BBB National Programs Deputy Director of Privacy Initiatives Cobun Zweifel-Keegan, CIPP/US, CIPM, says promoting privacy and compliance has been as much a privilege as a job. Since joining BBB in 2017, Zweifel-Keegan has taken satisfaction in helping companies align themselves with privacy best practices, including those required in the EU-U.S. Privacy Shield program, and striving to serve and protect consumers properly.
Prior to joining BBB, Zweifel-Keegan built his passion for privacy as a Westin fellow at the IAPP. In his time at the New Hampshire headquarters, Zweifel-Keegan said he "saw the culture of the IAPP and the values it instills in its employees, but more broadly, the privacy community." He has continued his connection with the IAPP since, leading the IAPP LGBTQ in Privacy and Technology affinity group, helping with KnowledgeNet sessions in Washington, D.C., where he is based, and being accessible to incoming Westin fellows.
In this Volunteer Spotlight, Zweifel-Keegan discusses all things Privacy Shield and EU-U.S. data transfers, as well as progress in the LGBTQ community.
The Privacy Advisor: It has been more than a month since the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield program. What was your initial reaction when the decision came down?
Zweifel-Keegan: I don’t think I was shocked or surprised exactly. I knew this was a possible outcome, and we prepared for this. My initial reaction was probably more just sadness for the privacy profession. It is difficult, with an outcome like this, for businesses to have an avenue for doing the right thing. It seemed as though the court was closing the door to any completely compliant road for U.S. businesses to align themselves with EU standards for data transfers. That is part of what fuels my passion for privacy: helping businesses be and do better for consumers. Whether it is through regulation or something like the Privacy Shield program, I’ve seen the ways that businesses do in fact enhance their privacy practices as the bar is raised, so long as there isn’t too much uncertainty.
The Privacy Advisor: The U.S. and EU acknowledged that they have begun exploring a new data transfer mechanism similar to Privacy Shield. Is this a viable option, or is it going to take more than just a repeal-and-replace scenario? What changes are actually worth considering?
Zweifel-Keegan: It’s a messy process and will always be that way when you’re talking about two independent political entities with their own norms, economies and institutions trying to align themselves. So it will be an ongoing process with bumps in the road. As for what the next solution will be, I’m not an expert on the surveillance side. I think there’s a lot of speculation on what the U.S. could change, and I’ve heard some creative ideas that leave some hope there for reaching an agreement. Things are going to continue to develop, but it is certainly better for EU consumers to have a robust framework like the Privacy Shield for commercial transfers, compared with not having one.
The Privacy Advisor: You’re a big supporter and advocate for self-regulatory schemes, like the Privacy Shield. Discuss why they work and remain an effective option.
Zweifel-Keegan: I’m an advocate for certain kinds of self-regulation and co-regulation. BBB National Programs strives to bring transparency and accountability to self-regulatory rules. The way that works depends on the circumstances, but self-regulation can be robust when it includes independent oversight.
On the Privacy Shield side, there’s transparency provided through privacy policy requirements, but also because businesses self-certified under the program are on a public list, which doesn’t exist under any other mechanism. As for accountability, there are multiple layers of consumer redress, including the independent dispute resolution mechanism that we operate. Not only are we making sure our participants have fully committed to the requirements of Privacy Shield, but we also handle consumer complaints, an important and often-overlooked element of strengthening privacy rules.
I could talk about other examples, like our Children's Advertising Review Unit under the Children's Online Privacy Protection Act Safe Harbors program, but on a personal level, I support self-regulation with independent mechanisms like these because I’ve seen the promise of actually spreading privacy best practices through these schemes. And that continues to be part of my overall goal of continuing to ensure we raise the bar on privacy.
The Privacy Advisor: You’re a proud member of the LGBTQ community. How important has it been for you to be a presence in the IAPP’s LGBTQ community, and could you discuss some of the more overlooked privacy issues facing the community?
Zweifel-Keegan: Our LGBTQ affinity group has been around for about six years, and I’ve been involved for the past few years. I sort of inherited the helm from Marc Groman, organizing happy hours around conferences. We also try to organize speaker-type events during Pride Month in D.C. and a few other cities, bringing in LGBTQ speakers or a professional working on related matters. It’s important to raise the visibility of the community within the profession but also for people to have a space to meet one another. I think it’s always important to cultivate a sense of community and camaraderie around shared interests, and that’s even more important when it comes to minoritized groups.
There’s often not so much a difference in the kinds of harms when it comes to minoritized communities and privacy issues, but more a difference in degree. Whether we are talking about data privacy or physical privacy issues, the stakes are higher for individuals in the LGBTQ community. You can see this clearly even now in the transgender community, which continues to be marginalized and can suffer greatly from privacy threats. In future events, I’d really like to highlight trans voices and the privacy stories they can tell. We can learn a lot about privacy in general by listening to these voices.
Photo by Keagan Henman on Unsplash