Published: July 2020
This 20th anniversary publication, “Visions of Privacy,” is a future-looking anthology of contributions from privacy thought-leaders from around the world. We asked these leading voices to take a moment for reflection on the last 20 years of privacy — to pause and think deeply about the future of privacy. We are excited to provide you with these incredible reflections on how far we have come as a profession over the past two decades and what the future might hold.
Justin Weiss, CIPP/A, CIPP/E, CIPP/US, CIPM, FIP
Global head of data privacy, Naspers
Justin leads data privacy within Naspers—a South African global internet group and one of the largest technology investors in the world. In his role, he supports investee companies ranging from start-ups to mature multinational players on legal compliance, M&A, contracting, policy and training. He counsels executives, corporate finance, artificial intelligence, product, engineering and public affairs teams on data policy, risk and privacy programme management, and runs the group’s data privacy secondment programme. Previously, Justin served as Assistant General Counsel for Privacy & International Policy at Yahoo!, representing the company before world governments, APEC, the COE, the EU’s Article 29 Working Party and technology-focused trade associations on regulatory matters.
IAPP vice president and chief knowledge officer
Omer Tene is Vice President and Chief Knowledge Officer at the International Association of Privacy Professionals. He is an Affiliate Scholar at the Stanford Center for Internet and Society and a Senior Fellow at the Future of Privacy Forum.
Microsoft corporate vice president and general counsel
Julie Brill is corporate vice president, deputy general counsel for privacy and regulatory affairs, and chief privacy officer at Microsoft Corporation. In this executive leadership position, Brill is at the forefront of many of the regulatory issues that underpin the digital transformation, leading the global policy and legal discussions involving privacy, internet governance, telecommunications, online safety, hate speech, accessibility and corporate standards. She is spearheading Microsoft’s preparations for the EU General Data Protection Regulation, as well as other privacy mandates around the globe. Brill has a key role in Microsoft’s interactions with regulators and policymakers developing regulations and standards around the world.
U.K. information commissioner
Elizabeth Denham became the U.K.’s Information Commissioner in 2016. The Information Commissioner’s Office is the UK’s regulator for data protection and information rights. It enforces the law, both civil and criminal, against organizations that have violated data protection rules. The ICO provides guidance on and regulates key laws, such as the EU General Data Protection Regulation, Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and Freedom of Information Act 2000.
New Zealand privacy commissioner
John Edwards was appointed to the independent statutory position of Privacy Commissioner of New Zealand in February 2014 for a term of five years. He provides independent comment on significant personal information policies and issues. Prior to his appointment, Edwards practiced law in Wellington for more than 20 years, specializing in information law while representing a wide range of public and private sector clients. He has acted in legal roles for the Ministry of Health, State Services Commission, Department of Prime Minister & Cabinet, and Inland Revenue Department. For 15 years, he held a warrant as a district inspector for mental health and has also been a district inspector for intellectual disability services.
Teki Akuetteh Falconer
Nsiah Akuetteh senior partner
Teki Akuetteh Falconer is a senior partner at Nsiah Akuetteh & Co., as well as founder and executive director at the Africa Digital Rights’ Hub. She is privacy and data protection consultant and has previously worked for the government of Ghana in facilitating the development of several key legislations for the ICT sector, including the National Communications Act, 2008 (Act 769), Electronic Communications Act, 2008 (Act 775), Electronic Transactions Act, 2012 (Act 772), and the Data Protection Act, 2012 (Act 843). She also worked in various capacities with regional bodies, such as ECOWAS. She was the first executive director of the Data Protection Commission to facilitate the implementation of Ghana’s Data Protection Act.
PrivacyGenie president and CEO
Genie Barton is founder and principal at Privacy Genie, a consultancy focused on privacy and related data-use issues. With more than 25 years of experience in privacy, technology, telecommunications and digital advertising in the private sector, federal government and not-for-profit sectors, Genie is uniquely positioned to offer strategic advice to companies or investors looking for practical guidance and fresh insights on current and emerging challenges and opportunities in the 21st-century digital ecosystem.
