In:Confidence Digital: Day Two Preview from Sean Butler, Privitar’s Director of Product Marketing

InConfidence Speakers

By Crystal Woody, Senior Director of Strategic Communications at Privitar

The first day of In:Confidence Digital is in the books– and what an amazing day it was! Members of the data privacy and analytics community came together to participate in interactive sessions from some of the industry’s pioneering speakers.  Bernardo Mariano Junior, CIO, at the World Health Organization stressed the importance of data to optimize the global response to the Covid-19 pandemic, while Alex Gladstein, Chief Strategy Officer at the Human Rights Foundation urged caution against the use of contact tracing. Industry leaders from AstraZeneca and BT gave their insights on safe and efficient data use, and we looked ahead to the future of the data privacy landscape.

On Thursday, May 21st, Privitar will host In:Confidence Digital day two, with privacy experts delivering in-depth workshops and demonstrating how to put the lessons learned on day one into practice. Sean Butler, Privitar’s Director of Product Marketing and host for In:Confidence Digital Day 2 offered a sneak peek into what is in store. The transcript of our interview follows. 

For more information or to register for free, visit: https://inconfidence.privitar.com/digital 

CW: You’ve had the opportunity to preview the content from the second day of In:Confidence Digital. What can attendees look forward to learning?
SB: Day 2 of In:Confidence Digital is all about the practitioners, the ones who are tasked with putting together a plan and executing on the steps required to bring privacy into modern, data-driven organization. The content is intriguing because it is designed to provide the audience with actionable takeaways that they can implement in their organization regardless of their current stage of privacy maturity. The topics will be brought to life with interesting examples that illustrate how important people, process, and technology are in achieving a best-in-class privacy organization. 

CW: Now, let’s dig into the topics that will be covered during Day two. How does leveraging cloud-based technologies and automation impact the ability to maximize the value of data-driven insights?
SB: Cloud-based technologies and the automation of process has allowed our customers to accelerate their time to data while also broadening their data access. They accomplish this through the systematic application of policies directly on the data that is being made available for consumption in their cloud environment. This allows them to take advantage of the advanced computing power available in the cloud after the data has been made safe for use.

CW: What should an organization consider when evaluating potential data privacy tools?
SB: Key things for an organization to think about when evaluating a data privacy solution are their long term data outlook, in other words not just what are the needs of today but what will their needs be in the next 2-5 years. This vantage point should allow companies to think about how many use cases they will have, how much data they will be consuming, and also and maybe most importantly how sensitive that data will be. After this evaluation, they will be able to make an informed investment as opposed to buying a solution that solves a single pain point but lacks the scalability to grow with your ongoing needs. This is something Mark Semenenko does an excellent job of covering on day 2 of In:Confidence Digital.

CW: What is a privacy center of excellence? Why would a business want to create one? What are the first things to consider when doing so? 
SB: The Privacy Center of Excellence (COE) is a team that is designed to elevate the overall privacy posture of your company. This group is tasked with defining privacy policies as well as a key stakeholder in any decision made around how to handle sensitive data. They are created as a way to strategically implement privacy across teams in order to standardize policies and technologies used across the organization. Our Senior Privacy Engineer Pat Bates does an excellent job of outlining how to get your own COE started on day 2!

CW: What piece of advice would you offer to an organization that is trying to balance their data utilization and data protection?
SB: The best piece of advice I can offer is to be customer-centric with your approach to privacy. Privacy and managing sensitive data is about mitigating the risk associated with that data should it be found someplace it shouldn’t be. Consumer trust in your brand can be put at risk constantly if you aren’t implementing a plan to manage privacy. Companies now more than ever need to take the steps to get their people, process, and technology in order with respect to privacy. We are seeing consumers across the globe become less and less tolerant of companies that don’t protect the personal information of their customers and I don’t see that trend changing.

