Posted in April 2013


If Google Cares About Cookie Consent, So Should You

By Phil Lee, CIPP/E, CIPM

Over the weekend, Google made a subtle—but significant—modification to its online search service in the EU: nearly two years after Europe’s deadline for EU Member States to adopt national cookie consent laws, Google rolled out a cookie consent banner on its EU search sites.

If you’re a visitor from the U.S., you may have missed it: the banner shows only if you visit Google sites from within the EU. However, EU visitors will clearly see Google’s consent banner placed at the bottom of its main search page and at the top of subsequent search results. As well as informing visitors that “By using our services, you agree to our use of cookies”, the banner provides a “Learn more” link that visitors can click on to watch a video about Google’s cookie use and to see disclosures about the cookies it serves.

More from Phil Lee

Privacy Community

Setting Privacy Aside, This Is a Tragedy We Can’t Ignore

By Jennifer Saunders, CIPP/US

While there are privacy issues inherent in any national tragedy, this will not be a post about privacy. Here at the IAPP, we, too, are reeling after the events that marred the historic running of the Boston Marathon and changed so many lives in a matter of seconds. Our hearts are with the victims—those whose lives have been lost and those who have suffered unimaginable injuries, and their families and friends.

April 15, 2013, started out as the best kind of Monday here at the IAPP. One of our own—after innumerable runs, an incredible commitment to training and weeks upon weeks of fundraising to support a very worthy cause—was taking part in the Boston Marathon. And, thanks to the wonders of our Information Age, we were able to track her progress as she ran toward her goal of completing the world’s oldest annual marathon.

More from Jennifer Saunders


Getting More Privacy Pros Into HR

By Jedidiah Bracy, CIPP/US, CIPP/E

Last Sunday, in The Globe and Mail’s “Nine to Five” column, an employee working for a U.S.-based public company expressed concerns about having to submit to a mandatory criminal background check. The employee had been at the company for 15 years, and until recently, only new employees would have to consent to a background check. But now,

All employees must undergo a background check annually. It’s framed as a request, but since I said I don’t want to participate, several levels of management have spoken to me about getting it done. Initially the company said failure to comply might result in employees not being involved in certain government contract work.

More from Jedidiah Bracy


What Does a Five-Year-Old Know that Our Privacy Laws Don’t?

By Stanley W. Crosley, CIPP/US, CIPM

I have three children: twins Rachel and Abby, both aged 16 and Jacob, aged 14. While in my second year at Eli Lilly and Company about a decade ago, my wife, Melisa, had a medical procedure. Jake and I drove Melisa to the doctor’s office for the colonoscopy (although HIPAA does not apply, rules of matrimonial harmony do, so I have received a verbal consent for this disclosure). 

When Melisa had safely exited the car, Jake began the interrogation: Is mama getting a shot? No. Then why is she going to the doctor? To get a picture of her tummy. The outside? (Pause, and fatal decision to be honest.) No, the inside. How? (Longer pause.) A camera. How do they get it inside? (Faint awareness of a prior bad decision, but plowing ahead.) It’s a tiny camera and it goes into her bottom.

Absolute silence.

More from Stanley W. Crosley

Privacy on the Ground

The Modern Privacy Function: Balancing Strategy with the Operational

Our previous posts reported some initial conclusions from almost one hundred interviews of leading corporate privacy officers, regulators and other privacy professionals in five countries. The second post explored one surprising finding—that the two countries in which privacy officers were most empowered were Germany and the United States, countries which couldn’t be more different in terms of their regulatory framework—and explored some of the reasons for privacy officer strength in Germany. 

This final post explores a caution raised by privacy officers in both the public- and private-sector regarding particular risks created by attempts to ensure that privacy is part of high-level deliberations within a corporation—risks that must be managed in developing policy regarding privacy.

More from Deirdre Mulligan


Will Retailers Have To Dial It Back in 2013?

By Jedidiah Bracy, CIPP/US, CIPP/E

Offline tracking of consumers by retailers is popping up quite a bit in the news this week, which has me wondering what the end game might be.

First, we learned that Sen. Al Franken (D-MN) still isn’t happy with Euclid Analytics—a company that has reportedly recorded the shopping habits of nearly 50 million Americans.

More from Jedidiah Bracy


What’s One Way Organizations Can Be More Accountable? Privacy Education

By David Hoffman, CIPP/US

Over the past ten years, the components of an accountable privacy program have evolved through a combination of privacy professional best practices (e.g. IAPP materials), scholarship (e.g. the Center for Information Policy Leadership Accountability effort) and regulator action (e.g. FTC consent orders). During the same period, the notice and consent model of privacy regulation has become insufficient and outdated.

As Victor Mayer-Schonberger and Kenneth Cukier observe in their excellent book, Big Data: A Revolution That Will Transform How We Live, Work and Think, “We must protect privacy by shifting responsibility away from individuals and toward the data users—that is, to accountable use.” We must couple this increased focus on accountability with efforts to educate individuals on how technology may impact their privacy. We—government, advocacy organizations and corporations—all share responsibility for this education and awareness.

More from David Hoffman