Yoann Le Bihan, CIPP/E, is doing a bit of a juggling act within his professional life these days as he tries to become a fixture in both the technology and privacy fields. Right now, his full-time job is head of IT operations at Luxair, but Le Bihan aspires for more. He's also dabbling in privacy consulting with an eye towards becoming an independent privacy consultant in Luxembourg and remotely in California, where he is also licensed attorney.

In this Volunteer Spotlight, Le Bihan lends his perspective on privacy amidst COVID-19, the EU General Data Protection Regulation's two-year anniversary and the importance of connecting with fellow privacy pros.

Yoann Le Bihan, CIPP/E,

The Privacy Advisor: How do you volunteer with the IAPP and what is the most rewarding part of your work for the organization?

Le Bihan: My first experience was as a reviewer for the French translation of study manuals for certification courses. By supporting the effort of translating these books, I felt my work would help raise awareness and improve the privacy profession.

In January 2019, I was offered a chance to launch and become co-chair of the Luxembourg KnowledgeNet chapter with Jose Belo, CIPP/E, CIPM, FIP, and Filip Stoitsev, CIPP/E. As co-chair of a chapter, I play a role in the local community, helping people meet and connect, share knowledge and experience and collectively improve the privacy profession in general. Even though COVID-19 changed some plans over the last quarter, we’re now working on an online event for next month to help our local privacy community keep in touch.

The Privacy Advisor: Was there a particular incident or moment that motivated you to start in privacy?

Le Bihan: In 2014, when Edward Snowden's revelations were made, I was not surprised by the extent of the surveillance system that he exposed. Instead, I was surprised by the amount of people who didn’t realize how much the information society we had moved into over the decade prior had made such mass surveillance easily feasible. As a lawyer, I believe that a good law protects citizens from threats that a society should not tolerate. Soon after realizing how much the general public was not aware of the actual power of technology to limit their right to privacy, I was myself caught off guard by the Cambridge Analytica scandal.

That was the real trigger for me. When a private company collects so much personal data that it can know someone better than oneself, I believe that we enter the realm of threats from which a society should vow to protect its citizens.

As privacy professionals, we have a role to play in ensuring compliance with legal frameworks, raising awareness on privacy issues and sometimes even shaping the future of privacy. I wanted to play that role, so I developed privacy skills on top of my existing legal and technology skills.

The Privacy Advisor: Contact tracing is a hot topic in Europe right now. As an IT and privacy professional, what’s your take on how countries should appropriately approach privacy with these tracing efforts?

Le Bihan: From technical and privacy standpoints, I think the best option to limit the risks to data subjects’ rights and freedoms would be to have a coordinated approach at EU level, in conjunction with major equipment brands, which Apple and Google offered to support. The current trend of having apps developed here and there and various approaches from one country to the other is probably inefficient and the recipe for catastrophe.

Another topic with contact tracing is the processing of health data. The lawyer in me feels we’re likely to fall in a common trap here. We shouldn’t say the legal framework is inadequate merely because novel circumstances arise. I believe the GDPR provides a good privacy framework to deal with the challenges ahead. It’s a matter of interpretation by the authorities whether or not “processing is necessary for reasons of public interest in the area of public health” and determining whether a law can “provide for suitable and specific measures to safeguard the rights and freedoms of the data subject."

From a technical perspective, though, I would recommend utmost caution. Data minimization, anonymization wherever possible and frequent auditing are essential.

The Privacy Advisor: As we make our way to the other side of the pandemic, do you think privacy will be as robust as it was previously?

Le Bihan: Not everywhere, but in most developed countries, the questions raised by this crisis will prompt rulings and clarifications of interpretation. Questioning and debating privacy matters is a good sign. I would be more concerned if we suddenly all stopped talking about privacy. Of course, today people are likely to accept things, like contact tracing, that they would have rejected yesterday. But I believe it’s justified, monitored, and hopefully temporary. For some other countries, however, the pandemic is likely to be an excuse to tighten authoritarian powers, to enact new surveillance laws and regulations, and to soften existing privacy frameworks. This is an area where I believe non-governmental organizations will have to play a long-term, active role to defend individuals’ right to privacy.

The Privacy Advisor: The GDPR has been in effect for two years as of this month. Has the regulation been effective? 

Le Bihan: My previous answers probably give you an overview of my opinion on the GDPR. It was a dramatic improvement in the European privacy framework. It’s a powerful tool, but it still struggles to show its strength in practice. There is still the ghost of European bureaucracy haunting the law and it’s still behind compared to the usual U.S. commercial pragmatism. Even though the U.S. is often perceived as less efficient from an individual’s privacy rights perspective, FTC rulings are still light years ahead of the GDPR fines applied to this day, which is astounding.

The Privacy Advisor: You’ve indicated through your online portfolio that the mentor/mentee relationship is something you value. Especially in the privacy space, why do you think establishing those types of relationships are so valuable?

Le Bihan: I believe that we all have something to learn from each other and that we spend our lifetime discovering the world, alternatively learning and teaching. For mentees, mentorship is a fantastic way to enter a new area of expertise while benefiting from the experience of someone older in the field. It’s also a great way for mentors to approach their subject differently by adapting to their mentee’s challenges and learning from the mentee, who may come from a different path of life.

Photo by Keagan Henman on Unsplash