Category Archives: Privacy Abbreviated

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between. 

Privacy professionals are faced with what seems like a never ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor. 

In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.


Consumer Privacy in Telehealth: An Interview with the ATA

In this episode of Priv, host Dona Fraser is joined by American Telehealth Association (ATA) Senior Vice President of Public Policy, Kyle Zebley to check up on consumer health data privacy in the telehealth industry.

From HIPAA to the pandemic to Dobbs to a hodge-podge of new state-level privacy laws, Dona and Kyle discuss the ways companies are navigating this complex terrain, how the world of telehealth has drastically changed, the role of AI in today’s telehealth privacy picture, and what this picture may look like in the future. 

Some key takeaways from this episode are:

  • (6:41) The COVID-19 pandemic has accelerated the adoption of telehealth, allowing patients to access care remotely and overcoming barriers such as geographic limitations and workforce shortages.
  • (10:33) Data privacy is a significant concern in telehealth, and organizations like the ATA are working to develop principles and advocate for consistent policies to protect patient information.
  • (17:25) The regulatory landscape for telehealth is complex, with federal and state laws impacting the delivery of care and the collection and use of health data. Consistency and clarity in regulations are essential to ensure compliance and enable innovation.
  • (25:36) AI has the potential to revolutionize healthcare by improving efficiency, personalizing care, and addressing workforce shortages. However, it is crucial to have accountability, oversight, and guardrails in place to mitigate bias and protect patient rights.
  • (33:03) The future of telehealth and data privacy will depend on ongoing federal conversations, legislative actions, and regulatory decisions. Stakeholders must work together to ensure that telehealth continues to expand and provide accessible and high-quality care.


Another key item to note is the Digital Health Privacy Program (DHPP). DHPP is crucial in the telehealth industry as it establishes protocols to protect the privacy of consumer health data, ensuring trust and confidentiality in remote healthcare interactions. By safeguarding sensitive information, DHPP fosters patient confidence in utilizing telehealth services, driving widespread adoption and improving healthcare accessibility. Learn more about DHPP by following the link below.

Resources mentioned in this episode:

The COPPA Rule: Proposed Changes, the Impact, & the Magic 8-Ball

In December 2023, the Federal Trade Commission (FTC) proposed changes to the Children’s Online Privacy Protection Act (COPPA) Rule, including some that would place more responsibility on providers and platforms to ensure digital privacy and safety for children. 

In this episode of Priv, our host Dona Fraser is joined by SIIA Vice President, Education & Children’s Policy, Sara Kloek, and Children’s Advertising Review Unit (CARU) Director, Rukiya Bonner, to discuss how we got here, what the proposed changes mean, the potential impacts of these changes for businesses and Safe Harbors, as well as some predictions on the road ahead.

The conversation delves into the proposed changes to the COPPA Rule and their ramifications on the industry. Explored within are the origins of COPPA, recent regulatory actions and reviews, the importance of data security and compliance, emerging methods for obtaining parental consent, the significance of COPPA Safe Harbors, transparency obligations, the delineation of a child, challenges related to content and access, the impact of avatars on personal data, COPPA’s application in educational settings, and key revisions in the COPPA Rule. 

Some Key Takeaways from today’s episode:

