Podcast: Should we give up our data to protect the herd?

(Apr 3, 2020) Telecommunications companies across the world, including in Germany, Brazil and China, have granted their governments access to customers' cellphone data in an effort to help track COVID-19. Other countries are more cautious; the Dutch DPA called for emergency legislation before sharing occurs, and Canadian Prime Minister Justin Trudeau has said a flat no, for now. In this episode of The Privacy Advisor Podcast, Heather Federman, CIPP/US, vice president of privacy and policy at BigID, discusses ... Read More

Privacy concerns stirred over potential COVID-19 tracking

(Mar 19, 2020) Wired reports on the potential privacy dilemma facing Americans if the U.S. government and big tech companies team up on COVID-19 tracking through forms of user location data. University of Georgia Center for Geospatial Research Director Marguerite Madden said citizens will likely balk at the potential data sharing unless they are "made fully aware of the use of the data and trusted the data would be used as specified in the data agreement." Meanwhile, Facebook and Google have each downplayed th... Read More

Perspective: Balancing personal privacy, public interest amid COVID-19 outbreak

(Mar 6, 2020) The spread of COVID-19 around the world is challenging privacy norms and leading conversations about ethical data use. In China, drones are being used to enforce quarantines. South Korea is using personal data to alert individuals if they have been near an infected patient. A website in Singapore shares where an infected person lives and works, as well as the hospital they were admitted to. In this piece for Privacy Perspectives, IAPP Editorial Director Jedidiah Bracy, CIPP, poses the question: ... Read More

On balancing personal privacy with public interest

(Mar 6, 2020) It's hard to imagine going through a day right now without thinking about COVID-19, the disease caused by the coronavirus. You likely already know the basic facts: It appears to have originated in Wuhan, Hubei Province, China; the disease can cause severe illness in people, including death, though, according to the U.S. Centers for Disease Control and Prevention, serious illness occurs in only 16% of cases; the disease is rapidly spreading around the world; and there's still a lot of unknowns su... Read More

The Privacy Advisor Podcast: Data protection, ethics and ePrivacy in the EU

(Mar 6, 2020) If there's anyone we could call an expert on data protection in the EU, it's Christian D'Cunha. Years back, he was charged with leading the review of the EU Data Retention Directive — no easy task — before he moved to a role at the European Data Protection Supervisor's office as a policy assistant under former EDPS Peter Hustinx and then, his successor, the late Giovanni Buttarelli. Now, D'Cunha has taken a role at the European Commission at DG Connect, a segment of the Cybersecurity and Digital... Read More

Perspective: How data review boards can help institutional decision-making

(Feb 28, 2020) Data review boards are an emerging tool to help companies make responsible decisions about data use, as well as demonstrate their commitment to ethical decision-making to regulators, journalists, markets and consumers. In this piece for Privacy Perspectives Indiana University’s Rachel Dockery, CIPP/US, Fred Cate, and Stanley Crosley, CIPM, CIPP/US, offer a definition of data review boards and “highlight the key issues for organizations considering DRBs to improve decision-making processes, demon... Read More

Why data review boards are a promising tool for improving institutional decision-making

(Feb 28, 2020) Data review boards are an emerging tool to help companies make responsible decisions about data use, as well as demonstrate their commitment to ethical decision-making to regulators, journalists, markets and consumers. We would like to highlight the key issues for organizations considering DRBs to improve decision-making processes, demonstrate accountability and ensure that innovations align with broader organizational and societal values. What is a DRB? The concept of DRBs, sometimes called d... Read More

Irish DPC discusses role of DPO at RSA

(Feb 27, 2020) For all the changes the EU General Data Protection Regulation ushered in, the requirement that applicable organizations must hire a data protection officer has caused its fair share of heartburn. The mandate that the position must be independent and monitor a company's compliance with the law, as well as advise the company on data processing and serve as a liaison to the data protection authority, has, anecdotally, incited some anxiety among a wave of new DPOs about how to balance outward-facing... Read More

Irish DPC discusses the role of DPO

(Feb 27, 2020) The data protection officer requirement under the EU General Data Protection Regulation and the officers' subsequent responsibilities haven't been easy for DPOs. There has been uneasiness over how DPOs should approach balancing their obligations to their organization and data protection authorities. On a panel at RSA in San Francisco, California, Irish Data Protection Commissioner Helen Dixon said there is "a lot of stress and tension about what the role requires," but added that DPOs are essent... Read More