The Privacy Advisor recently caught up with Laura Vivet, CIPP/US, CIPP/E, managing consultant with Navigant, where she focuses on global privacy programs and GDPR for multinational companies. Vivet shares her thoughts on different approaches to privacy, Brexit and what made her focus on privacy as a career. Previously, Vivet served on the IAPP's CIPP/E Exam Development Board, worked for the Federal Aviation Administration and was a fellow at the Future of Privacy Forum where she co-authored titled, “Drones and Privacy by Design: Embedding Privacy Enhancing Technology in Unmanned Aircraft.”
The Privacy Advisor: You have experience working in both the U.S. and the EU in the lead up to GDPR, did you notice a difference in how people approach privacy in each region?
Vivet: The U.S. seems more practical with specific focus on cybersecurity. Their sectoral approach addresses the collection and use of certain types of information, and at the same time the US Supreme Court has also recognized a reasonable expectation of privacy in multiple cases - being Carpenter v. United States the most recent one. On the other hand, in Europe, we have a comprehensive approach to privacy where data protection is considered a fundamental right; however, due to the overarching approach, implementation is sometimes challenging. Cybersecurity and data breach notification protocols are not as mature in the EU as they are in the U.S.
The Privacy Advisor: Now that the GDPR is finally in force, what are your initial thoughts?
Vivet: That this is the beginning of a new stage for privacy. Regulators are still figuring out new enforcement powers and cooperation mechanisms, some national implementation of GDPR is still under review, and it is still unknown how courts will interpret the regulation. Furthermore, the ePrivacy directive — currently under review —will add even more complexity to the current scenario, since it will be difficult for both regulations to complement each other in full harmony.
The Privacy Advisor: The U.K government recently released a technical note outlining the benefits of a new data protection agreement between the U.K. and the EU. What are your thoughts on how a post-Brexit data sharing arrangement could work?
Vivet: In a post-Brexit scenario, objectively speaking, the U.K. will be considered a third country — meaning the transfers of personal data from the EU to U.K. will require the implementation of an appropriate transfer mechanism. However, over the course of these negotiations, it seems very likely that the EU will issue an adequacy decision. I think it’s still possible for other scenarios to be considered, because the U.K. implemented the GDPR and has had a relevant role in Europe and among the data protection authorities. But also because it would be strategically beneficial for both parts.
The Privacy Advisor: What drove your decision to focus solely on privacy matters?
Vivet: For a long time, I combined privacy with my role as an attorney in civil and commercial proceedings. It got to the point where I decided to focus solely on privacy matters. The main reason was that it allowed me to connect with my specialty: international law.
The Privacy Advisor: Why drones? Is there a best way for regulation to keep pace with technological developments?
Vivet: Drones are a privacy challenge that has a transversal impact. They can be used for multiple purposes, across multiple sectors and can range from collecting no data at all to collecting sensitive information, images and analytics. Building a single solution for drones is incredibly difficult because they can be so different from one to another. There’s a lot of energy on using drones for good solutions but it’s about finding the best option to make this technology available while also keeping in mind privacy and security concerns.
It’s a real challenge to balance regulation and technological developments. I think over-regulation is not always the best option. Instead, a code of conduct, with a sectoral approach, seems to be more effective in terms of implementation. Once you have enough experience with a given technology, then you are in a better position to make a regulation.
The Privacy Advisor: Any advice to privacy pros looking to jump into the field?
Vivet: I did a lot of research on my own, but I also joined and participated with different privacy associations to expand my knowledge and network. I think it’s important to be active, participate and, if you have time, volunteer. It is a great way of learning and gaining some experience.
The Privacy Advisor: What do you do for fun when you’re not focused on privacy?
Vivet: Since I have been living in the U.S. and recently in the U.K., I spend most of my free time traveling and discovering new places and people. Painting, yoga and watching fantastic and indie movies are others of my favorite activities.
If you want to comment on this post, you need to login.