Avsnitt
-
With the proliferation of comprehensive U.S. state privacy laws in recent years, there’s been an understandable focus by privacy professionals on this growing patchwork. But privacy litigation is also on the rise and the plaintiff’s bar has explored some novel theories, particularly around the use of onlin tracking technologies.
Greenberg Traurig Shareholder Darren Abernethy advises clients in the ad tech, data privacy and cybersecurity space and is familiar with these recent litigation trends involving theories related to pen registers, chatbots, session replay, Meta pixels, software development kits and the Video Privacy Protection Act. Here’s what he had to say about these growing litigation trends.
-
For many of us following along with the EU AI Act negotiations, the road to a final agreement took many twists and turns, some unexpected. For Laura Caroli, this long, complicated road has been a lived experience.
As the lead technical negotiator and policy advisor to AI Act co-rapporteur Brando Benefei, Caroli was immersed in high stakes negotiations for the world’s first major AI legislation.
IAPP Editorial Director Jedidiah Bracy spoke with Caroli in a candid conversation about her experience and policy philosophy, including the approach EU policy makers took in crafting the AI Act, the obstacles negotiators faced, and how it fundamentally differs from the EU General Data Protection Regulation.
She addresses criticisms of the act, highlights the AI-specific rights for individuals, discusses the approach to future proofing a law that regulates such a rapidly developing technology, and looks ahead to what a successful AI law will look like in practice.
-
Saknas det avsnitt?
-
In tandem with privacy, cybersecurity law is rapidly evolving to meet the needs of an increasingly digitized and complex economy. To help practitioners keep up with this ever-changing space, the IAPP published the first edition of Cybersecurity Law Fundamentals in 2021. But there have been a lot of developments since then.
Cybersecurity Law Fundamentals author Jim Dempsey, lecturer at UC Berkeley Law School and senior policy advisor at Stanford Cyber Policy Center, brought on a co-author, John Carlin, partner at Paul Weiss and former Assistant Attorney General, to help with the new edition.
IAPP Editorial Director Jedidiah Bracy recently spoke with both Dempsey and Carlin about the latest trends in cybersecurity, including best practices in dealing with ransomware, the significance of the new SEC disclosure rule, cybersecurity provisions in state privacy laws, trends in FTC enforcement, the recent Biden Executive Order on preventing access to bulk sensitive personal data to countries of concern, and much more.
We even hear about the time Carlin briefed the U.S. president on the Sony Pictures hack.
-
For those following the regulation of artificial intelligence, there is no doubt passage of the AI Act in the EU is likely top of mind. But proposed policies, laws and regulatory developments are taking shape in many corners of the world, including in Australia, Brazil, Canada, China, India, Singapore and the U.S.
Not to be left behind, the U.K. held a highly touted AI Safety Summit late last year, producing the Bletchley Declaration, and the government has been quite active in what the IAPP Research and Insights team describes as a “context-based, proportionate approach to regulation.”
In the upper chamber of the U.K. Parliament, Lord Holmes, a member of the influential House of Lords Select Committee on Science and Technology, introduced a private members’ bill late in 2023 that proposes the regulation of AI. The bill also just received a second reading in the House of Lords 22 March.
Lord Holmes spoke of AI’s power at a recent IAPP conference in London. While there, I had the opportunity to catch up with him to learn more about his Artificial Intelligence (Regulation) Bill and what he sees as the right approach to guiding the powers of this burgeoning technology. -
Hard to believe we’re at the twilight of 2023. For those following data protection and privacy developments, each year seems to bring with it a torrent of news and developments. This past year was no different. The EU General Data Protection Regulation turned five, and the Snowden revelations turned 10. From a finalized EU-US Data Privacy Framework, to major enforcement actions on Big Tech companies, to a panoply of new data protection laws in India and at least 7 US states, to the dramatic rise of AI governance, 2023 was as robust as ever.
