TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP, July 9, 2021 Related reading: Notes from the IAPP, July 2, 2021



Greetings, privacy pros.

Although summer is here, privacy does not seem to be taking any time off! Developments continue at a rapid pace around issues such as AI, ransomware and facial recognition fraud. With so many of these newly emerging privacy threats, it’s no wonder this week Colorado became the third U.S. state to enact a comprehensive privacy law.

To keep us up to date with recent data transfer developments out of the EU, IAPP Research Director Caitlin Fennessy, CIPP/US, will welcome back NOYB Honorary Director Max Schrems and Hogan Lovells Partner Eduardo Ustaran, CIPP/E, for a discussion next week, held exactly one year after the CJEU’s decision invalidating Privacy Shield. I enjoyed their talk last year so much and am looking forward to the sequel!

I also wanted to draw attention to a TechCrunch article I enjoyed reading this week from Leif-Nissen Lundbæk with the provocative title “Kill the standard privacy notice.” It calls for a rethinking of privacy notices in line with what many privacy academics have been stressing for years: The notice-and-choice regime does not have the effect of protecting privacy. As Indiana University Vice President for Research Fred Cate wrote in the past, “Notices are frequently meaningless because individuals do not see them or choose to ignore them, they are written in either vague or overly technical language, or they present no meaningful opportunity for individual choice.” Professor Woodrow Herzog similarly wrote “the sheer number of choices that inundate users under a control regime is overwhelming to the point of futility.”

But the issue is not just one of academic debate. As IAPP VP and Chief Knowledge Officer Omer Tene wrote with Future of Privacy Forum CEO Jules Polonetsky, CIPP/US, “Unfortunately, companies cannot avoid privacy fiascos simply by following the law.” This kind of privacy regulation, they have argued, “becomes almost meaningless, a bureaucratic box-ticking exercise involving notices that few users read and ‘consent’ without information, volition, or choice.”

These authors raise so many intriguing questions on how to balance the interests of companies, regulators and individuals, which provide great food for thought. Whether you spend your time contemplating these issues or not, I hope you enjoy your weekend.


If you want to comment on this post, you need to login.