:45] Prehook's founder story [04:04] How to tell if your business needs a quiz [05:32] Three reasons why the fastest-growing direct-to-consumer brands leverage quizzes [05:40] The value of personalization [07:21] How to achieve personalization at scale [10:37] How to set up a quiz [13:07] Ways used to promote quizzes [14:33] Tips to increase the opt-in rate for quizzes [18:49] What is zero-party data? [21:55] Gen's advice for growing e-commerce businesses Quotes "I think the brands that might not benefit much from quizzes might be like a single SKU brand. So product where it's like, alright, you get one product. The decision is easy. It's more focused on can the merchant sell the product or not?" "Once you're able to understand the customer challenges and their goals, you can bridge the gap from where they currently are to where their goals are. And that's where we can fill the gap with a quiz." "Once you're layering on their needs, goals, challenges, all of a sudden, you can play to those more. And it impacts your messaging, what you're sending, when, and how." "So when people ask, like, okay, what should I consider? What should I do in building the quiz? I think the first and most important thing is to define what your goals are. Like what data points are most interesting or helpful to you to improve your segmentation and set your targeting to be more specific?" "What is the exchange of value between the merchant and the visitor? And how can you make it most compelling?" "The quiz is more like an exchange or a conversation to enhance or improve the opt-in." Connect with Gen Furukawa Gen Furukawa's Company Website Gen Furukawa's LinkedIn Email: gen@prehook.com. | Try Prehook free for 14 + 30 days if you mention Maureen in your email Download Prehook on App Store or Shopify Gen Furukawa's Podcast: Cart Overflow Find out more! Training: Uncap Your Growth & Bring in More Product Sales without Changing Your Branding or Packaging Work With Us: Apply to Our Apprenticeship Program: Product Profit Lab Connect with Maureen on Instagram: Maureenmwangiofficial Join our incredible community - Product Entrepreneurs Who Scale Subscribe and rate our podcast on iTunes here. Android users can subscribe and rate our podcast on Spotify. Subscribe and rate our podcast on iTunes here.
The US-EU Trans-Atlantic Data Privacy Framework, announced in March of this year, is a new agreement governing trans-Atlantic data flows between the United States (US) and the European Union (EU) – specifically data flows from EU countries to the U.S. that contain personal information of EU residents. The new framework is intended to replace the previous Privacy Shield Framework, which the EU Court of Justice found did not provide adequate protection of privacy, as required by the General Data Protection Regulation and other law.In this podcast, experts discuss whether the new Trans-Atlantic Data Privacy Framework effectively addresses the concerns of the EU Court of Justice providing for a solid legal basis for future Trans-Atlantic data transfers.Featuring:Stewart Baker, Partner, Steptoe & Johnson LLPTheodore Christakis, Professor of International and European Law, University Grenoble AlpesPeter Swire, Elizabeth and Tommy Holder Chair, Scheller College of Business, Georgia Institute of Technology[Moderator] Paul Rosenzweig, Professorial Lecturer in Law, The George Washington UniversityVisit our website – www.RegProject.org – to learn more, view all of our content, and connect with us on social media.