In:Confidence Digital Sneak Preview: Insights from Christina Bechhold Russ, Director, Samsung NEXT

InConfidence

By Crystal Woody, Senior Director of Strategic Communications at Privitar

Recently, I had the opportunity to catch up with Christina Bechhold Russ, Director at Samsung NEXT, an early-stage venture capital fund investing in software and services. Christina also co-founded Empire Angels, a New York-based fund and angel network of young professionals investing in early-stage startups, with a focus on supporting millennial entrepreneurs. She is a regular contributor on startups and leadership for the Wall Street Journal, a mentor for Startup Sesame and the Entrepreneurial Refugee Network and sits on venture fund advisory boards in both the US and South America. Christina is also a TEDx speaker, and was recognized by the New York Business Journal as a 2016 Woman of Influence, by Business Insider as a Woman to Watch in Venture Capital in 2018 and by Management Today & The Daily Telegraph as one of Britain’s 35 Women Under 35 in 2019.

During our conversation, we discussed the balance of data utilization and consumer empowerment, how consumers can better protect their data, and how businesses can harness the power of technology to protect their customers. The transcript of our interview follows.

Christina will share additional insights on Data Privacy Technology and Consumer Empowerment on May 14th (5:30pm BST / 12:30pm EDT) during In:Confidence Digital. For more information about her session, or to register for free, visit: https://inconfidence.privitar.com/digital 

CW: How does Samsung NEXT define ‘consumer empowerment’ and what are you looking to invest in?
CBR: We believe in a not so distant future where consumers have the agency and control to determine how they interact with technology and how they leverage technology to interact with each other. In this regard, our Ventures team looks to invest in technologies and business models that give consumers more control of their data, their attention, their intention, and their time. 


CW: Can consumer empowerment and data utilization for businesses truly co-exist?
CBR: The short answer: yes. The reality is that today, too many companies wield extensive influence due to a primary business model built around personal data mining, tech addiction and surveillance advertising. We believe these companies are more vulnerable than they appear because their business model is under threat, from government regulation, antitrust scrutiny, and consumer backlash. As a result, a growing number of startups are emerging to take on these incumbents, and challenge their dominance. Last year, we invested in Scroll, which makes it easier and faster for consumers to navigate content on the web by partnering with publishers to show ad-free content. Instead of ad-blocking, Scroll employs a membership model, and measures the engaged time spent with that site to calculate how much that site should earn each month. It’s also peace of mind for the consumer to know that their data is never sold or given to anyone. 


CW: What can consumers do to better protect their privacy rights and data?
CBR: Individuals are realizing that the vast amounts of information being collected about them is not always used to their advantage. The expansive nature of this data collection, which originally made the problem difficult for consumers to grasp, has now instead engendered distrust and concern on how this information can be used against them. There are certainly different generational attitudes, though—my relationship with privacy as a consumer is very different from that of my parents; as a Millennial, I’m more likely to be comfortable trading my data in exchange for more personalization, for example.

In 2019, we announced the first cohort of the Samsung NEXT Stack Zero Grant program, a non-equity program to support early-stage teams building decentralized technologies. Grant recipients and a growing network of those concerned with privacy and data control gathered last summer where we tackled an array of topics, including this idea that one of the key problems with the things we build is that they might be used against us. And it’s because of this that many of us today choose to simply mitigate the amount of information about us that we put on the internet. It’s our job to consider how technology needs to be developed for the coming generations who will grow up in a world where living life in public is the norm—where trading privacy for convenience is all they know.


CW: How can businesses harness the power of technology to protect their customers?
CBR: In short, invest in data protection services. In the past months, we’ve seen an increase in enterprise companies viewing data as a liability and actually wanting to minimize how much user data they store. And it makes sense: banks, game developers and financial institutions topped the list of data breaches in 2019. The less data you hold, the less attractive you are as a target. It’s important for businesses to invest in solutions that help them comply with regulations while protecting their customers. In fact, it may even turn out to be less expensive than the alternative. 


