Posted in April 2013


Will Public Release of Privacy Audits Be the Wave of the Future?

By Jedidiah Bracy, CIPP/US, CIPP/E

It’s pretty rare for a company to issue a press release after its privacy practices have been independently audited. Perhaps some have—and readers, please let me know—but companies generally don’t do such things.

That is, until this week.

More from Jedidiah Bracy


Where Is the Regulation of Transborder Data Flows Headed?

Anyone working in privacy and data protection law is familiar with the restrictions on transferring data outside the European Union contained in the EU Data Protection Directive. But did you know that non-EU countries as diverse as Israel, Mexico, Russia and South Korea have similar restrictions? And that since the 1970s, over 70 countries all over the world have enacted data protection and privacy laws regulating transborder data flows?

The regulation of data flows across national and regional borders under the data privacy laws of dozens of countries and international and regional regulatory instruments is the topic of my new book entitled Transborder Data Flows and Data Privacy Law, which will be published in May by Oxford University Press. European Data Protection Supervisor Peter Hustinx was kind enough to write a foreword to the book.

The subject is too complex to discuss in detail here, but I can share the gist of some of my conclusions.

More from Christopher Kuner


Bridging the EU-U.S. Privacy Gap

By J. Trevor Hughes, CIPP

Privacy has always been a difficult concept to define, and privacy issues are complex.

For Europeans, privacy is a human right, while for Americans, privacy tends to be about liberty. It’s often thought that the Holocaust and the rise of totalitarianism in 20th century Europe have been the catalysts behind the region’s strong privacy and data protection regimes.

A recent book by Edwin Black, in detailed research, examines Nazi Germany’s use of the computer’s forebear to aid in systematic genocide. These Hollerith machines and punch cards helped the Third Reich organize and carry out the atrocities of the Holocaust. And in post-war Europe, the widespread use of surveillance and coercion informed and empowered the Stasi, the KGB and other totalitarian enforcers.

But is that the real reason the U.S. and Europe have such seemingly differing cultural constructions of privacy?

More from J. Trevor Hughes


In Curtailing Hate Speech Online, Will Privacy Sometimes Have To Take a Backseat?

From the cover of the ADL’s Responding to Cyberhate: A Toolkit for Action

This spring has been a mournful time. We mourn for the victims and families of the Boston Marathon bombing. We also mourn for the loss of Anne Smedinghoff, a foreign service officer in Afghanistan killed by a terrorist explosive while delivering books to Afghan children. That loss is especially painful for those of us in the privacy community who know Ann’s dad, Tom Smedinghoff, a peerless colleague whose grace in the face of unimaginable tragedy has been inspirational. Our heartfelt sympathy goes to Tom and his wife Mary Beth.

In the aftermath of tragedies such as these, we are left to ask: “What motivates people to burn with hate to such a degree that they take innocent lives?”

More from Christopher Wolf


If Google Cares About Cookie Consent, So Should You

By Phil Lee, CIPP/E, CIPM

Over the weekend, Google made a subtle—but significant—modification to its online search service in the EU: nearly two years after Europe’s deadline for EU Member States to adopt national cookie consent laws, Google rolled out a cookie consent banner on its EU search sites.

If you’re a visitor from the U.S., you may have missed it: the banner shows only if you visit Google sites from within the EU. However, EU visitors will clearly see Google’s consent banner placed at the bottom of its main search page and at the top of subsequent search results. As well as informing visitors that “By using our services, you agree to our use of cookies”, the banner provides a “Learn more” link that visitors can click on to watch a video about Google’s cookie use and to see disclosures about the cookies it serves.

More from Phil Lee

Privacy Community

Setting Privacy Aside, This Is a Tragedy We Can’t Ignore

By Jennifer Saunders, CIPP/US

While there are privacy issues inherent in any national tragedy, this will not be a post about privacy. Here at the IAPP, we, too, are reeling after the events that marred the historic running of the Boston Marathon and changed so many lives in a matter of seconds. Our hearts are with the victims—those whose lives have been lost and those who have suffered unimaginable injuries, and their families and friends.

April 15, 2013, started out as the best kind of Monday here at the IAPP. One of our own—after innumerable runs, an incredible commitment to training and weeks upon weeks of fundraising to support a very worthy cause—was taking part in the Boston Marathon. And, thanks to the wonders of our Information Age, we were able to track her progress as she ran toward her goal of completing the world’s oldest annual marathon.

More from Jennifer Saunders


Getting More Privacy Pros Into HR

By Jedidiah Bracy, CIPP/US, CIPP/E

Last Sunday, in The Globe and Mail’s “Nine to Five” column, an employee working for a U.S.-based public company expressed concerns about having to submit to a mandatory criminal background check. The employee had been at the company for 15 years, and until recently, only new employees would have to consent to a background check. But now,

All employees must undergo a background check annually. It’s framed as a request, but since I said I don’t want to participate, several levels of management have spoken to me about getting it done. Initially the company said failure to comply might result in employees not being involved in certain government contract work.

More from Jedidiah Bracy