PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: Algorithmic Transparency

Cartoon Algorithmic Transparency - TeachPrivacy Privacy Training 02

This cartoon is about algorithmic transparency. Today, more and more decisions are being made by algorithms.  The logic and functioning of these algorithms is increasingly complex and opaque to people. Today, the new buzzwords are “artificial intelligence” and “machine learning.”  AI and machine learning represent a number of different but related things, but what they generally share in common are algorithms.  As algorithms become more complex and rely on being fed massive quantities of data, it becomes harder and harder to explain their reasoning.  This is a big problem because algorithms play a significant role in our lives by making some very important decisions.

Continue Reading

Cartoon: Multi-Jurisdictional Privacy Law Compliance

Cartoon Multi-Jurisdictional Privacy Law Compliance Poodle - TeachPrivacy CCPA Training 02 small

This cartoon depicts the challenges of multi-jurisdictional privacy law compliance. In 2018, organizations scrambled to comply with the GDPR.  In 2019, businesses are scrambling to comply with the California Consumer Privacy Act (CCPA).  And, there will be a new referendum on privacy law in California next year — CCPA 2.0.  There’s a flurry of legislative activity in the states on privacy — IAPP has a great chart tracking what is going on.  And, each year, more and more countries are passing new comprehensive privacy laws.

We are witnessing the growing pains of privacy law.  Privacy wasn’t adequately regulated for too long, and now the concerns are festering, sparking a rush to action. In the US, state legislation on privacy will continue until the concerns are allayed.  A thoughtful and powerful federal law could weaken the enthusiasm for states to jump into the fray, but this is a challenge with Congress as polarized as it is.

For more on the issue, I recently interviewed K Royal on this topic – see here for the interview.

Continue Reading

Developing a Multi-Jurisdictional Approach to Privacy Laws — An Interview with K Royal

Global Privacy Law

I’m thrilled to interview K Royal, Senior Director, Western Region, Privacy, at TrustArc. K has had a long career in privacy law, having served as privacy counsel for several companies. She’s also an adjunct professor at Arizona State University.

Prof Solove: What is the need for a multi-jurisdictional approach to privacy laws?

K RoyalK Royal: With the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA),  and other laws such as the Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), businesses must be prepared to comply with a variety of laws around the world.

Privacy is a complex, multi-level, comprehensive concept which is now being regulated in more than 130 countries with more than 500 privacy laws. To be successful in complying with so many laws, businesses must develop a multi-jurisdictional approach to privacy laws that is consistent and predictable yet also not one-size-fits-all.

Prof Solove: Can a company just set one high bar and just treat all personal data the same?

Continue Reading

Cartoon: Cookies and the GDPR

Cartoon Cookies and the GDPR

This cartoon depicts how, after the GDPR, countless websites have cookie notices and require agreeing to accept cookies.  I find these cookie notices to be form over substance.  These notices are virtually meaningless and don’t help consumers. They are a nuisance.  They give privacy a bad name because people start to think that privacy is just about a bunch of silly notices and needless extra clicks.

Because cookies are so ubiquitous and commonly-known, being notified about them isn’t very informative. At this point, a notice that says “this site uses cookies” is akin to a notice that says “this computer uses electricity.” What matters is how personal information is being used, not whether there are cookies. Additionally, there are no meaningful choices for consumers. Often, there’s no choice but to accept the cookies. Even when there is a choice, consumers aren’t informed enough about the benefits and costs to make a meaningful decision.

Formalistic “protections” of privacy such as these cookie notices are a big fail.  These cookie notices create the illusion of doing something about privacy, but nothing really meaningful is happening here.

Continue Reading

Entering the New Age of Privacy in the US: Learning from GDPR — An Interview with Daniel Barber

I had the chance to interview Daniel Barber, CEO and Co-founder of DataGrail. DataGrail is a purpose-built privacy management platform that ensures sustained compliance with the GDPR, CCPA, and forthcoming regulations. Their customers span a variety of industries and include Databricks, Plexus Worldwide, TRI Pointe Homes, Outreach, Intercom, and SaaStr. Daniel and I spoke about the lessons we’ve learned one year on from GDPR and how companies can apply those lessons as they think about CCPA and laws like Nevada’s SB 220.

Continue Reading