Heather Dean Bennington, CIPP/US
BNY Mellon privacy compliance vice president
Heather Dean Bennington is vice president in the Global Privacy Compliance team at BNY Mellon and is focused on providing data protection expertise to help manage the business risks and regulatory requirements associated with personally identifiable information. Prior to BNY Mellon – Pershing, she worked in MetLife’s Corporate Privacy Office. She also has experience as an IT auditor, both from an internal and external standpoint.
John Bowman, CIPP/E, CIPM, FIP
Promontory senior principal
John Bowman is a senior principal in Promontory’s privacy and data protection team. Bowman advises clients on all aspects of compliance with data protection laws and regulations. Prior to joining Promontory, John worked at the U.K. Ministry of Justice, where he was the government’s lead negotiator on the EU General Data Protection Regulation. This work involved leading the U.K. delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.
Lorrie Faith Cranor, CIPT
Carnegie Mellon University professor of computer science, engineering and public policy and CyLab director
Lorrie Faith Cranor is the director and Bosch distinguished professor in security and privacy technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory and co-directs the MSIT-Privacy Engineering master’s program. In 2016, she served as chief technologist at the U.S. Federal Trade Commission, working in the office of Chairwoman Edith Ramirez. She is also a co-founder of Wombat Security Technologies, a security awareness training company. She has authored more than 150 research papers on online privacy, usable security and other topics.
Andrew Clearwater, CIPP/US
OneTrust chief privacy officer
Andrew Clearwater serves as vice president of privacy at OneTrust. Clearwater is a Certified Information Privacy Professional, holds an LLM in Global Law and Technology, and is a licensed attorney. In his role as director of privacy, Clearwater provides counsel, leadership and guidance on data protection. Clearwater is also responsible for providing public policy analysis in the areas of privacy, data security, information policy and technology transactions. Clearwater is a globally recognized privacy thought leader and has spoken at many of the world’s leading privacy conferences on behalf of OneTrust.
Ian Cooke, CIPP/E, CIPM, CIPT, FIP
An Post Group IT audit manager
Ian Cooke is the group IT audit manager with An Post (the Irish Post Office) based in Dublin, Ireland, and has 30 years of experience in all aspects of information systems, particularly in areas related to governance, risk, control, audit, compliance, process improvement, information security and privacy. Cooke has served on several ISACA committees, including exam item development. He has also supported the update of ISACA study materials and was a subject matter expert for the development of ISACA online review courses. He is the recipient of ISACA’s 2017 John W. Lainhart IV Common Body of Knowledge Award for contributions to the development and enhancement of ISACA publications and certification training modules and is currently a columnist for the ISACA Journal.
Workday vice president and chief privacy officer
Barbara Cosgrove is vice president and chief privacy officer at Workday, responsible for Workday’s global privacy, ethics, and compliance strategy and operations. Cosgrove has extensive expertise in managing international data protection compliance programs and implementing data governance policies, technology compliance standards and programs, and privacy-by-design frameworks. She has also served as the chief security officer for Workday.
Christopher Hart, CIPP/E, CIPP/US, CIPM
Foley Hoag counsel
With significant trial litigation, appellate advocacy and cybersecurity experience, Chris Hart has counseled and represented sovereign nations, Fortune 500 companies, startup companies, nonprofits and individuals in a wide variety of contexts for more than a decade. He represents clients before the U.S. Supreme Court, argues in appellate courts across the country, including successfully before the Massachusetts Appeals Court and Supreme Judicial Court, and advocates on behalf of clients in federal and state courts nationwide.
