Masters of Privacy

PrivacyCloud
  • 0.0 (0)
  • MARKETING
  • EVERY TWO WEEKS
Masters of Privacy

Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency, control, and personal agency play a crucial role. Sergio Maldonado (host) is a dual-qualified lawyer, LL.M in IT & Internet Law, CIPP/E, CIPT, and PrivacyCloud CEO. Masters of Privacy is hosted and maintained by PrivacyCloud.

  1. 3 DAYS AGO

    Newsroom: Fall 2024

    Time for a Newsroom summarizing everything that’s happened in our usual areas of focus, although we are dropping the last two (Zero-Party Data and Future of media) this time around.  ePrivacy & Regulatory Updates Enforcement On September 5th, the CNIL fined CEGEDIM SANTÉ 800,000 euros for processing health data without authorization. The healthcare software provider collected sensitive personal information, assigning a unique identifier for each patient of the same doctor. This method was considered sufficient to ensure that personal data remained anonymous in order to put together certain comparative studies, but the CNIL concluded that, given the risk of re-identification, it could merely be considered pseudonymized, exposing a breach of the GDPR as a result (for starters, patients had not been informed of additional purposes). A Reference was made to the EDPB’s Opinion 05/2014 on Anonymisation Techniques.  On September 27th The Irish DPC issued a 91 million euro fine to Meta for storing certain user passwords in plain text files.  On October 22nd, NOYB filed a claim against Pinterest before the French supervisory authority alleging that the company relies on legitimate interest to underpin its behavioral advertising practices, in contravention of the CJEU Bundeskartellamt decision. The social network has also been accused of breaching the transparency principle and not responding to data subject requests appropriately.  On October 24th, the Irish DPC imposed a 310m EUR fine on LinkedIn. The professional social network is not properly applying a valid legal basis for targeted ads and the processing of first party data about their members, despite referring to three separate grounds: consent, legitimate interest and contractual necessity. This has also resulted in a breach of the fairness principle. On October 30th, the California Privacy Protection Agency announced an investigative sweep of data broker registration compliance under the Delete Act. This law requires data brokers to register with the CPPA and pay a fee annually.  On November 6th, the Canadian government ordered the closure of TikTok in the country. Citizens are however allowed to keep using the app, as this is considered a personal choice.  Legal updates and guidelines On October 4th, the CJEU resolved a famous dispute between the Royal Dutch Lawn Tennis Association and the Dutch DPA. The latter had imposed a fine on KNLTB for relying on legitimate interest for sharing data with its sponsors for purposes of direct marketing. Five days later, the EDPB requested comments on its draft Opinion on processing data on the basis of Legitimate Interest: It is made clear that this legal basis should not be treated as a “last resort” as it is of equal value to the rest, and a differentiation is made between an interest (or broader benefit that a controller may have) and a purpose (or specific reason why the data is processed). The Opinion has also stated that an interest must be related to the data controller’s activities. On the same day (October 9th), the EDPB adopted its Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors: every controller should extend the diligence they currently have over direct processors to the entire chain of custody, no matter how many degrees apart.  On October 16th, the EDPB adopted new Guidelines on the technical scope of article 5.3 of the ePrivacy Directive: given that very little has changed since they opened up an initial draft for comments, we recorded a separate episode with Peter Craddock pondering the far reaching implications of these Guidelines.  Turning our attention to the UK, on October 7th the UK ICO launched its own Data Protection Audit Framework including self-assessment toolkits and other practical resources.  Also, the UK Data Protection reform is back, now with a Data Use and Access Bill (with a second

    17 min

  2. 10 NOV

    Peter Craddock: ePrivacy exceptions, advertising, analytics, the limits of consent and server-side processing

    The EDPB has finally adopted its much feared Guidelines on the scope of article 5.3 of the ePrivacy Directive, but consent may still be avoided in some cases not specifically covered by an exemption (e.g., analytics). Absent such an exception, and in light of dismal consent rates, publishers and platforms have embraced highly controversial “Consent or Pay” models. Plan C? Server-side processing (Conversion APIs, Enhanced Conversions, Data Clean Rooms…), not without its own challenges. We have gone through all of it with Peter Craddock in his second appearance on Masters of Privacy.  Peter Craddock is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. He is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Op-Ed: A critical analysis of the EDPB's "Pay or Consent" Opinion (Peter Craddock) Peter Craddock: Comparison of the final version of the EDPB’s ePrivacy guidelines with the version of November 2023 (including links to more in-depth comments on those guidelines) EDPB Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms AEPD guidelines for the use of cookies without need for consent in the context of digital analytics (ES) Peter Craddock on Masters of Privacy (February 2024): Could core advertising components fall under the “strictly necessary” exemption of the ePrivacy Directive? Romain Robert: Pay or OK in AdTech - How it started and where it’s going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)

    59 min

  3. 3 NOV

    Lukasz Olejnik: Propaganda, misinformation, the DSA, Section 230, and the US elections

    Dr Lukasz Olejnik (@lukOlejnik), LL.M, is an independent cybersecurity, privacy and data protection researcher and consultant. Senior Visiting Research Fellow of the Department of War Studies, King’s College London. He holds a Computer Science PhD at INRIA (French Institute for Research in Digital Science and Technology), and LL.M. from University of Edinburgh. He worked at CERN (European Organisation for Nuclear Research), and was a research associate at University College London. He was associated with Princeton's Center for Information Technology Policy, and Oxford's Centre for Technology and Global Affairs. He was a member of the W3C Technical Architecture Group. Former cyberwarfare advisor at the International Committee of the Red Cross in Geneva, where he worked on the humanitarian consequences of cyber operations. Author of scientific articles, op-eds, analyses, and books Philosophy of Cybersecurity, and “Propaganda”. He contributes public commentary to international media. References: Full interview transcript (on Medium) Propaganda, by Lukasz Olejnik Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique (Newsletter) Lukasz Olejnik on Mastodon Lukasz Olejnik on X EU Digital Services Act (DSA)  Section 230 (“Protection for private blocking and screening of offensive material“)  of the Communications Decency Act (1996) Cubby, Inc. v. CompuServe Inc. and Stratton Oakmont, Inc. v. Prodigy Services Co. as precursors to Section 230 Doppelganger in action: Sanctions for Russian disinformation linked to Kate rumours EU takes shot at Musk over Trump interview — and EU takes shot at Musk over Trump interview — and misses (Politico) The story of Pavel Rubtsov (“Journalist or Russian spy? The strange case of Pablo González”), The Guardian Silicon Valley, The New Lobbying Monster (mentioning Chris Lehane’s campaigns), The New Yorker Financial Times: Clip purporting to show a Haitian voting in Georgia is among ‘Moscow’s broader efforts’ to sway the race “Pseudo-media”:  Spain proposes tightening rules on media to tackle fake news

    29 min

  4. 27 OCT

    Ben Winokur: data anonymization through AI-generated synthetic data

    Can we leverage AI-generated synthetic data as a privacy-enhancing or data anonymization solution? How compatible is it with Data Clean Rooms? Will there be a path to effectively anonymize unstructured data? Ben Winokur is the co-founder and CEO of Subsalt, the leading platform for anonymous synthetic data. Prior to Subsalt, Ben worked in a variety of legal, product, and operational roles at Passport, where he first encountered the problem Subsalt solves: privacy and security risks have made it too expensive and difficult to access, share, and analyze sensitive private data. References: Ben Winour on LinkedIn Subsalt Jonathan Mendez and Alex Dean: Data Clean Rooms: Feature, Product or Platform? European Data Protection Supervisor: TechSonar report on Synthetic Data (and its use as a Privacy Enhancing Technology)

    34 min

  5. 20 OCT

    Monica Meiterman-Rodriguez: automation, data minimization and comparative law in DSRs (US focus)

