Category Archives: Privacy Abbreviated

Making Sense of AI Governance



On this episode of Priv, Miles Light, BBB National Programs’ Senior Counsel for Youth, Privacy, & Technology steps into the role of host for this conversation, joined by Brenda Leong, a partner at Luminos.Law to discuss the responsibilities and requirements of artificial intelligence (AI), in privacy and beyond. 

AI technology does not only affect the privacy vertical – it is a cross functional challenge. Miles and Brenda discuss AI governance and policies, laws and regulations, and operational considerations within a company, including the role of humans in a world of algorithms and machine learning. 

They discuss the importance of understanding the unique requirements and responsibilities of AI, the need for cross-functional communication and collaboration, and the key themes of accountability, fairness, and transparency in AI regulation. They also explore the role of governance policies and contracts in managing AI risks and the potential for renegotiating contracts to address the expectations and liabilities associated with AI.

Key takeaways:

  • [2:07] AI deployment presents unique legal challenges and compliance headaches that require careful consideration and management.
  • [05:18] Understanding the requirements and responsibilities of AI is essential for both privacy professionals and AI professionals.
  • [09:02] Cross-functional communication and collaboration are crucial for effectively addressing AI risks and ensuring responsible AI governance.
  • [13:20] The key themes of accountability, fairness, and transparency are central to AI regulation and risk management.
  • [20:24] Governance policies and contracts play a critical role in managing AI risks and establishing liability and expectations.

Likely to be Accessed: Do You Know Who Your Users Are?



Join us for this episode of Priv, where our host Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, is joined by Phyllis Marcus of Hunton Andrews Kurth to discuss the broad operational, financial, and logistical impacts and challenges of trying to protect both children and teens online under the same laws and regulations. 

Marcus and Fraser explain the current regulatory landscape and unpack the evolution of children’s privacy laws, including COPPA. They discuss the increasing number of legislative proposals at both the state and federal level and explore challenges businesses face today related to verifiable parental consent, examine proposed technological solutions like biometrics, and discuss the responsibility of third-party operators. 

The conversation includes a look at age-appropriate design codes and the shifting responsibility from parents to the entire ecosystem, as well as, third-party liability and the role platforms play in protecting children’s privacy. The conversation concludes with a discussion on the potential future of children’s privacy laws.

Additional Resources:

Key Takeaways:

  • (02:41) Children’s Privacy Landscape – Children’s privacy laws, such as COPPA, have evolved over time to address the challenges posed by new technologies and online platforms.
  • (06:30) Shifting Responsibility – The responsibility for protecting children’s privacy is shifting from parents to the entire ecosystem, including platforms and service providers.
  • (13:17) Verifiable Parental Consent – Verifiable parental consent is a key consideration for companies that collect personal information from children, and there are various mechanisms available to obtain consent.
  • (20:30) Third-Party Liability – Third-party liability is an important aspect of children’s privacy laws, holding not just first-party operators but also third parties accountable for compliance.
  • (32:23) Holding Platforms Accountable – The role of platforms in protecting children’s privacy is still evolving, with discussions around consent management and the sharing of age information.
  • (39:39) A Look to the Future – The future of children’s privacy laws is uncertain, with potential updates to COPPA and ongoing debates about the role of federal and state legislation.

Breaking Down AdTech: Cookies and Pixels and SDKs, Oh My!



Join us for this episode of Priv, where Dona Fraser is joined by Miles Light, Senior Counsel, Youth Privacy & Technology at BBB National Programs for an adtech block party. Cookies, pixels, and SDKs are all invited.

Appropriate for beginners and privacy pros, this podcast breaks down the most talked about issues in the adtech space, including the impact of the death of the cookie, the focus of regulators on the pixel, lessons learned from recent cases related to software developer kits (SDKs), what all of this looks like for children and teens, and what the legislative and regulatory road ahead looks like.  