To help flesh out some of the big takeaways from 2023, IAPP Editorial Director Jedidiah Bracy caught up with IAPP Research & Insights Director Joe Jones, who joined the IAPP at the outset of the year.
-
After a gruelling trilogue process that featured two marathon negotiating sessions, the European Union finally came to a political agreement 8 December on what will be the world’s first comprehensive regulation of artificial intelligence. The EU AI Act will be a risk-based, horizontal regulation with far-reaching provisions for companies and organizations using, designing or deploying AI systems.
Though the so-called trilogue process is a fairly opaque one, where the European Parliament, European Commision and Council of the EU negotiate behind closed doors, journalist Luca Bertuzzi has acted as a window into the process through his persistent reporting for Euractiv.
IAPP Editorial Director Jedidiah Bracy caught up with Bertuzzi to discuss the negotiations and what comes next in the process.
-
Martin Abrams knows a little something about information privacy and consumer policy. Over the course of the last 40-plus years, Abrams has had his hands in a number of initiatives, including as co-founder and president of the Center for Information Policy Leadership and founder of the Information Accountability Foundation. He took part in the development of the APEC Cross Border Privacy Rules and the OECD’s Working Party on Information Security and Privacy. Abram's work on transparency and accountability has been influential on policy makers around the world.
At the latest Global Privacy Assembly in Bermuda, Abrams announced he was retiring from his full-time position at IAF and taking more time to be with his family. IAPP Editorial Director Jedidiah Bracy caught up with Abrams to take a look back at his career, the changes he’s seen in information policy and where he thinks data policy and regulation are heading.
-
The EU AI Act negotiations recently hit a major roadblock after EU Council Member States France and Germany unexpectedly pushed back on the European Parliament's draft position on regulating foundation models. The obstacle was so sudden, it appeared the negotiations were in a stalemate. Though the issue has not yet been fully resolved, the Spanish presidency of the EU Council is reportedly working with Member States to find a position that is workable for the European Parliament.
This comes as the IAPP hosts its sold out Data Protection Congress 2023 in Brussels, Belgium. To be sure, the foundation model issue is not the only sticking point remaining in the trilogue negotiations. There are others.
To get the inside scoop, I had the chance to catch up with EU AI Act co-rapportuer Dragoș Tudorache and Kai Zenner, head of staff for German MEP Axel Voss about the negotiations, the obstacles and whether there will be an agreement before next year's parliamentary elections.
-
As automated systems rapidly develop and embed themselves into modern life, policy makers around the world are taking note and, in some cases, stepping in. Earlier this year, the Biden-Harris administration took an early step by releasing a Blue Print for an AI Bill of Rights. Comprising five main principles, as well as what should be expected of automated systems, while offering a slate of real-world examples of the potential harms and benefits of artificial intelligence, the Blueprint is a must-read for AI governance and privacy professionals working in the space.
Suresh Venkatasubramanian is a Professor of Computer Science and Data Science at Brown University. He also co-authored the Blueprint while serving as Assistant Director for Science and Justice in the White House Office of Technology and Policy.
IAPP Editorial Director Jedidiah Bracy recently caught up with Suresh to learn more about his work on the Blueprint, how it fits into the broader spectrum of existing AI guidelines and frameworks, and what professionals should know about this rights-based document.
-
In June 2013, a series of high-profile U.S. government surveillance disclosures to major media outlets rippled throughout the world and changed the calculus for the privacy profession.