CW: What is your favorite new privacy technology for businesses?
CBR: We’re most interested in solutions that favor a decentralized approach, especially on device. I’m quite interested in privacy preserving personalization—companies like Canopy, for example, that can use on-device machine learning to customize content recommendations rather than cookies that share your behavior with 30 affiliates.


CW: Anything else you’re paying attention to in the news or otherwise?
CBR: Consumer data privacy and decentralized solutions are front and center right now in the debate over COVID-19 contact tracking—Apple and Google have taken a privacy first approach with their API, while several governments, including the UK, have said they want centralized solutions. The debate will be further complicated as public health authorities evaluate ideas around regular testing and immunity passports. What is a reasonable amount of personal data for a consumer to give up to their government in a health crisis? Who decides? What do businesses need to know to allow consumers access? Can it be architected in a way that ensures, post-pandemic, governments and businesses no longer have that same access, or does this become a regular way of life? Will be very interesting to see how the public and private sectors tackle this. 

In:Confidence Digital Sneak Preview: Insights from Polly Sanderson, Policy Counsel at Future of Privacy Forum

InConfidence Speakers

By Crystal Woody, Senior Director of Strategic Communications at Privitar

Last week, I had the opportunity to catch up with Polly Sanderson, Policy Counsel at Future of Privacy Forum, where she focuses on legislative outreach and analysis, and privacy legislation at the federal and state level. FPF is a prominent D.C. based think-tank with expertise on emerging consumer privacy issues.

During our conversation, we discussed current the state of the data privacy landscape in the United States.  We also talked about some tips and insights she wanted to share with businesses trying to navigate this changing regulatory landscape. The transcript of our interview follows.

Polly will share additional insights on the US Data Privacy Landscape on May 14th (5:00pm BST / 12:00pm EDT) during In:Confidence Digital. For more information about her session, or to register for free, visit: https://inconfidence.privitar.com/digital

CW: What is driving the momentum for new privacy legislation in the United States?
PS: Momentum for US privacy legislation comes from a number of places – grassroots, the States, and external pressure for other jurisdictions implementing their own laws. After a series of high-profile scandals and data breaches involving personal data, this has become a mainstream issue. Equifax, Cambridge Analytica, and more recently Clearview AI have put the spotlight on whether individuals can trust companies with their data. In part, the California Consumer Privacy Act (CCPA) is a manifestation of the desire of individuals to increase legal protection. Since the enactment of the CCPA, many other states have introduced similar bills to give their own constituents similar or stronger protections. To increase consumer trust and adoption of digital products and services, and to prevent the emergence of inconsistent state laws, industry is supportive of implementing a uniform set of federal rules. Moreover, many companies have also already implemented internal compliance programs to comply with the EU’s General Data Protection Regulation (GDPR). 


CW: What are the major points of consensus and ongoing discussion in the US privacy debate?
PS: In principle, there is widespread agreement on the need for privacy legislation in the United States. Since the end of 2018, many proposals have been introduced to Congress from both Republicans and Democrats. At this stage of the privacy debate, the general legislative framework is fairly well-settled. It consists of a set of rights for individuals, obligations for covered entities, the Federal Trade Commission (FTC) as the primary regulator, and additional enforcement by State Attorneys General. The details vary between proposals, but although many of the issues are complex there is much room for compromise. At the crux of the debate are substantive processing limitations and issues involving automated decision-making, algorithmic bias and discrimination. These are hugely important aspects of the debate, with major privacy implications for individuals and groups, as well as commercial practices. Until these issues are worked out, some of the more political issues – preemption and private right of action – are unlikely to be resolved. I am optimistic that a nuanced and balanced solution is possible. 