In this episode, Steve will explain how to share access with your team as affordably and safely as possible, how to avoid the risks of using software like LastPass, and how to ensure you stay within the General Data Protection Regulation as you do so. KEY TAKEAWAYS LastPass is software that allows you to share access with multiple people without sharing a password over the internet, and they also help you organise your access sharing. With multiple software access requirements for one task, apps like LastPass allow you to share access with multiple apps to multiple people grouped into teams. Once added to a team, that staff member has instant access to all the password-protected resources needed to complete their job. Remember that the ‘view password' reveal function on most login forms allows your staff to see the actual password despite the software circumvention. You still have to change passwords when people leave your groupings. There are cases where LastPass is not a good idea. High data sensitivity is one as GDPR, depending on your operating country, requires you to have traceability in case of any data breaches. If you combine it with a VPN which will make your team appear in the exact access location as you are, you will only have to purchase one license using LastPass for each app or software that you use. For anything with sensitive data, you can add individual users. Business grade apps have a number of users you can add with different access levels. You have to pay for some, so bear this in mind and never share your access to super user accounts. BEST MOMENTS ‘This is really good for you if you are just getting started with a team, or you're still using things like post-it notes to share passwords with your team, or if you are emailing or texting a password openly over the internet, and obviously there are security concerns about that.' ‘It minimises the number of user licenses you need to buy for some of your apps.' ‘LastPass is great for things where you want your staff to log in as you. You actually want to give them access to your user account, so the main account.' ‘Anything generic that doesn't give the person access to do anything really bad, that's the kind of things we share via LastPass.' VALUABLE RESOURCES Facebook: Facebook.com/SystemsAndOutsourcing/ Website:www.SystemizeYourSuccess.comLinkedIn:LinkedIn.com/SystemsAndOutsourcing/YouTube: YouTube.com/DrSteveDay ABOUT THE HOST Steve used to be a slave to his business, but when he moved to Sweden in 2015, he was forced to change how he worked. He switched to running his businesses remotely, and after totally nailing this concept, he decided to spend his time helping other small business owners do the same. Steve's been investing in property since 2002, has a degree in Computing, and worked as a doctor in the NHS before quitting to focus full-time on sharing his systems and outsourcing Methodology with the world. He now lives in Sweden and runs his UK-based businesses remotely with the help of his team of Filipino and UK-based Virtual Assistants. Most business owners are overwhelmed because they don't know how to create systems or get the right help. Our systems and outsourcing Courses and coaching programme will help you automate your business and work effectively with affordable virtual assistants. That way, you will stop feeling overwhelmed and start making more money.See omnystudio.com/listener for privacy information.
As Congress barrels toward an election that could see at least one house change hands, efforts to squeeze big bills into law are mounting. The one with the best chance (and better than I expected) would drop $52 billion in cash and a boatload of tax breaks on the semiconductor industry. Michael Ellis points out that this is industrial policy without apology, and a throwback to the 1980s, when the government organized SEMATECH, a name derived from “Semiconductor Manufacturing Technology” to shore up U.S. chipmaking. Thanks to a bipartisan consensus on the need to fight a Chinese challenge, and a trimming of provisions that tried to hitch a ride on the bill, there now looks to be a clear path to enactment for this bill. And if there were doubt about how serious the Chinese challenge in chips will be, an under-covered story revealed that China's chipmaking champion, SMIC, has been making 7-nanometer chips for months without an announcement. That's a diameter that Intel and GlobalFoundries, the main U.S. producers, have yet to reach in commercial production. The national security implications are plain. If commercial products from China are cheap enough to sweep the market, even security-minded agencies will be forced to buy them, as it turns out the FBI and Department of Homeland Security have both been doing with Chinese drones. Nick Weaver points to his Lawfare piece showing just how cheaply the United States (and Ukraine) could be making drones. Responding to the growing political concern about Chinese products, TikTok's owner ByteDance, has increased its U.S. lobbying spending to more than $8 million a year, Christina Ayiotis tells us—about what Google spends on lobbying. In the same vein, Nick and Michael question why the government hasn't come up with the extra $3 billion to fund “rip