Powered by RND
PodcastsEconomía y empresaMasters of Privacy
Escucha Masters of Privacy en la aplicación
Escucha Masters of Privacy en la aplicación
(6 012)(250 108)
Favoritos
Despertador
Sleep timer

Masters of Privacy

Podcast Masters of Privacy
PrivacyCloud
Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency,...
Ver más

Episodios disponibles

5 de 90
  • Matthew Junod: the US-based DPO in the face of AI governance
    How is the role of the DPO (Data Protection/Privacy Officer) evolving in the US? What is the best approach to managing AI governance once a privacy program has been implemented? Matt Junod is a US privacy attorney and Florida native with a prior background in network engineering and security. He has worked in-house, rolling out and managing data protection programs as well as dealing with security and privacy compliance issues. Our guest has also served in privacy leadership roles since 2018, including the DPO position for a large technology services firm, and most recently a leading Internet job board. References: Matt Junod on LinkedIn EU Commission’s General-Purpose AI Code of Practice NIST AI Risk Management Framework Joe Biden’s Executive Order on Artificial Intelligence Elon Musk’s X is changing its privacy policy to allow third parties to train AI on your posts (Techcrunch)
    --------  
    28:03
  • Robert Bateman: the EDPB’s Opinion on auditing subprocessors and the future of Meta’s unskippable ads
    Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert, who’s here for a second time, we are going to revisit recent EDPB (or European Data Protection Board) opinions on data processor auditing requirements and Meta’s Consent or Pay model, with its latest twist in mind (a brand new third option with generic, unskippable ads). References: Robert Bateman on LinkedIn EDPB Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors Meta adds a Plan C to its Pay or Consent model EDPB Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Robert Bateman: Consent or Pay (Masters of Privacy, October 2023)
    --------  
    32:27
  • Newsroom: Fall 2024
    Time for a Newsroom summarizing everything that’s happened in our usual areas of focus, although we are dropping the last two (Zero-Party Data and Future of media) this time around.  ePrivacy & Regulatory Updates Enforcement On September 5th, the CNIL fined CEGEDIM SANTÉ 800,000 euros for processing health data without authorization. The healthcare software provider collected sensitive personal information, assigning a unique identifier for each patient of the same doctor. This method was considered sufficient to ensure that personal data remained anonymous in order to put together certain comparative studies, but the CNIL concluded that, given the risk of re-identification, it could merely be considered pseudonymized, exposing a breach of the GDPR as a result (for starters, patients had not been informed of additional purposes). A Reference was made to the EDPB’s Opinion 05/2014 on Anonymisation Techniques.  On September 27th The Irish DPC issued a 91 million euro fine to Meta for storing certain user passwords in plain text files.  On October 22nd, NOYB filed a claim against Pinterest before the French supervisory authority alleging that the company relies on legitimate interest to underpin its behavioral advertising practices, in contravention of the CJEU Bundeskartellamt decision. The social network has also been accused of breaching the transparency principle and not responding to data subject requests appropriately.  On October 24th, the Irish DPC imposed a 310m EUR fine on LinkedIn. The professional social network is not properly applying a valid legal basis for targeted ads and the processing of first party data about their members, despite referring to three separate grounds: consent, legitimate interest and contractual necessity. This has also resulted in a breach of the fairness principle. On October 30th, the California Privacy Protection Agency announced an investigative sweep of data broker registration compliance under the Delete Act. This law requires data brokers to register with the CPPA and pay a fee annually.  On November 6th, the Canadian government ordered the closure of TikTok in the country. Citizens are however allowed to keep using the app, as this is considered a personal choice.  Legal updates and guidelines On October 4th, the CJEU resolved a famous dispute between the Royal Dutch Lawn Tennis Association and the Dutch DPA. The latter had imposed a fine on KNLTB for relying on legitimate interest for sharing data with its sponsors for purposes of direct marketing. Five days later, the EDPB requested comments on its draft Opinion on processing data on the basis of Legitimate Interest: It is made clear that this legal basis should not be treated as a “last resort” as it is of equal value to the rest, and a differentiation is made between an interest (or broader benefit that a controller may have) and a purpose (or specific reason why the data is processed). The Opinion has also stated that an interest must be related to the data controller’s activities. On the same day (October 9th), the EDPB adopted its Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors: every controller should extend the diligence they currently have over direct processors to the entire chain of custody, no matter how many degrees apart.  On October 16th, the EDPB adopted new Guidelines on the technical scope of article 5.3 of the ePrivacy Directive: given that very little has changed since they opened up an initial draft for comments, we recorded a separate episode with Peter Craddock pondering the far reaching implications of these Guidelines.  Turning our attention to the UK, on October 7th the UK ICO launched its own Data Protection Audit Framework including self-assessment toolkits and other practical resources.  Also, the UK Data Protection reform is back, now with a Data Use and Access Bill (with a second reading announced on November 1st). It maintains an exception for analytics cookies that will not require consent. DPOs are back on the table (the previous reform proposal was getting rid of the role).  On November 5th EDPB adopted its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement. The redress mechanism has been implemented successfully but it is yet not being widely used. The EDPB has voiced concerns about recent changes to Section 702 FISA and how that could expand the role of private companies in gathering data about EU citizens.  MarTech and AdTech On November 12th, Meta introduced a plan C to its Pay or Consent models, having been told by the EDPB that the current proposal would not be acceptable. A third option (besides paying and relying on behavioral ads) is now available which will use less data and remain mostly contextual. It will also compensate its decreased targeting capabilities with increased audience reach by showing ads (“ad breaks”) that become unskippable for a few seconds. A study conducted by Boston University has concluded that the Protected Audiences API (building on the formerly called FLEDGE protocol, a part of Chrome’s Privacy Sandbox), can produce similar results to those of third party cookies in the context of retargeting campaigns.  On November 5th, David Raab, who back in the day had coined the label CDP (Customer Data Platform), published a provocative piece titled “The Composable CDP is Dead”. In summary the author argues that all CDPs have already caught up with the modularization that came from sitting on top of more flexible data warehouses, so every single CDP has either become a niche modular component or an all-encompassing, highly-modularized software suite. In sum, the term will not help a Hightouch differentiate itself uniquely any longer. We suggest that you listen to our interviews with Tejas Manohar and Jonathan Mendez, CEOs of Hightouch and Neuralift AI respectively, for further context.  AI, Competition and Digital Markets The community is still recovering from Hamburg’s DPA’s opinion (adopted on July 15th) stating that LLMs do not contain personal data. The supervisory authority made three key points that we will be covering with some future guests: a) No personal data is stored in LLMs; b) Data subject rights as defined in the GDPR cannot relate to the model itself, but they can be exercised against the provider or deployer of a system built on top of such models, with regards to the input or output of such system; c) The training of LLMs using personal data must comply with data protection regulations.  The Irish DPC announced an investigation into Google’s foundational AI model (PaLM 2) on September 12th, with a focus on the DPIA that Google is expected to have undertaken.  An ICO report released on November 8th found that AI recruitment technologies can filter candidates according to protected characteristics including race, gender, and sexual orientation. On November 13th, Meta received an 800,000 EUR fine for anti-competitive practices in the bundling of its Marketplace feature with the primary Facebook application. So, they have leveraged their control over one market to take control of another, adjacent market, in this case threatening pretty large companies in the classified ads space. That’s it for today! Thanks again for listening.  
    --------  
    16:47
  • Peter Craddock: ePrivacy exceptions, advertising, analytics, the limits of consent and server-side processing
    The EDPB has finally adopted its much feared Guidelines on the scope of article 5.3 of the ePrivacy Directive, but consent may still be avoided in some cases not specifically covered by an exemption (e.g., analytics). Absent such an exception, and in light of dismal consent rates, publishers and platforms have embraced highly controversial “Consent or Pay” models. Plan C? Server-side processing (Conversion APIs, Enhanced Conversions, Data Clean Rooms…), not without its own challenges. We have gone through all of it with Peter Craddock in his second appearance on Masters of Privacy.  Peter Craddock is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. He is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Op-Ed: A critical analysis of the EDPB's "Pay or Consent" Opinion (Peter Craddock) Peter Craddock: Comparison of the final version of the EDPB’s ePrivacy guidelines with the version of November 2023 (including links to more in-depth comments on those guidelines) EDPB Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms AEPD guidelines for the use of cookies without need for consent in the context of digital analytics (ES) Peter Craddock on Masters of Privacy (February 2024): Could core advertising components fall under the “strictly necessary” exemption of the ePrivacy Directive? Romain Robert: Pay or OK in AdTech - How it started and where it’s going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)
    --------  
    59:14
  • Lukasz Olejnik: Propaganda, misinformation, the DSA, Section 230, and the US elections
    Dr Lukasz Olejnik (@lukOlejnik), LL.M, is an independent cybersecurity, privacy and data protection researcher and consultant. Senior Visiting Research Fellow of the Department of War Studies, King’s College London. He holds a Computer Science PhD at INRIA (French Institute for Research in Digital Science and Technology), and LL.M. from University of Edinburgh. He worked at CERN (European Organisation for Nuclear Research), and was a research associate at University College London. He was associated with Princeton's Center for Information Technology Policy, and Oxford's Centre for Technology and Global Affairs. He was a member of the W3C Technical Architecture Group. Former cyberwarfare advisor at the International Committee of the Red Cross in Geneva, where he worked on the humanitarian consequences of cyber operations. Author of scientific articles, op-eds, analyses, and books Philosophy of Cybersecurity, and “Propaganda”. He contributes public commentary to international media. References: Full interview transcript (on Medium) Propaganda, by Lukasz Olejnik Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique (Newsletter) Lukasz Olejnik on Mastodon Lukasz Olejnik on X EU Digital Services Act (DSA)  Section 230 (“Protection for private blocking and screening of offensive material“)  of the Communications Decency Act (1996) Cubby, Inc. v. CompuServe Inc. and Stratton Oakmont, Inc. v. Prodigy Services Co. as precursors to Section 230 Doppelganger in action: Sanctions for Russian disinformation linked to Kate rumours EU takes shot at Musk over Trump interview — and EU takes shot at Musk over Trump interview — and misses (Politico) The story of Pavel Rubtsov (“Journalist or Russian spy? The strange case of Pablo González”), The Guardian Silicon Valley, The New Lobbying Monster (mentioning Chris Lehane’s campaigns), The New Yorker Financial Times: Clip purporting to show a Haitian voting in Georgia is among ‘Moscow’s broader efforts’ to sway the race “Pseudo-media”:  Spain proposes tightening rules on media to tackle fake news  
    --------  
    28:30

Más podcasts de Economía y empresa

Acerca de Masters of Privacy

Sitio web del podcast

Escucha Masters of Privacy, Libros para Emprendedores y muchos más podcasts de todo el mundo con la aplicación de radio.es

Descarga la app gratuita: radio.es

  • Añadir radios y podcasts a favoritos
  • Transmisión por Wi-Fi y Bluetooth
  • Carplay & Android Auto compatible
  • Muchas otras funciones de la app

Masters of Privacy: Podcasts del grupo

Radio
Aplicaciones
Redes sociales
v6.29.0 | © 2007-2024 radio.de GmbH
Generated: 12/4/2024 - 2:12:17 AM