CW: What are the biggest points of distinction between US data privacy legislation and international approaches to privacy protection? Is any country “getting it right?”
PS: What may be the “right” approach for one country can rarely be copied and pasted to another jurisdiction. Data privacy laws must be considered in the context of the cultural and constitutional backgrounds, values, and regulatory appetites from which they originate. One of the largest differences between US data privacy legislation and the European approach is that, under the GDPR, covered entities must have a “legal basis” to collect covered data. This requirement is anchored at the constitutional level in the EU. Meanwhile, the US’s constitutional protection of the freedom of speech has been interpreted by US courts to protect the free flow of information. It is therefore not surprising that most legislative proposals in the US do not include a requirement for covered entities to have a legal basis for the collection of personal information. Traditionally, the U.S. has regulated the processing of personal data in areas where there is a risk of harm. This has created fertile ground for data-driven innovation. However, the proliferation of data-driven innovation in modern society now calls for a general regulatory framework to promote consumer trust of techy products and services. Of course, an overly prescriptive law could have the unintended effect of benefitting large companies at the expense of small but innovative players and start-ups which lack the resources to hire large legal teams. In general, most US proposals take a more nimble, holistic regulatory approach than the GDPR.


CW: How do you expect COVID-19 to impact the US data privacy landscape?
PS: COVID-19 has underscored the need for a federal data privacy law in the United States. If there had been a law in place before the pandemic, then there would be less confusion among policymakers and companies about how to share and use data to combat the emergency and what safeguards to put in place. The US has been slower to act than the EU – there has been much guidance and clarity from EU DPA’s. However, the pandemic has also put the consumer privacy debate on hold temporarily. Before the outbreak, over a dozen states were considering their own privacy laws. Now, the focus of legislators has moved toward formulating urgent economic and social responses to the pandemic. But without adequate data protection, citizens are less likely to trust technological solutions, and there is a greater risk that measures put in place now to fight COVID-19 could have implications for surveillance now and in the future. It is important for legislators and companies to be cautious, and to learn lessons from how 9/11 impacted the balance between surveillance and human rights. 


CW: What piece of advice would you offer to businesses that are trying to navigate a rapidly evolving data privacy landscape?
PS: If I could give one piece of advice to businesses that are trying to navigate the rapidly evolving data privacy landscape, it would be that legislators are never going to be “done” dealing with the regulatory framework of consumer data and the issue of privacy. We are living in a new era. To remain competitive, to maintain the trust of consumers, and to continue to win contracts with other businesses, you need to “lean in” by demonstrating that your privacy and security practices are state-of-the-art. Where possible, businesses should employ Chief Privacy Officers to oversee the implementation of comprehensive privacy programs internally, even if it is not legally required. I cannot stress enough how important it is for there to be open lines of communication between your privacy team, IT team, and upper-level management. This is a board room level issue, this is a reputational issue, and this is an issue that is not going away. Start-ups will benefit from practicing privacy-by-design from the outset, and throughout the design, development, and deployment of their products and services. Regulators will look kindly upon organizations that are able to demonstrate a good-faith effort to practice good data practices, even in a rapidly changing landscape.

 

 

In:Confidence Digital Sneak Preview: Insights from Stewart Room, Data Protection Leader at DWF

In:Confidence NY USA 2019

By Crystal Woody, Senior Director of Strategic Communications at Privitar

Earlier this week, I had the opportunity to catch up with Stewart Room, Partner & Data Protection Leader at leading global law firm DWF. Stewart is a data protection, privacy and cyber security expert, covering all aspects of strategy, law and compliance. A dual qualified barrister and solicitor with nearly 30 years’ experience, Stewart has practised exclusively in the fields of data protection, privacy and cyber security since 2001 and is recognised in the UK as one of the country’s leading lawyers.

During our conversation, we discussed the state of data privacy during the Covid-19 pandemic. We also talked about the role of regulators in times of crisis, and advice for businesses during this unprecedented time. The transcript of our interview follows.

Stewart will share additional insights on Data Privacy During the Pandemic on May 14th (6:00pm BST / 13:00pm EDT) during In:Confidence Digital. For more information about his session, or to register for free, visit: https://inconfidence.privitar.com/digital.


Interview Transcript

CW: What is the role of data protection regulators in a time of crisis?
SR: Looking at it from the perspective of the UK, there is no ambiguity about the regulator’s role in this situation.  They have to discharge their statutory duties and uphold the law.  If they don’t, they will be acting unlawfully.

The tasks of the DPAs are set out in Article 57 of the GDPR, with the first one being monitoring and enforcing the application of the regulation.  When it comes to activities such as building contact tracing apps, there are two key elements of their tasks to note. First, there is the giving of advice to parliaments, governments etc. on the impacts for rights and freedoms caused by any legislative or administrative measures in place, or in contemplation, for COVIDTech. Thus, you would expect the DPAs to be in conversation with government and public health authorities right now and data processing for public health. The second major task is to oversee the performance of data protection impact assessments.  DPIAs will be compulsory for contact tracing apps and I would expect the DPAs to be in the detail and, of course, pressing for them if they are not being proactively supplied for review, if necessary enforcing the law through formal means.Looking at this a different way, it’s not the role of DPAs to be advocates for COVIDTech. They have to maintain their independence and neutrality.  Also, it’s not their job to lower legal standards.  Nor do I think it’s their job to be popular, for example by taking a temperature check of prevailing public opinion, or guessing at what it is, then siding with the consensus, perceived or real.  COVIDTech will not be judged fully in the heat of the crisis.  It will have a long aftermath of deep scrutiny, over many, many years, and the regulatory stance adopted today will be part of the scrutiny tomorrow.
It’s not an easy job.  There are a lot of challenges and pitfalls in the way. However, the DPAs’ offices are stacked with very talented and clever people and this must be encouraging for good outcomes.

CW: How has the COVID-19 pandemic shifted the data privacy landscape?
SR: There are many shifts. I find it a source of real comfort that it has caused people to become more engaged with the topic. It’s vital that data privacy is democratised: it is not the preserve of elite lawyers, elite academics, elite technologists or elite regulators.  It is a topic for everyone. Another shift – and I think this is very significant – is that the regulators themselves are coming under scrutiny, about the role they are taking in COVIDTech. I’m not sure where that is heading, but it’s vital that confidence is maintained in the regulatory regime and I don’t we can divorce the COVIDTech issues from the wider concerns about the effectiveness of GDPR enforcement.  

In an area that is very close to my heart, which I call ‘The Journey to Code’, which is about the likely future trajectory of data privacy requiring more data privacy ‘outcomes’ to be delivered in tech and data themselves, I believe that COVIDTech is proving the point. The conversation about centralisation v. decentralisation for contact tracing apps is an obvious illustration. Another is Bluetooth v other electronic signals. The Apple/Google alliance is another.

However, the most significant shift is towards a greater surveillance society. It’s the classic challenge of crisis situations and we saw it after 9/11. No wonder people are concerned. We want to fight the virus, we want to protect the vulnerable and the front line, we want to end lockdown and return to normality but at the same time we want to maintain our rights and freedoms. The reality is that we can’t have everything, there has to be trade-offs of sorts. The key goal is not to cause an absolute and perpetual trade-in of rights and freedoms for immediate gains. 


CW: Do you expect to see long term changes to data protection and privacy as a result of the COVID-19 pandemic?
SR: Anything is possible. When I was a young(er) lawyer, in the 1990s, I read about ECHELON surveillance and dismissed a lot of what I read as conspiracy theory.  After 9/11, many governments went about building mass surveillance systems.  I was much older and wiser when I read about Edwards Snowden’s disclosures, but the scale and breadth of the structures built after 9/11 astounded me. My point is that we should not rule out the creation of a perpetual mass surveillance system in the West triggered by COVID-19. I do not see this as a fear of the paranoid, but a real risk. And I remember a previous Information Commissioner saying not long ago that we were ‘sleepwalking into a surveillance society’.  

However, in a more positive sense, I hope that the wider public engagement maintains for the longer term.  GDPR triggered that, but it ran out of steam due to the enforcement system not living up to expectations.  I hope that isn’t the case again. 


CW: What piece of advice would you offer to businesses with respect to data usage and protection during this time?
SR: The best thing I can say is remember, the law still applies and people haven’t changed.  COVID-19 cannot be a reason to throw away workplace protections against surveillance, discrimination and inequality. Every step that employers take to maintain health and safety in the workplace when we finally return, will need to be reasoned against the legal obligations just mentioned.  In the meantime, while we are working from home, or under less supervision, businesses have to reflect anew on their risk levels and their risk priorities. Without wishing to be alarmist, I predict that there will be a long legal aftermath to COVID-19 and that will include legal problems relating to data mishandling in business, not just in an insecurity sense, but also for mistreatment of workers. Another thing: what are all of these CEO emails about?  I am getting dozens each week from organisations that I haven’t had contact with for years. Much of this is direct marketing dressed-up. This definitely needs looking at.

In:Confidence Update

InConfidence

Each year, the Privitar team looks forward to hosting our customers, partners and members of the data privacy community for our In:Confidence events. Our team has been closely monitoring the COVID-19 situation to ensure that we’re taking the necessary measures to protect the health and wellbeing of our attendees. We have made the difficult, but important, decision to postpone our London event until the Autumn. 

This shift, however, presents us with a unique opportunity to unite the data privacy community in a new way.

We are excited to announce that on April 30th, we will host the first In:Confidence Digital, an exhilarating day of online keynotes and interviews focused on the power of safe data and the role of privacy in the modern technological ecosystem. In:Confidence Digital will feature interactive video sessions with senior industry data leaders, newsworthy debate, and educational insight. 

You can register for the free-to-attend online event here. 

We hope that you will be able to join us on April 30th for this day of valuable content and virtual community-building, and once again in-person later this year for In:Confidence live. Stay tuned for more details for both events in the weeks ahead.

In:Confidence 2019 – The age of data privacy has begun

Last week, the advanced analytics and data privacy communities converged on Printworks in London for In:Confidence 2019 – a one day extravaganza of thought provoking discussion, in-depth panels and exciting keynotes. Our photographers were on hand to capture all the action and the best moments from the Keynote Stage, In:ConfidenceX, the IQ Bar and the extensive networking hall. Below some of the best bits…

In:Confidence is now over for another year, but soon you’ll be able to register for our 2020 event. Expect it to be bigger, bolder, and as ever, the home of the world’s data privacy conversation.  

In:Confidence 2018 – Data Privacy: Outrage and Opportunity

Last week in London, Privitar held its inaugural In:Confidence event, bringing together the data privacy community for a day of talks and panels focused on how privacy can be an enabler for innovation, operational efficiency, and for building consumer trust.

Up on the In:Confidence stage, the industry-leading line-up of speakers debated the rising controversy around corporate use of personal data and how an ethical approach to data privacy can create competitive advantage ‘ whether by building innovative new products and services, by building and retaining customer trust, or by safely collaborating with industry peers.

Many of the industry’s leading thinkers and practitioners from the world of data analytics and privacy joined the exceptional speaking line up, along with the man at the centre of the data privacy media storm ‘ Christopher Wylie, the Cambridge Analytica whistleblower. Joining him on stage were Ben Goldacre, author, broadcaster and doctor at the University of Oxford; Azeem Azhar, award winning entrepreneur, Exponential View & Accenture Advisor; JP Rangaswami, Chief Data Officer at Deutsche Bank and Jeni Tennison, CEO, ODI, to name but a few (see full list of speakers here).

Check back to the Privitar blog and follow us on Twitter and LinkedIn over the coming weeks for highlights from the event, recordings of our speaker sessions, and in depth discussion of the key topics debated on stage.

First up is the full interview of Christopher Wylie with journalist, Harry Davies on the Cambridge Analytica and Facebook data breach scandal and how the industry will react moving forward – this one isn’t to be missed! Follow the link below to tune in to the Christopher Wylie interview broadcast.

Access the Chris Wylie interview here