TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | A view from DC: September brainstorms bring April panels Related reading: A view from DC: 'Dear Speaker Pelosi'


There is so much to see in our rearview mirror as we near the exit from this #hotprivacysummer. We saw a bipartisan data privacy bill steaming its way through U.S. Congress, the starting shot of a new Federal Trade Commission rulemaking, a Supreme Court decision that threatened the foundation of intimate privacy rights, not to mention ongoing scrutiny of deidentification methods, biometrics, geolocation and the online advertising ecosystem.

Meanwhile, back at IAPP headquarters, plans are already under way for next year’s Global Privacy Summit in Washington, D.C. In fact, there are only two weeks left to submit your panel proposals for the April conference.

Conferences are how we gather and share knowledge. Springtime may still feel far away, but the time is ripe to reflect on the new questions, challenges and solutions our profession faces. The privacy community is filled with thousands of unique voices that can contribute to our collective understanding of evolving best practices. Proposing a panel is the best way to showcase you are an integral part of this.

To that end, here are my tips for pitching a winning panel proposal. An important caveat: I do not currently review or select IAPP panel proposals, so this is my personal advice as a longtime panel pitcher turned serial moderator.

First, think about your audience. There are two primary audiences for a panel: the selection committee and the actual audience of privacy professionals in the room. What makes the selection committee look twice at your proposal among dozens of others? The starting point is a descriptive but compelling title. Use an active voice to illustrate the heart of your idea, not just the topic. Frame the solution, not just the problem. And my hottest take on titles: A good pun can’t hurt.

Your proposed speakers are also a way to stand out. Focus on putting together a group of people that includes one or two known voices from the community or known organizations with job titles that describe the person’s expertise. Think broadly about diversity, both in terms of speakers’ characteristics — at the very least, try to avoid “manels” — and in terms of speaker roles and types of organizations. Showcase through your proposed speakers that the panel will bring active discussion to the stage.

Finally, think about how you can bring creativity and interactivity to your panel. This resonates with both the selection committee and the audience choosing to sit in your room. Privacy professionals attending the conference will skim your panel description quickly and ask themselves: why am I choosing this topic over others? Is it future-looking? Does it provide insights from voices I wouldn’t otherwise hear? Does it approach a common problem from a new angle — or propose a new solution to an intractable challenge? How will this panel help me do my job? How does this contribute to my understanding of where best practices are headed?

I like how IAPP requests a list of “takeaways” to accompany a panel proposal. Sometimes I work backward, writing the takeaways to help frame my goal for the panel, and then filling out the full description. What do you want people to learn from the panel? What will they tell their boss when they return home?

Once I get to the description, I try to reflect on how policy and operations go hand in hand. Some panels focus more on one than the other, but I often think the strongest panels have a little of both. I ask myself: Have I showcased my panel’s unique expertise or message? Have I demonstrated a practical focus, distilling complex ideas to make them solvable? Or have I shown that this will contribute to the policy conversation? A panel doesn’t have to do all of these things, but the description should showcase that it will do at least one of them well.

Best of luck with panel planning. I hope to see you at Summit!

Here's what else I’m thinking about:

  • The U.S. Federal Trade Commission sued Kochava over its selling of location data about sensitive places tied to unique device IDs. The countersuit was sparked by Kochava’s decision to preemptively sue the FTC after receiving an investigative inquiry from the agency. The FTC’s complaint includes a rare solo claim of unfairness, which appears to be narrowly targeted to the practices the FTC alleges in its complaint. Specifically, Kochava is accused of sharing “precise geolocation data associated with unique persistent identifiers that reveal consumers’ visits to sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at-risk populations, and addiction recovery.”
  • “Privacy in death is a death with more dignity.” In an intimate and emotionally charged New York Times op-ed, Ashley Judd writes about the need for greater privacy protections after death, respecting the dignity of the deceased as well as their surviving family. Judd writes about her family’s concerns that state public access laws will reveal their interviews with law enforcement shortly after her mother’s death at a time when she “gushed answers” to police “questions I would never have answered on any other day and questions about which I never thought to ask my own questions, including: Is your body camera on? Am I being audio recorded again? Where and how will what I am sharing be stored, used and made available to the public?”
  • California’s consumer privacy rules are now certain to apply to employee data after the legislative session closed without the passage of an expected extension to expiring exemptions. As this helpful Polsinelli update explains, by the new year, employers will be expected to comply with new obligations and privacy rights in California, including providing employee privacy notices, responding to data rights requests and entering into contracts with service providers.
  • A new Morrison Foerster report outlines tips for protecting privacy post-Dobbs. The resource includes tips for individuals, clinics and health care providers as well as recommendations for technology companies.
  • Cameron Kerry published a cogent analysis in Lawfare of the potential impacts of the privacy rulemaking process on federal legislation. Kerry includes recommendations for how Congressional action can refocus the efforts of the FTC to establish new guardrails around FTC data.

Under scrutiny:

  • The U.S. Department of Homeland Security is the subject of a new EPIC report recommending policy changes to the agency’s use and collection of location data.
  • Excluding “Big Tech” from cars is the recommendation of a Fight for the Future petition to the FTC requesting that the agency implement “a structural separation that prevents the ‘big four’ tech platforms from entering the auto industry and requires them to sell off their existing assets in the sector,” due partially to their privacy record.

Upcoming happenings:

Please send feedback, updates and hot takes to

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.