and replace” for Chinese telecom gear. That effort will certainly get a boost from reports that Chinese telecom sales were offered on especially favorable terms to carriers who service America's nuclear missile locations. I offer an answer: The Obama administration actually paid these same rural carriers to install Chinese equipment as part of the 2009 stimulus law. I cannot help thinking that the rural carriers ought to bear some of the cost of their imprudent investments and not ask U.S. taxpayers to pay them both for installing and ripping out the same gear. In news not tied to China, Nick tells us about the House Energy and Commerce Committee's serious progress on a compromise federal data privacy bill. It is still a doomed bill, given resistance from Dems and GOP in the Senate. I argue that that's a good thing, given the effort to impose “disparate impact” quotas for race, color, religion, national origin, sex, and disability on every algorithm that processes even a little personal data. This is a transformative social engineering project that just one section (208) of the “privacy” bill will impose without any serious debate. Christina grades Russian information warfare based on its latest exploit: hacking a Ukrainian radio broadcaster to spread fake news about Ukrainian President Volodymyr Zelenskyy's health. As a hack, it gets a passing grade, but as a believable bit of information warfare, it is a bust. Tina, Michael and I evaluate YouTube's new policy on removing “misinformation” related to abortion, and the risk that this policy, like so many Silicon Valley speech suppression schemes, will start out sounding plausible and end in political correctness. Nick and I celebrate the Department of Justice's increasing success in sometimes seizing cryptocurrency from hackers and ransomware gangs. It may just be Darwin at work, but it's nice to see. Nick offers the recommended long read of the week—Brian Krebs's takedown of the VPN malware supplier, 911. And in updates and quick hits: That Twitter worker arrested for spying on behalf of Saudi Arabia is going to trial. the United Kingdom's Government Communications Headquarters's cryptoskeptics have returned to ask how we can square end-to-end encryption with child safety. I think the answer is “Not well.” The General Data Protection Regulation has consequences: Turns out that schoolkids in Denmark won't be able to use Chromebooks or Google Workspace. And Nick takes a moment to dunk on the Three Arrows founders, whose cryptocurrency company went under in the bust and who are now giving interviews from an undisclosed location. *An obscure Rhode Island tribute to the Industrial Trust Building that was known to a generation of children as the ‘Dusty Old Trust” building until a new generation christened it the “Superman Building.”
As Congress barrels toward an election that could see at least one house change hands, efforts to squeeze big bills into law are mounting. The one with the best chance (and better than I expected) would drop $52 billion in cash and a boatload of tax breaks on the semiconductor industry. Michael Ellis points out that this is industrial policy without apology, and a throwback to the 1980s, when the government organized SEMATECH, a name derived from “Semiconductor Manufacturing Technology” to shore up U.S. chipmaking. Thanks to a bipartisan consensus on the need to fight a Chinese challenge, and a trimming of provisions that tried to hitch a ride on the bill, there now looks to be a clear path to enactment for this bill. And if there were doubt about how serious the Chinese challenge in chips will be, an under-covered story revealed that China's chipmaking champion, SMIC, has been making 7-nanometer chips for months without an announcement. That's a diameter that Intel and GlobalFoundries, the main U.S. producers, have yet to reach in commercial production. The national security implications are plain. If commercial products from China are cheap enough to sweep the market, even security-minded agencies will be forced to buy them, as it turns out the FBI and Department of Homeland Security have both been doing with Chinese drones. Nick Weaver points to his Lawfare piece showing just how cheaply the United States (and Ukraine) could be making drones. Responding to the growing political concern about Chinese products, TikTok's owner ByteDance, has increased its U.S. lobbying spending to more than $8 million a year, Christina Ayiotis tells us—about what Google spends on lobbying. In the same vein, Nick and Michael question why the government hasn't come up with the extra $3 billion to fund “rip and replace” for Chinese telecom gear. That effort will certainly get a boost from reports that Chinese telecom sales were offered on especially favorable terms to carriers who service America's nuclear missile locations. I offer an answer: The Obama administration actually paid these same rural carriers to install Chinese equipment as part of the 2009 stimulus law. I cannot help thinking that the rural carriers ought to bear some of the cost of their imprudent investments and not ask U.S. taxpayers to pay them both for installing and ripping out the same gear. In news not tied to China, Nick tells us about the House Energy