Hard to believe it's now been 10 years since an unknown U.S. government contractor leaked to the world massive amounts of information about top secret U.S. intelligence programs. Within weeks, Edward Snowden became a household, if not, controversial name — not only in the privacy profession — but to consumers and citizens far and wide. A lot has transpired since the summer of Snowden in 2013. The U.S. has altered some of its surveillance laws, and the trans-Atlantic relationship between the U.S. and EU has grown complicated after a series of data transfer agreements were struck down by the EU's highest court. The third such agreement is pending. Though the privacy world is constantly changing, it seems fitting to stop and take stock of this last decade to see how much, if anything, has changed. To help measure the ripple effect, IAPP Editorial Director Jedidiah Bracy chatted with IAPP Senior Research Fellow Muge Fazlioglu and Research and Insights Director Joe Jones to uncover what's changed in the U.S. and abroad, as well as how consumer attitudes have evolved since then. -
We often focus on consumer policy when discussing privacy laws and obligations, but companies must protect their employee data, as well. Navigating complex employee privacy and labor laws in the U.S., for example, can be challenging, and new state laws, like the California Privacy Rights Act, apply more pressure on privacy pros charged with ensuring employee data is protected and handled appropriately.
Littler Mendelson Privacy and Data Security Practice Group Co-Chair Zoe Argento knows the workplace privacy field well and advises clients on a wide range of issues. IAPP Editorial Director Jedidiah Bracy recently caught up with Argento to discuss some of the pressing trends in the workplace privacy space, including CPRA obligations, workplace surveillance and artificial intelligence issues, international data transfers and data security best practices.
-
The prospect of day-to-day life with artificial intelligence is no longer a future endeavor. AI systems comprise countless applications across public and private organizations, and through open-sourced systems, such as ChatGPT, AI is now consumer-facing and usable.
The U.S. National Institute of Standards and Technology was directed by the National Artificial Intelligence Initiative Act of 2020 to create a voluntary resource for organizations designing, developing, deploying or using AI systems to help manage risk and to promote trustworthy and responsible development of AI systems.
As a result, NIST released the AI Risk Management Framework 1.0 along with supplementary documents to help organizations. To learn more about the newly released framework and how organizations should approach it, IAPP Editorial Director Jedidiah Bracy caught up with NIST Research Scientist and Principle Investigator for AI Bias Reva Schwartz.
-
In early February, the U.S. Federal Trade Commission published a proposed order that fines telehealth and discount prescription provider GoodRX $1.5 milllion. Though part of the case involves deception – one of two prongs under the FTC Act – the case also raises the first-of-its-kind use of the Health Breach Notification Rule. To help better understand the novel and complex issues that are embedded in the case, IAPP Editorial Director Jedidiah Bracy caught up with Wilmer Hale Partner Kirk Nahra to discuss some of the takeaways privacy pros in any industry vertical should consider.
-
Without a doubt, 2022 was a packed year for privacy-related news and developments. But according to Goodwin Partner and IAPP Westin Emeritus Senior Fellow Omer Tene, 2023 is set to call and raise the stakes. To be sure, 2023 didn’t hesitate. On Jan. 4, just a few days before we sat down for our interview, the Irish Data Protection Commission levied a massive 390 million euro fine on Meta social networks Facebook and Instagram. Yet, that’s only the tip of the iceberg.
In this episode of The Privacy Advisor Podcast, which was recorded January 10, IAPP Editorial Director Jedidiah Bracy sat down with Tene to discuss what he thinks will be some of the biggest developments in privacy in 2023, including why he believes a federal U.S. privacy law still has a chance in the new U.S. Congress.
-
California has long led the way on many privacy-related laws, going back to at least 2002 when it passed the first data breach notification law in the U.S. More recently, passage of the California Consumer Privacy Act and the California Privacy Rights Act has prompted other states to follow suit.
Baker McKenzie Partner Lothar Determann has long practiced and taught international data privacy law, and beginning in 2013, published the book, “California Privacy Law.” Now in its fifth edition and published by the IAPP for the last three editions, the new edition comes as the CPRA goes into effect, with implementing regulations on the way. IAPP Editorial Director Jedidiah Bracy caught up with Determann to talk about the California’s privacy regime, what companies should be doing to comply, what’s new in the updated book, and what’s on the horizon for federal and state privacy law in the U.S. and beyond.
-
With the rise of data subject rights in privacy law, privacy practitioners are often challenged with operationalizing what can be a complex and risky endeavor. California, through the CCPA and CPRA, has emerged as a leader on this in the United States. Advocacy organization Consumer Reports has not only been working on policy with states like California on data subject rights but also with industry on standardizing consumer data rights. With a number of companies in the privacy tech vendor space, CR is announcing the open standard called the Data Rights Protocol. It’s also in the early stages of acting as an authorized agent on behalf of consumers, with a service its calling Permission Slip.
IAPP Editorial Director Jedidiah Bracy talks with Ginny Fahs, associate director of product R&D for Consumer Reports Digital Lab, and Technology Policy Director Justin Brookman, to learn about their open-sourced protocol and what they’re doing to help both consumers and organizations operationalize data subject rights.
-
Nearly five years after the implementation of the EU General Data Protection Regulation, Europe is immersed in a digital market strategy that is giving rise to a host of new, interconnected regulation. Among this complexity resides the proposed Artificial Intelligence Act. Originally presented by the European Commission April 2021, the AI Act is now in the hands of the Council of the European Union and European Parliament.
If passed, this would be the world’s first comprehensive, horizontal regulation of AI.
On my visit to Brussels for the IAPP Data Protection Congress, I had the opportunity to meet with AI Act Co-rapportuer and Romanian Member of Parliament Dragoș Tudorache in his office.
During our extended conversation, we discussed the risk-framework for the proposal, how the legislation will intersect with existing regulations, like the GDPR, current sticking points with stakeholders and what this means for privacy and data protection professionals.
-
The highly anticipated mid-term elections in the U.S. so far have provided surprising results. Many political pundits expected a “red wave” of Republican candidates to take over both chambers of U.S. Congress. Though control of Congress is still up in the air, Democrats fared better than most expected.
With some of the dust now settled, what do the 2022 midterm results mean for potential passage of the American Data Privacy and Protection Act, both in the lame duck session and the 118th Congress? Will House and Senate committee assignments change? What do the mid-term results mean for enforcement by federal agencies, like the Federal Trade Commission? And how will the results affect state privacy legislation in 2023 and beyond?
To help shed light on these issues, I caught up with R Street Resident Senior Fellow for Cybersecurity and Emerging Threats Brandon Pugh and Public Knowledge Senior Policy Counsel Sara Collins.
-
As we round out 2022, digital technology is further embedding itself into our daily lives. Beyond the smartphone’s ubiquity, wearable sensors proliferate and are found everywhere from the gym to the bedroom. Intimate relationships are formed through dating apps more than ever before. We’re tracked in our cars, in retail establishments and online.
At no time in history has data collection been as prevalent as it is now, and it’s only increasing. But what does that mean for the development of our identities and relationships, particularly for those who are most vulnerable? University of Virginia School of Law Prof. Danielle Citron has long explored these issues, which she’s presented in her new book, “The Fight for Privacy: Protecting Dignity, Identity and Love in the Digital Age.”
I recently caught up with Prof. Citron to discuss her work, and how law – particularly civil rights law – society and privacy pros can all play a role in protecting what makes us human.
-
Since becoming U.K. Information Commissioner, John Edwards has been busy. Officially taking the reigns January 4, Edwards embarked on a listening tour to learn the ins and outs of the U.K. The former New Zealand Privacy Commissioner gave his first major public speech since heading up the ICO at the IAPP Data Protection Intensive in London last month and joined German Federal Commissioner for Data Protection and Freedom of Information Ulrich Kelber for a “commissioner’s chat” at the IAPP Global Privacy Summit in Washington, DC. While there, The Privacy Advisor Podcast host Jedidiah Bracy caught up with Edwards in person to discuss his priorities, how he foresees working with other data protection authorities, his thoughts on transborder data flows and the U.K.’s potential changes to it data protection law, and, most importantly, what he’s currently listening to for music.
- Visa fler