Episode 1: Data Protection and Privacy discusses pragmatism, activism, and arsonism in the privacy space, Big Tech, and the success of Privacy by Design.

BBC’s Cybersecurity Correspondent, Joe Tidy was joined by ”The GDPR Guy” Podcast presenter, Carl Gottlieb for the weekly news edit, as well as Dr Carissa Veliz, author of Privacy is Power and Associate Professor at University of Oxford, for a fireside chat about the reigning authority of Big Tech.

Tidy was also joined by the “founding mother of Privacy by Design,” Dr Ann Cavoukian, as well as fellow panellists Caroline Louveaux, Chief Privacy Officer at Mastercard, Richie Evans, Chief Privacy Officer at IKEA, and Elisavout Dravalou, Data Protection Consultant at DPOrganizer.

Discussing last week’s biggest news stories in the PrivSec space, Carl Gottlieb, in reference to Spain giving out the highest number of fines, according to Privacy Affairs’ new research, tells the audience not to “judge a regulator by the number of fines they give [..] as an effective regulator is not one that fines a lot, but provides guidance.”

In the case of the ICO, which Gottlieb has been critical of in the past, he says, “[The ICO] gets a lot of criticism but hey, they give some fantastic advice.”

Illustrating this was the GDPR’s resilience against the pandemic, he adds, stating that it certainly “passed the pandemic test”.

He continues by saying, “One of the big criticisms of the GDPR is that it’s too woolly; people want to comply they just don’t really know how so they avoid it out of fear. A great example of that is the number of US media organisations that still block access from the EU.”

In recent weeks’ news, this has been evidenced by Facebook’s emerging EU data transfer ban.

When asked by Tidy if this is the result of Max Schrems’s court battle with Facebook last year, Gottlieb laughs and says:

“It’s 100% his fault,” adding:

“One of the challenges in privacy is you’ve really got two types of privacy people working. You’ve got the ones working inside companies, which usually have to be pragmatists, and the ones that are outside, usually the activists - the ones who are trying to change society, change the rules, and Max Schrems sits in that world.”

“Sometimes it can feel that those kinds of people are, rather than privacy activists, they’re privacy arsonists, because it feels sometimes that they’re trying to burn the world down. And you talk to some of them, and they say, “We are. We want to burn the whole thing to the ground and start again in a really clean and compliant way.””

“Now, the problem with that is that the world doesn’t work like that in my view; data is still going to flow, things are still going to happen.”

Taking a different perspective to Carl Gottlieb, was Dr Carissa Veliz who argued that having more public control over data can still achieve the same vision of innovation, but with the safety of having data deleted periodically.

Making the point that consent in privacy is a deeply flawed concept, she says: “The default should be no data collection,” adding, “What does it mean to consent to something that you don’t understand? Even a data scientist cannot tell you how your data is being used or where it ends up.”

Dr Veliz believes it is time that companies like Facebook rethink their business models.

“You can see it has an expiry date, people don’t want it anymore,” she says.

“Apple’s business model doesn’t depend on personal data, but they are not a saint.”

Dr Carissa Veliz

Ultimately, she argues to avoid a crisis point, “Big tech need to know less about us, and we need to know more about them. They get to decide what counts as knowledge about us.”

Panel Discussion

Discussing the success of Privacy by Design with the designer herself, Dr Ann Cavoukian, fellow panellist Caroline Louveaux from Mastercard says, “Privacy by Design came into force in Mastercard before GDPR […] Today’s customers and consumers are demanding privacy.”

Following on, Dr Cavoukian says, “There is a trust deficit right now and everyone is trying to address it.” She continues, “the interest in privacy in the last few years […] I have never seen concern for privacy at 90% before.”

Though the Privacy by Design framework has recently been adopted by the likes of Google, Data Protection consultant, Elisavout Dravalou from DPOrganizer says, “We tell people what they have to do, but we also have to tell them why […] There is still some persuasion, particularly in mature organisations. You need to have a good idea of data subject rights.”

Echoing this, Richie Evans, Chief Privacy Officer at IKEA says, “We’re not going to make a chair and then decide after if it’s safe or not. The difficulty is getting everyone on the same level of understanding. […] The key for me is getting the training and awareness and understanding of what the key risks are, what is the risk appetite?”

“I am delighted with the way it has been embraced all around the world,” Dr Cavoukian adds. “My message to everyone is privacy is a positive, abandon zero sum pursuits.”

In Episode 2: AI & Synthetic Media, Joe Tidy will be In Conversation with Nina Schick for Synthetic Media & the Future, and special guests, Victor Riparbelli, a tech-entrepreneur and CEO of Synthesia and Henry Ajder, a leading deepfake researcher.

Later, join Joe Tidy for: Is the cat out the bag with AI? A discussion with Ivana Bartoletti, founder of Women in AI and Techinical Director at Deloitte, Megan Marie Butler, a subject matter expert in AI in HR and the future of work, and Rogelio Aguilar Alamilla, Deputy Head of Privacy Operations at BNP Paribas and Member of the European AI Alliance.

GRC TV

To register to watch GRC TV Episode 2, click here.

To watch GRC TV Episode 1 on-demand, click here.

PrivSec Global

Register for PrivSec Global 2021, here.

FinCrime World Forum

Register for FinCrime World Forum 2021, here.