Dona and Miles cover three main problems facing the ad tech industry: regulatory pressures, legislative pressures, and litigation. The conversation delves into the tracking technologies used in ad tech, such as cookies, pixels, and SDKs, and the implications of their use. They also explore the state and federal laws that impact ad tech, including the challenges of compliance and the varying approaches taken by different states. The episode concludes with a discussion on ongoing litigation related to ad tech tracking and the importance of auditing websites and cross-functional collaboration.

Key Takeaways:

  • (03:05) The adtech industry faces challenges from regulatory pressures, legislative pressures, and litigation. Regulatory bodies are increasingly scrutinizing the adtech sector to ensure consumer privacy and data protection. Legislative measures, such as GDPR and CCPA, and ongoing lawsuits also contribute to the complexity and risk within the industry.
  • (10:09) Tracking technologies like cookies, pixels, and SDKs are used in adtech to log consumer behavior online. These tools collect data on user interactions and preferences, enabling targeted advertising and personalized user experiences. However, their usage has raised significant privacy concerns and regulatory scrutiny.
  • (13:44) State and federal laws impact adtech, and compliance can be complex and varied. Different regions and jurisdictions have their own data protection laws, making it challenging for ad tech companies to navigate and ensure compliance. This patchwork of regulations requires companies to stay informed and adapt their practices continuously.
  • (27:27) Ongoing litigation related to adtech tracking raises questions about consent and liability. Legal cases often focus on whether consumers have given informed consent for their data to be collected and used. These lawsuits can result in significant penalties and drive changes in industry practices.
  • (38:27) Companies should regularly audit their websites and ensure cross-functional collaboration to address privacy challenges in adtech. Regular audits help identify and mitigate potential privacy risks and ensure compliance with relevant laws. Cross-functional collaboration between legal, IT, and marketing teams is essential to effectively manage these challenges and implement comprehensive privacy strategies.

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs



On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between. 

Privacy professionals are faced with what seems like a never ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor. 

In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.

 


Consumer Privacy in Telehealth: An Interview with the ATA



In this episode of Priv, host Dona Fraser is joined by American Telehealth Association (ATA) Senior Vice President of Public Policy, Kyle Zebley to check up on consumer health data privacy in the telehealth industry.

From HIPAA to the pandemic to Dobbs to a hodge-podge of new state-level privacy laws, Dona and Kyle discuss the ways companies are navigating this complex terrain, how the world of telehealth has drastically changed, the role of AI in today’s telehealth privacy picture, and what this picture may look like in the future. 

Some key takeaways from this episode are:

  • (6:41) The COVID-19 pandemic has accelerated the adoption of telehealth, allowing patients to access care remotely and overcoming barriers such as geographic limitations and workforce shortages.
  • (10:33) Data privacy is a significant concern in telehealth, and organizations like the ATA are working to develop principles and advocate for consistent policies to protect patient information.
  • (17:25) The regulatory landscape for telehealth is complex, with federal and state laws impacting the delivery of care and the collection and use of health data. Consistency and clarity in regulations are essential to ensure compliance and enable innovation.
  • (25:36) AI has the potential to revolutionize healthcare by improving efficiency, personalizing care, and addressing workforce shortages. However, it is crucial to have accountability, oversight, and guardrails in place to mitigate bias and protect patient rights.
  • (33:03) The future of telehealth and data privacy will depend on ongoing federal conversations, legislative actions, and regulatory decisions. Stakeholders must work together to ensure that telehealth continues to expand and provide accessible and high-quality care.

Another key item to note is the Digital Health Privacy Program (DHPP). DHPP is crucial in the telehealth industry as it establishes protocols to protect the privacy of consumer health data, ensuring trust and confidentiality in remote healthcare interactions. By safeguarding sensitive information, DHPP fosters patient confidence in utilizing telehealth services, driving widespread adoption and improving healthcare accessibility. Learn more about DHPP by following the link below.

Resources mentioned in this episode: