This web conference was a part of the IAPP Global Privacy Summit Online 2021.
Original broadcast date: April 15, 2021
In 2019, the New York Times took a trip down memory lane to the 20th century by advocating for simplicity in privacy notices. Many privacy professionals rightly concluded that the paper doesn’t understand privacy notices. The paper’s thesis was based on a false premise that the ways in which companies process personal data are simple enough to reduce to brief, straight-forward statements that an average consumer can understand. In reality, the ways in which personal data is processed are so advanced that they are difficult to understand even for privacy professionals. The FTC, when conducting privacy-related investigations, isn’t satisfied by reading the privacy notice. Instead, the Commission rightly asks for in-depth presentations and opportunity for follow-up questions. The reality is that data processing is increasingly complex, as any science, and privacy notices are no longer designed for consumers. In fact, consumers don’t read them, but regulators, consumer advocacy groups, investors, the media and plaintiffs lawyers do. The modern privacy notice seeks to satisfy that audience by articulating the company’s business strategy and privacy philosophy, establishing data rights, including myriad disclosures required by an ocean of privacy laws, and protecting the company from enforcement. The complexity that these considerations mandate is here to stay. In this panel, we cast aside the simplicity for the sake of simplicity, and talk about real challenges that companies face in designing their privacy notices and how they meet those challenges.
Dave Cohen, CIPP/E, CIPP/US, Senior Knowledge Manager, IAPP
David Kantrowitz, CIPP/US, Counsel, Goodwin Procter
Matan Balas, Principal, Balas Law Pllc
Ashley Yesayan, CEO, Founder, OneVillage