and Commerce Committee's serious progress on a compromise federal data privacy bill. It is still a doomed bill, given resistance from Dems and GOP in the Senate. I argue that that's a good thing, given the effort to impose “disparate impact” quotas for race, color, religion, national origin, sex, and disability on every algorithm that processes even a little personal data. This is a transformative social engineering project that just one section (208) of the “privacy” bill will impose without any serious debate. Christina grades Russian information warfare based on its latest exploit: hacking a Ukrainian radio broadcaster to spread fake news about Ukrainian President Volodymyr Zelenskyy's health. As a hack, it gets a passing grade, but as a believable bit of information warfare, it is a bust. Tina, Michael and I evaluate YouTube's new policy on removing “misinformation” related to abortion, and the risk that this policy, like so many Silicon Valley speech suppression schemes, will start out sounding plausible and end in political correctness. Nick and I celebrate the Department of Justice's increasing success in sometimes seizing cryptocurrency from hackers and ransomware gangs. It may just be Darwin at work, but it's nice to see. Nick offers the recommended long read of the week—Brian Krebs's takedown of the VPN malware supplier, 911. And in updates and quick hits: That Twitter worker arrested for spying on behalf of Saudi Arabia is going to trial. the United Kingdom's Government Communications Headquarters's cryptoskeptics have returned to ask how we can square end-to-end encryption with child safety. I think the answer is “Not well.” The General Data Protection Regulation has consequences: Turns out that schoolkids in Denmark won't be able to use Chromebooks or Google Workspace. And Nick takes a moment to dunk on the Three Arrows founders, whose cryptocurrency company went under in the bust and who are now giving interviews from an undisclosed location. *An obscure Rhode Island tribute to the Industrial Trust Building that was known to a generation of children as the ‘Dusty Old Trust” building until a new generation christened it the “Superman Building.”
In this episode of Get It In Writing, Corinne Boudreau talks about the Canadian anti-spam rules (Canada's Anti-Spam Legislation) that apply to sending emails and other electronic messages as well as the EU rules (General Data Protection Regulation). Specifically, Corinne addresses: When CASL and GDPR rules apply to your email and electronic messages. What the three basic requirements are under CASL. How you can use the "implied consent" and "excluded messages" rules under CASL to boost your email list. If Entrepreneurship is a Journey, How Legally Prepared are you for the Trip? Take the Quiz - https://www.onlinelegalessentials.ca/entrepreneurship-journey-quiz Listen to Get It In Writing on Apple, Spotify or wherever you catch your favorite podcasts! For more please visit OnlineLegalEssentials.ca and connect with Corinne on Instagram at www.instagram.com/legalguidecorinne/ Get It In Writing is produced by Story Studio Network.
Since its founding eight years ago, Permutive has bet on privacy being a key consideration in the future of ad tech. Permutive CEO Joe Root delves into what privacy-conscious advertising looks like – and if it's possible. Highlights: The GDPR was a harbinger. Most U.S. companies didn't understand how far-reaching the General Data Protection Regulation would be to them. The landmark move to rein in the collection and use of user data without consent is not without its critics, but it set in motion a focus on privacy that led to Apple's move to crack down on data collection and the ultimate end of the third-party cookie. U.S. dominance in digital markets is ending. The tech industry has been mostly an American creation, dominated by U.S. platforms and largely operating along the extreme free market proclivities that are a hallmark of American capitalism. But Europe remains a regulatory superpower, and it is determined to use those powers to shape digital markets. Consent – real consent – is inevitable. Clicking out of endless cookie consent pop-ups is a wonder of traveling in Europe, on par with being able to take a train to the airport. The GDPR led to these consent requests as ad tech's response to the regulation, giving the appearance of consent but not really. That's going to change. Context is having a moment. The original targeting signal for advertising was context. Someone reading Field & Stream is likely into the outdoors if you're selling fly-fishing gear. Digital advertising shifted to taking all kinds of signals in order to target ads to individuals. With the collection and application of other signals growing more difficult and expensive, the pendulum is shifting back to contextual signals. Big publishers stand to benefit. The new era of digital advertising will have winners and losers, with many still to be determined. One divide that will likely open is between the biggest publishers that have enough user data of their own to be compelling to advertisers who can't simply rely on the cookie targeting and the long tail of sites that will likely find competing for ad dollars far more difficult.