    Monica Meiterman-Rodriguez is a Partner at Tueoris, an international privacy and security consulting firm, currently residing in Barcelona. She utilizes her US law degree and her experience in data protection and privacy to assist global clients in developing, maintaining, or growing their privacy programs. She has experience supporting compliance across global regulations including US state and federal requirements, EU/UK GDPR, PIPEDA, LGPD, etc. in addition to advising on specialized matters in the AdTech space such as targeted advertising, data analytics, AI and growing industry guidance (e.g., IAB, DAA, etc.). Monica is a member of the New York State Bar, New Jersey State Bar, as well as a Certified Information Privacy Professional (CIPP/US/E) and the Chapter Chair of the IAPP in Barcelona (Spain). References: Monica Meiterman on LinkedIn California Consumer Privacy Act EDPB Guidelines 01/2022 on data subject rights - Right of access GDPR Violation: German Privacy Regulator Fines 1&1 Telecom(BankInfoSecurity) Groupon Ireland Operations Limited – March 2024: the DPC finds that Groupon infringed Article 5(1)(c) GDPR by having initially required the complainant to provide a copy of their ID in order to verify their identity for the purposes of their access and erasure requests.

    38 min

  6. 13 OCT

    Simon Hania (Uber): Uber Ads, vendor audits, location data, AI, and the role of the DPO

    Simon Hania is Global Data Protection Officer at Uber, heading the team that independently advises on and monitors Ubers compliance with data protection laws. In the past Simon held the position of VP Privacy & Security at TomTom and before that various positions in IT service management. Simon is a trained engineer who has learned to love the law. References: Simon Hania on LinkedIn Masters of Privacy Summer Newsroom, covering Uber’s $290 EUR fine in The Netherlands Glovo (food delivery) receives a 500k EUR AEPD fine for sending rider location data across borders (started in Italy) FTC Finalizes Order with X-Mode and Successor Outlogic Prohibiting it from Sharing or Selling Sensitive Location Data Uber Ads

    29 min

  7. 6 OCT

    AI governance, MHMD, and third-party risks at PSR 2024

    The IAPP’s annual “Privacy. Security. Risk.” event took place in Los Angeles last week. Both Celine Takatsuno and Sergio Maldonado attended, took some notes, and now share their experiences and takeaways.  References: Sergio Maldonado (Medium): PSR 2024 Takeaway (DPAs, Vendor Audits, MHMD Act) Mike Hintze: Blog post series on Washington State’s My Health My Data Act IAPP: Agenda and speakers at PSR 2024.

    33 min

  8. 29 SEPT

    Jonathan Mendez: making the most of first-party data in the age of AI

    Jonathan Mendez has been a founder and leader in Adtech and Martech for two decades, with a focus on building first-party data products to optimize media performance.  He is the founder and CEO at Neuralift AI, having prior to that been Chief Digital Officer at a major cruise line, and having also spent five years building composable CDPs (Customer Data Platform) for global retail brands and telcos. He was also the Founder and CEO of Yieldbot, which in 2016 was the fourth largest Digital Advertising Network. He was also the CSO at Offermatica, eventually acquired by Omniture, now part of Adobe.  Jonathan’s blog has been active for 17 years and is a recognized source of insights into AdTech, MarTech or Media. References: Jonathan Mendez (blog): Optimize & Prophesize Neuralift AI Jonathan Mendez on X Jonathan Mendez on LinkedIn Tejas Manohar (Hightouch): data activation and composable CDPs in a privacy-first world (Masters of Privacy) Nicola Newitt (Infosum): the legal case for Data Clean Rooms (Masters of Privacy) Matthias Eigenmann (Decentriq): Confidential Computing, contractual relationships and legal bases for Data Clean Rooms (Masters of Privacy)

    42 min
See All (88)

Trailer

About

Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency, control, and personal agency play a crucial role. Sergio Maldonado (host) is a dual-qualified lawyer, LL.M in IT & Internet Law, CIPP/E, CIPT, and PrivacyCloud CEO. Masters of Privacy is hosted and maintained by PrivacyCloud.

Information

  • Creator
    PrivacyCloud
  • Years Active
    2020 - 2024
  • Episodes
    88
  • Rating
    Clean
  • Copyright
    © Copyright PrivacyCloud
  • Show Website
    Masters of Privacy

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada