All posts tagged Privacy

Locating Personal Data and Tracking Privacy Rights: An Interview with Dimitri Sirota

Daniel Solove
Founder of TeachPrivacy

One of the biggest challenges for organizations is locating all the personal data they have. This task must be done, however, to comply with the General Data Protection Regulation (GDPR) and other privacy laws. Moreover, the GDPR and the new California Consumer Privacy Act provide that individuals have rights regarding their data. These rights often require that organizations must keep records of individual privacy preferences regarding their data.

I had the opportunity to interview Dimitri Sirota about these issues. Dimitri is the CEO and co-founder of one of the first enterprise privacy management platforms, BigID, and a privacy and identity expert.

Dimitri Sirota

Continue Reading

The Supreme Court on Smart Phones: An Interview of Bart Huffman about Law and Technology

Daniel Solove
Founder of TeachPrivacy

The U.S. Supreme Court has been notoriously slow to tackle new technology. In 2002, Blackberry launched its first smart phone. On June 29, 2007, Steve Jobs announced the launch of the original Apple iPhone. But it took the Supreme Court until 2014 to decide a case involving the Fourth Amendment and smart phones – Riley v. California, 134 S.Ct. 2473 (2014). This past summer, the Supreme Court issued another opinion involving smart phones – Carpenter vs. United States, 138 S.Ct. 2206 (2018).

I am thrilled to have had the opportunity to interview Bart Huffman, a partner in Reed Smith’s global IP, Tech & Data Group, about the Supreme Court’s recent foray into smart phones.

Continue Reading

The Ethics of Artificial Intelligence: An Interview of Kurt Long

Daniel Solove
Founder of TeachPrivacy

The Ethics of Artificial Intelligence: An Interview of Kurt Long

In recent years, there have been tremendous advances in artificial intelligence (AI). These rapid technological advances are raising a myriad of ethical issues, and much work remains to be done in thinking through all of these ethical issues.

I am delighted to be interviewing Kurt Long about the topic of AI. Long is the creator and CEO of  FairWarning, a cloud-based security provider that provides data protection and governance for electronic health records, Salesforce, Office 365, and many other cloud applications.  Long has extensive experience with AI and has thought a lot about its ethical ramifications.

Kurt Long

Continue Reading

Why Blockchain Is a Game-Changer for Privacy: An Interview with Steve Shillingford

Daniel Solove
Founder of TeachPrivacy

Blockchain is taking the world by storm. I am delighted to have the opportunity to interview Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company.

Steve was previously at Oracle and Novell, then was President of Solera Networks before founding Anonyome. Steve speaks and writes extensively on identity management, cybersecurity, privacy, and Big Data.

Continue Reading

Cartoon: GDPR Consent

Daniel Solove
Founder of TeachPrivacy

Cartoon GDPR Consent - TeachPrivacy GDPR Training 02 medium

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data.  Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Continue Reading

Strategic Privacy by Design: An Interview with Jason Cronk

Daniel Solove
Founder of TeachPrivacy

Privacy by Design

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”

Continue Reading

Cartoon: California Consumer Privacy Act

Daniel Solove
Founder of TeachPrivacy

Cartoon California Consumer Privacy Act - TeachPrivacy Privacy Training 02 small

The privacy world has been abuzz with the passage of the California Consumer Privacy Act of 2018.  In June 2018, within just a week, California passed this strict new privacy law.  Some commentators have compared it to the GDPR, but it is a much more narrow law and is a far cry from the GDPR.  Nevertheless, it is a significant entry in California’s considerable canon of privacy laws.

For more on California privacy laws, see this collection compiled by the California Attorney General.

Continue Reading

California Consumer Privacy Act of 2018 Resource Page

Daniel Solove
Founder of TeachPrivacy

In the period of just a week, California passed a bold new privacy law – the California Consumer Privacy Act (CCPA) of 2018. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents.

My California Consumer Privacy Act Resources page includes information about the CCPA including articles, news, blogs and more.

Continue Reading

California Privacy Law for the World: An Interview with Lothar Determann

Daniel Solove
Founder of TeachPrivacy

For the first half of 2018, all eyes were focused eastward on the EU with the start of GDPR enforcement this May. Now, all eyes are shifting westward based on a bold new law passed by California. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents. Pursuant to the California Consumer Privacy Act of 2018, companies must observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, update their privacy policies and brace for additional penalties and statutory damages. The California Legislature adopted and the Governor signed the bill on June 28, 2018 after an unusually rushed process in exchange for the proposed initiative measure No. 17-0039 regarding the Consumer Right to Privacy Act of 2018 (the “Initiative”) being withdrawn from the ballot the same day, the deadline for such withdrawals prior to the November 6, 2018 election.

Below is an interview with Lothar Determann, a leading expert on California privacy law. He has a treatise on the topic: California Privacy Law (3rd Edition, IAPP 2018).

Continue Reading