Former European data protection supervisor and IAPP board member
Peter Hustinx was the first European Data Protection Supervisor from January 2004 until December 2014. From 1991 until 2004, he was president of the Dutch Data Protection Authority, and from 1996 until 2000, he was also chairman of the Article 29 Working Party. He has been closely involved in the development of data protection law from the start, both at national and various international levels. He received law degrees in Nijmegen, the Netherlands, and in Ann Arbor, Michigan, U.S. In July 2015, he received an honorary doctorate from the University of Edinburgh for his work in the field of information privacy and data protection.
Jules Polonetsky, CIPP/US
Future of Privacy Forum CEO
Jules serves as CEO of the Future of Privacy Forum, a nonprofit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF is supported by the chief privacy officers of more than 130 leading companies and several foundations, as well as by an advisory board comprised of the country’s leading academics and advocates. FPF’s current projects focus on big data, mobile, location, apps, the internet of things, wearables, deidentification, connected cars and student privacy.
Alexandra Ross, CIPP/E, CIPP/US, CIPM, CIPT, FIP, PLS
Autodesk global privacy and data security counsel director
Alexandra Ross is the founder of The Privacy Guru and director of global privacy and data security counsel at Autodesk, a leader in 3D design, engineering and entertainment software. Previously, she was senior counsel at Paragon Legal and associate general counsel for Wal-Mart Stores. She is a certified information privacy professional (CIPP/ US, CIPP/E, CIPM, CIPT and FIP) and practices in San Francisco, California. She holds a law degree from Hastings College of Law and a B.S. in theater from Northwestern University.
Laura Tarhonen, CIPP/E
IKEA Group data privacy leader
Laura Tarhonen is a technology and data enthusiast with a strong focus on privacy and data protection. Currently she works as a data privacy leader at the group functions of the global retailer IKEA, where she supports data privacy activities in the European markets. Before joining IKEA, Tarhonen worked with managing the companywide privacy program of Finland’s biggest media company, Sanoma. Her background is in law with a master’s degree from the University of Helsinki. She also has some experience in working for the public sector. She has both worked for the Finnish Data Protection Authority (Data Protection Ombudsman’s Office) and Ministry of Transport and Communications. In the Communications Ministry, she worked on the big renewal of the Finnish telecommunications law, e-privacy and governmental surveillance initiatives.
Alexander White, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP
Bermuda privacy commissioner
Alex White is currently the privacy commissioner for Bermuda. Prior to this, Alex was deputy chief privacy officer for the U.S. state of South Carolina, where he served as a state subject-matter expert on privacy. His office supported privacy compliance and best practices for more than 70 state agencies and entities. Prior to that, White worked in the insurance industry in emerging issues, enterprise risk management, regulatory compliance, government affairs and product development, including drafting and review of cyber liability forms. In addition to his IAPP certifications, he holds a variety of privacy, legal, cybersecurity and risk management qualifications and is a two-time graduate of the University of Georgia, where he earned a bachelor’s degree in history and a Juris Doctor.
Hogan Lovells senior counsel and Future of Privacy Forum founder and board chair
Christopher Wolf is senior counsel in the Privacy and Information Management practice at the law firm of Hogan Lovells US and previously led the practice as a partner. Wolf focused on internet and privacy law since the early days of those disciplines. He is founder and board chair of the Future of Privacy Forum and a recipient of the IAPP Vanguard Award, among other recognitions.
Stephen Kai-yi Wong
Hong Kong privacy commissioner for personal data
Stephen Kai-yi Wong is the current privacy commissioner for personal data in Hong Kong. Prior to joining the PCPD, Wong was a practicing barrister in private practice and secretary to independent advisory body the Law Reform Commission of Hong Kong. Before serving at the LRC, Wong had been a legal counsel in the Department of Justice from 1986 to 2007 (the then-Attorney General’s Chambers before 1997), assuming various posts, including assistant director of public prosecutions and deputy solicitor general. Being an expert in human rights law, he was involved in the legislative process of the 1991 Hong Kong Bill of Rights Ordinance and was subsequently on loan to the United Nations Human Rights Committee in Geneva for one year until 1992.