Greetings from Washington!
What a week for privacy pros in the nation's capital. This was my eighth IAPP Global Privacy Summit, and I'm amazed at how much bigger this event gets each year. On the one hand, it's exciting to be around more than 4,000 practitioners, regulators, consultants, engineers, thought leaders, reporters, and artists, but on the other, it's overwhelming and next-to-impossible to connect with everyone. All said, I guess that's a good problem to have. I do hope those of you who did attend were able to get as much out of Summit as possible.
Of course, much of the discussion focused on the EU General Data Protection Regulation and what kind of enforcement we will likely see. I noted several regulators suggested they'd like to see more communication and an ongoing dialogue between companies and DPAs, but there will be a limit to how much advice DPAs will give. For more on this, be sure to check out my report today on Article 29 Working Party Chairwoman Andrea Jelinek. There are lots of nuggets in there from her.
GDPR wasn't the only thing on the Summit's menu by any means. With the dark cloud of the Facebook-Cambridge Analytica revelations hanging over many privacy conversations, I heard lots of talk about data ethics and how privacy fits in with a broader picture, involving bias, manipulation and transparency. Mere compliance with privacy law will not be enough to maintain user trust in this new world of AI and big data analytics, because, as Prof. Dennis Hirsch pointed out this week, privacy law is not equipped to handle these new technological developments. This is something that companies should care about, particularly in light of Facebook's rapidly diminishing market cap (we're talking billions of dollars here). More broadly, in light of how data was allegedly used by Cambridge Analytica and its affiliates, use of big data and targeting appears to have massive implications for democracies around the world.
Blockchain was another topic that garnered my interest this week. It's a fairly difficult topic to cover right now, not just because of the math involved and the constant developments in the field, but also because of the varying degrees of understanding in our community about what it is and how it works. I've found that many are still trying to grapple with understanding the basics — which isn't easy — while others are well-versed and hungry for a deeper analysis of potential applications of the tech and implications for privacy. As I've mentioned before, stay tuned over the coming weeks and months for more information about blockchain and privacy, and of course, feel free to reach out with suggestions.
I also attended yesterday's inaugural Privacy Engineering Section Forum, which was put together by our talented advisory board. It's clear that, on the one hand, privacy engineering is rapidly growing and companies need the services of privacy engineers, but on the other hand, it's not exactly clear what a privacy engineer is. During one discussion, it resonated with me when an attendee exclaimed: "That's privacy engineering: Building systems to ensure we’re using data correctly." I'm sure many of you have your own definitions, and I'd love to hear about them.
After a few panel presentations, attendees split up into three groups to discuss the definitions, roles and needs of privacy engineers. People were really engaged with this topic, and we received invaluable feedback for our content offerings for this field moving forward. Expect more from us in this area, and please do reach out to me if you'd like to discuss privacy engineering and what it encompasses.
It's been a busy week, and I could use some rest. I bet you can, too. Make it a short nap, though, because there's lots of work ahead.
If you want to comment on this post, you need to login.