  1. (2:10) Companies and the COPPA Rule Changes: With proposed changes to the COPPA Rule looming, companies must prioritize a proactive approach towards data security and compliance. Reviewing these alterations is crucial as it directly impacts how businesses handle children’s data. By staying ahead of the curve, companies can implement necessary measures to safeguard user information and ensure adherence to regulatory standards, fostering trust among consumers and mitigating potential legal risks.
  2. (11:57) COPPA Safe Harbors and Privacy Commitment: COPPA Safe Harbors serve as invaluable tools for companies aiming to showcase their dedication to safeguarding children’s privacy. By adhering to these guidelines, businesses not only enhance their reputation but also contribute to a safer online environment for young users. Embracing COPPA Safe Harbors demonstrates a commitment to ethical data practices, ultimately fostering long-term trust and loyalty among consumers.
  3. (20:56) Complexity of Child Definition and Age Thresholds: Discussions surrounding the definition of a child and age thresholds are multifaceted and necessitate careful consideration. The evolving digital landscape and varying developmental stages of children further complicate this matter. As such, ongoing dialogues are essential to ensure that regulatory frameworks accurately reflect the needs and vulnerabilities of young users, striking a delicate balance between protection and accessibility.
  4. (28:49) Enhancing User Experience and COPPA Compliance: Transparent notice and consent processes, coupled with innovative approaches to privacy policies, play a pivotal role in enhancing both user experience and compliance with COPPA regulations. By prioritizing clear communication and user-friendly interfaces, companies can empower users to make informed decisions regarding their data while simultaneously meeting regulatory requirements. Creative strategies in this realm not only promote compliance but also foster positive user engagement and brand loyalty.
  5. (41:40) Adapting to Uncertain Timelines and COPPA Rule Changes: While the timeline for the final COPPA Rule remains uncertain, companies must remain vigilant and adaptable in the face of potential changes. Staying informed about developments in regulatory landscapes is paramount, allowing businesses to swiftly adjust their practices and policies as needed. By prioritizing flexibility and preparedness, companies can navigate regulatory shifts with confidence, ensuring continued compliance and consumer trust.


Visit to Learn More: NAD FAQs

Contact Information:
Listen to the full episode here.

Privacy For Start-Ups

There are tens of thousands of entrepreneurs in the United States. When getting their business off the ground, often growth, not necessarily privacy, is the primary focus, especially in the technology sector where data is often central to the business. 

In this episode of Priv, our hosts are joined by the Tech Diplomacy Network’s Katharina Koerner and Santa Clara University’s Professor Linsey Krolik to discuss the questions entrepreneurs face when getting their business started, how to ensure privacy is part of any pivots or growth plans, and best practices for navigating the data wants vs the must haves. 

For more information about this episode, read the show notes here

The Government Purchase of Private Data

As a consumer uses their cell phone or mobile device throughout the day, location data, preference, search, and other seemingly private data is collected by app companies and sold to third-party data brokers. Certain of those third-party data brokers may sell that data to government entities, including law enforcement. 

In this episode of Privacy Abbreviated, professor Matthew Tokson joins our hosts to discuss how this collection and sale of private data may help government agencies circumvent certain legal requirements, such as when location data can’t be acquired without a warrant, and the implications of this circumvention. 

For more information about this episode, read the show notes here

Online Casinos haben in Deutschland eine stetig wachsende Beliebtheit erlangt und bieten eine vielfältige Palette von Glücksspieloptionen für Spieler. Diese Plattformen ermöglichen es den Nutzern, bequem von zu Hause aus auf eine breite Auswahl an Casinospielen zuzugreifen, darunter Slots, Roulette, Blackjack und mehr.

Ein entscheidender Faktor für die Popularität von Online Casinos in Deutschland ist die Bequemlichkeit des Zugangs. Spieler können ihre Lieblingsspiele jederzeit und überall spielen, ohne physisch ein Casino besuchen zu müssen. Die Verfügbarkeit von mobilen Apps macht das Erlebnis noch zugänglicher und ermöglicht es den Spielern, auch unterwegs zu spielen.

Die meisten Online Casinos Deutschland auf Pizza-da-Alex bieten attraktive Willkommensboni und laufende Promotionen, um neue Spieler anzulocken und die Treue der bestehenden Kunden zu belohnen. Diese Boni können Freispiele, Einzahlungsboni oder andere aufregende Angebote umfassen.

Die Sicherheit und Seriosität der Online Casinos sind von großer Bedeutung. Lizenzierte und regulierte Plattformen gewährleisten faire Spiele und sichere Transaktionen. Spieler sollten darauf achten, dass das von ihnen gewählte Online Casino über eine gültige Lizenz verfügt und verantwortungsbewusstes Spielen fördert.

Insgesamt bieten Online Casinos in Deutschland eine moderne und unterhaltsame Möglichkeit, Glücksspiele zu genießen. Die ständige Weiterentwicklung der Technologie und die zunehmende Vielfalt der Spiele tragen dazu bei, dass diese Plattformen eine bedeutende Rolle im deutschen Glücksspielsektor spielen.