Category Archives: Privacy Abbreviated

Privacy Year In Review: Laws, the Impact, and the Elephant in the Room

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 43:52 — 60.5MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

For the season finale of Privacy Abbreviated, host Dona Fraser is joined by her friend Morgan Reed, President of The App Association to discuss a year in review of privacy. Dona and Morgan discuss it all, from major developments in regulatory and enforcement actions, the need for comprehensive U.S. privacy and understanding of global privacy laws, to children’s privacy and the 50-foot elephant in the room, AI. 

On each topic, Dona and Morgan focus on what the current state means for business, provide some practical advice, and outline where they see the privacy world evolving on the road ahead. 

Donna and Morgan discuss the evolving landscape of privacy regulations, focusing on the challenges faced by small and medium-sized businesses. They explore the implications of federal and state privacy laws, the impact of AI on data privacy, and the need for comprehensive reform to protect consumer expectations while supporting business growth. 

 

Key Takeaways:

  • Small businesses don’t want to be small forever, but they also don’t have the bandwidth and resources to scale AND comply.
  • The lack of a unified federal privacy law complicates compliance.
  • AI is a significant factor in shaping future privacy legislation.
  • State laws create a complex patchwork for businesses to navigate.
  • Consumer expectations must guide data practices.
  • Businesses need to understand their data-sharing practices.
  • Clear guidance on privacy laws is essential for compliance.

Chapters:

00:00 Introduction to Privacy Trends
03:06 Challenges for Small and Medium-Sized Businesses
05:57 Federal Privacy Legislation: Current Landscape
08:51 The Impact of AI on Privacy Regulations
12:14 State Privacy Laws and Their Implications
15:00 The Role of AI in Data Privacy
18:05 Navigating Privacy in a Complex Regulatory Environment
20:57 The Future of Privacy Legislation
24:12 Concluding Thoughts on Privacy and Business

Additional Resources:

Enjoyed this episode? Get caught up on past seasons of Privacy Abbreviated and subscribe to never miss an episode. Learn more about BBB National Programs’ Privacy Initiatives.

Making Sense of AI Governance

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 39:36 — 54.4MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

On this episode of Priv, Miles Light, BBB National Programs’ Senior Counsel for Youth, Privacy, & Technology steps into the role of host for this conversation, joined by Brenda Leong, a partner at Luminos.Law to discuss the responsibilities and requirements of artificial intelligence (AI), in privacy and beyond. 

AI technology does not only affect the privacy vertical – it is a cross functional challenge. Miles and Brenda discuss AI governance and policies, laws and regulations, and operational considerations within a company, including the role of humans in a world of algorithms and machine learning. 

They discuss the importance of understanding the unique requirements and responsibilities of AI, the need for cross-functional communication and collaboration, and the key themes of accountability, fairness, and transparency in AI regulation. They also explore the role of governance policies and contracts in managing AI risks and the potential for renegotiating contracts to address the expectations and liabilities associated with AI.

Key takeaways:

  • [2:07] AI deployment presents unique legal challenges and compliance headaches that require careful consideration and management.
  • [05:18] Understanding the requirements and responsibilities of AI is essential for both privacy professionals and AI professionals.
  • [09:02] Cross-functional communication and collaboration are crucial for effectively addressing AI risks and ensuring responsible AI governance.
  • [13:20] The key themes of accountability, fairness, and transparency are central to AI regulation and risk management.
  • [20:24] Governance policies and contracts play a critical role in managing AI risks and establishing liability and expectations.

Likely to be Accessed: Do You Know Who Your Users Are?

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 35:33 — 49.1MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Priv, where our host Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, is joined by Phyllis Marcus of Hunton Andrews Kurth to discuss the broad operational, financial, and logistical impacts and challenges of trying to protect both children and teens online under the same laws and regulations. 

Marcus and Fraser explain the current regulatory landscape and unpack the evolution of children’s privacy laws, including COPPA. They discuss the increasing number of legislative proposals at both the state and federal level and explore challenges businesses face today related to verifiable parental consent, examine proposed technological solutions like biometrics, and discuss the responsibility of third-party operators. 