Privacy is one of the fundamental issues in tech policy. And yet, in the United States progress on this issue has been elusive at the federal level, even as Europe has forged ahead with its General Data Protection Regulation or (GDPR) and now the Digital Markets Act, which will reinforce the privacy protections afforded EU citizens under GPDR with new provisions. And yet there are bills before Congress that could change things in the U.S.- such as the Banning Surveillance Advertising Act, which was introduced earlier this year by Democrats. At the time, Senator Corey Booker, a Democrat from New Jersey, said that “The hoarding of people's personal data not only abuses privacy, but also drives the spread of misinformation, domestic extremism, racial division, and violence.” To talk more about the history of how we ended up with an internet bought and paid for by surveillance advertising and what might drive reform, I spoke to two experts in the field, Dr. Nathalie Maréchal & Dr. Matthew Crain.
The way to ensure the most secure cyber future is to stay ahead of tomorrow's threats, no matter what the current laws and regulations dictate. Tech moves faster than the law – and hackers work faster than both. That's why Jody R. Westby, CEO of Global Cyber Risk LLC, and Katryna Dow, founder and CEO of personal data platform Meeco, urge businesses to be smart and proactive when crafting their cybersecurity protections. Listen as they talk about how businesses can protect themselves and their customers, the critical areas of businesses to safeguard ahead of time, using security as a competitive advantage, and much more. Key Takeaways: [2:20] Katryna wanted an equitable data ecosystem where everyday people would have a bit more control over how their data would be used, and who would have access to it. She started Meeco, or the me-ecosystem-as a way to build an infrastructure of personal data ecosystems. [5:50] Jody realized we needed strong cybersecurity protections put in place so that critical infrastructure data couldn't be used against us. [6:24] Technology has been moving faster than the laws, and Silicon Valley and tech companies have embraced the mantra to beg for forgiveness rather than ask for permission. [7:04] The absence of clear and uniform legislation around cybersecurity and data protection has some pressing implications. First, businesses need to come up with their own ways to protect themselves and their customers. [10:07] What is a self-sovereign identity or SSI? Katryna talks about the move to SSI's profound impact on the security and efficiency of power tech's operations. [12:22] Jody says we will start seeing exclusions for paying ransomware for what they think are nation-state-sponsored attacks, and that will leave companies a lot more vulnerable. However, we have to pay attention to the three most important areas that also are the lowest scoring areas in any risk assessment: asset management, incident response, and business continuity. [14:02] The GDPR or General Data Protection Regulation is the EU data privacy and security law. [20:15] Some companies are listening to what customers really want, and it's making a big impact. For example, when Apple let iPhone users say yes or no to being tracked, Facebook had the largest drop in shareholder stock value in one day. [23:52] Operations leaders should not wait for the worst-case scenario to happen before they start protecting their companies and customers from potential harm. Quotes: "We are in a whole new ballgame right now, and companies are really at risk. We're not prepared.” - Jody [0:40] “In a data-driven world, there's a lot of data that's been collected about me that could actually be enhanced by data from me.” - [5:03] Katryna “The bottom line is when they realize that they've got their stock price and the viability of the company on the line, they'll get more attention to this topic. And that's what we need because companies do not have robust full cybersecurity programs.” - Jody [12:22] “Do you want to be helping customers have better digital experiences? Or do you want to wait until you're forced to do that?” - [20:50] Katryna “Let's not wait for the worst-case scenario to happen before we start protecting ourselves, our companies and our customers from potential harm. Whether it comes through satellites, a third-party supplier, or your own organization, these threats exist, and with more points of entry to our systems than ever before, they're clearly multiplying. [24:35] - Francis “With disruption being the new normal in OPS, the time to up your cybersecurity game is now because the choice going forward is clear. You can either stay put and pay the price…or you can evolve.” [25:16] - Francis Continue on your journey: pega.com/podcast Mentioned: Jody Westby Meeco
Europe's General Data Protection Regulation (GDPR) was created to protect the personal data of individuals and to simplify the regulatory environment for data protection in Europe. As a regulatory scheme that has served as a model for other jurisdictions developing their own data protection and data privacy laws, is the GDPR living up to its intended purposes? Adam Penman of McGuireWoods London joins Kayla Odom and Matthew Hall to reflect on the GDPR's impact on organizations and to discuss the trends relating to the rights afforded to individuals by the GDPR. Listen in for a look at the key developments in the data protection and data privacy landscape upon the GDPR's fourth anniversary. Related Links: #33 Can I Just Disappear? The Privacy Right to Be Forgotten. #89 What's the Deal with Data Portability? Understanding the Competition and Privacy Aspects Surrounding the Movement of Data. Hosted by: Kayla Odom, Freitas & Weinberg LLP and and Matthew Hall, McGuireWoods
A lack of a unifying federal privacy law in the U.S. like the European Union's General Data Protection Regulation (GDPR), and a growing patchwork of state regulations to keep track of, can make it tricky for your business to maintain compliance. This is exactly why we have today's guest here to help us navigate the difficult eco-system of state privacy laws. Donata Stroink-Skillrud is the President of Termageddon and the engineer behind Termageddon's policy questions and text. She is a licensed attorney and a certified information privacy professional. She often volunteers at the Illinois State Bar Association holding courses on the General Data Protection Regulation where she teaches other attorneys on the importance of privacy and what Privacy Policies should contain. Trusting Companies With Your Data Privacy and protecting your personal data has probably shown up on your radar a lot lately because of the number of merchants that have reported data breaches. Target had a huge data breach of 40 million customers back in 2013. When an event of this scale happens, you realize we can't depend on others to protect our data. It was her experience with having her own data compromised in that breach that led Donata to pursue a career in privacy law and policy. Consumers Pay the Price When there is a data breach, consumers are the ones who pay the price. Between monitoring your credit report to make sure no unauthorized lines of credit have been opened, to closing credit accounts or getting new credit cards reissued, there is a great deal of time and effort needed to mitigate the impact of the data breach. This all comes at the expense of the consumer, who has to invest their time in making all the right moves to protect themselves. The High Price on Non-Compliance for Businesses It can be costly for companies when they don't comply with privacy laws. Depending on the state, there can be huge penalties and fines at stake. However, there is also an enormous cost involved in compliance. Having a privacy policy on your website is just the first step in compliance. Each state has their own privacy laws, so understanding those laws and making sure you comply, for many businesses, requires a full time Compliance Officer. Automating Privacy Policies At one point in her career, Donata ended up being the person that fielded all of the business privacy compliance questions, and she found that meeting the compliance standards for each state was rather repetitive. This led to the quest for automating this repetitive process of asking the same questions and gathering the same data, and with that automation process, Termageddon was born. Business After GDPR Businesses were thrown another “privacy curveball” in 2014 when the EU passed GDPR. Today, companies don't just have to worry about privacy laws in the U.S., they now have to worry about international privacy laws. GDPR standardized the privacy laws for all the EU countries. The US has not taken that step yet, so business owners and the public must grapple with a bevy of very complex privacy laws in each state. Consenting to Privacy Policies From the consumer standpoint, it's very difficult because these state privacy laws require all these disclosures, making privacy policies really long, really difficult to read. There's a lot of information there. It's very hard for consumers to understand which privacy rights apply to whom. The privacy laws also don't explain the gray areas like how they define a resident, and when a person officially becomes a resident of a state. Pitfalls of the Patchwork Different state laws have different definitions of what it means to sell data. But some companies are saying, we don't really sell your data, but according to California's law, we do. This makes it confusing for both businesses and consumers to understand what their privacy rights and obligations are. Links: Termageddon IAPP Committee ABA Committees Donata on LinkedIn