The conversation includes a look at age-appropriate design codes and the shifting responsibility from parents to the entire ecosystem, as well as, third-party liability and the role platforms play in protecting children’s privacy. The conversation concludes with a discussion on the potential future of children’s privacy laws.

Additional Resources:

Key Takeaways:

  • (02:41) Children’s Privacy Landscape – Children’s privacy laws, such as COPPA, have evolved over time to address the challenges posed by new technologies and online platforms.
  • (06:30) Shifting Responsibility – The responsibility for protecting children’s privacy is shifting from parents to the entire ecosystem, including platforms and service providers.
  • (13:17) Verifiable Parental Consent – Verifiable parental consent is a key consideration for companies that collect personal information from children, and there are various mechanisms available to obtain consent.
  • (20:30) Third-Party Liability – Third-party liability is an important aspect of children’s privacy laws, holding not just first-party operators but also third parties accountable for compliance.
  • (32:23) Holding Platforms Accountable – The role of platforms in protecting children’s privacy is still evolving, with discussions around consent management and the sharing of age information.
  • (39:39) A Look to the Future – The future of children’s privacy laws is uncertain, with potential updates to COPPA and ongoing debates about the role of federal and state legislation.

Breaking Down AdTech: Cookies and Pixels and SDKs, Oh My!

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 41:14 — 56.7MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Priv, where Dona Fraser is joined by Miles Light, Senior Counsel, Youth Privacy & Technology at BBB National Programs for an adtech block party. Cookies, pixels, and SDKs are all invited.

Appropriate for beginners and privacy pros, this podcast breaks down the most talked about issues in the adtech space, including the impact of the death of the cookie, the focus of regulators on the pixel, lessons learned from recent cases related to software developer kits (SDKs), what all of this looks like for children and teens, and what the legislative and regulatory road ahead looks like.  

Dona and Miles cover three main problems facing the ad tech industry: regulatory pressures, legislative pressures, and litigation. The conversation delves into the tracking technologies used in ad tech, such as cookies, pixels, and SDKs, and the implications of their use. They also explore the state and federal laws that impact ad tech, including the challenges of compliance and the varying approaches taken by different states. The episode concludes with a discussion on ongoing litigation related to ad tech tracking and the importance of auditing websites and cross-functional collaboration.

Key Takeaways:

  • (03:05) The adtech industry faces challenges from regulatory pressures, legislative pressures, and litigation. Regulatory bodies are increasingly scrutinizing the adtech sector to ensure consumer privacy and data protection. Legislative measures, such as GDPR and CCPA, and ongoing lawsuits also contribute to the complexity and risk within the industry.
  • (10:09) Tracking technologies like cookies, pixels, and SDKs are used in adtech to log consumer behavior online. These tools collect data on user interactions and preferences, enabling targeted advertising and personalized user experiences. However, their usage has raised significant privacy concerns and regulatory scrutiny.
  • (13:44) State and federal laws impact adtech, and compliance can be complex and varied. Different regions and jurisdictions have their own data protection laws, making it challenging for ad tech companies to navigate and ensure compliance. This patchwork of regulations requires companies to stay informed and adapt their practices continuously.
  • (27:27) Ongoing litigation related to adtech tracking raises questions about consent and liability. Legal cases often focus on whether consumers have given informed consent for their data to be collected and used. These lawsuits can result in significant penalties and drive changes in industry practices.
  • (38:27) Companies should regularly audit their websites and ensure cross-functional collaboration to address privacy challenges in adtech. Regular audits help identify and mitigate potential privacy risks and ensure compliance with relevant laws. Cross-functional collaboration between legal, IT, and marketing teams is essential to effectively manage these challenges and implement comprehensive privacy strategies.

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

Privacy Abbreviated,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 36:50 — 50.8MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between. 

Privacy professionals are faced with what seems like a never ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor. 

In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.