DiscoverPrivacy Paths
Privacy Paths
Claim Ownership

Privacy Paths

Author: Privacy Laws & Business

Subscribed: 10Played: 50


News, legal analysis and management guidance on data protection and privacy laws around the world.
14 Episodes
Laura Linkomies talks to two privacy experts, Marta Dunphy-Moriel, Partner at Deloitte, and Alexander Dittel, Associate Director  at Deloitte about privacy issues with adtech. Learn what companies using adtech can do to be transparent and comply with the UK Data Protection Act. 
Do app developers gather information in a legally sound way? Apps often involve trading one’s personal data for a usually free useful or entertaining service. Data privacy laws apply to apps so how can developers navigate this legal terrain?We explore Clubhouse, the audio meeting app which is on a rising trend, and the privacy laws which apply to it, as they do to all apps.The key legal questions we ask in this episode: do users understand the process? and do they know how much data the app developers are using or “harvesting”? These issues are heightened because of mobile devices’ small screen sizes; the complexity of the opt-in or opt-out process; and the use of persuasive techniques by deploying colour and design to persuade users to consent or ‘opt-in’ to use of their personal data. We all know that app developers want access to one’s contacts and location – but is this lawful? Companies want to monetise valuable data by analysing it and sharing it with other parties. This happens largely because the individuals desire the essential and attractive (at least in the mind of the prospective user) service provided by the apps. Are the regulators keeping up? These app companies seem to live in a different world from more conventional companies, and we ask how hard the law will have to work to catch up?Participants:Richard Nicholas, Partner, Browne Jacobson LLPHelena Wootton, Correspondent and Data Lawyer, Privacy Laws & BusinessStewart Dresner, Chief Executive, Privacy Laws & Business
Laura Linkomies talks to Jenai Nissim, Director of HelloDPO and James Young, Legal Counsel for the Frasers Hospitality Group, the global hospitality company which includes Malmaison Hotels. They cover what is included in the role of Data Protection Champions, how they won top executive buy-in, made Data Protection Champions work on a win-win basis, and how  benefits have rolled out across the group in many countries.
China issued a draft law on the Protection of Personal Information in October 2020. Now that the consultation period has closed and the law is expected in 2021, Yan Luo, Partner at Covington & Burling’s Beijing office explains some of the key aspects of the draft and what it will mean for companies doing business with China. 
Opt-out rights are enshrined in many national privacy laws and regulations, which provide individuals with a right to opt-out of unwanted marketing. But this is a time-consuming process and often requires know-how and commitment. Global Privacy Control (GPC) is a new mechanism which enables anyone to easily opt out of website-based marketing. Rob Shavell, Founder and CEO of Boston-based Abine (which includes DeleteMe and Blur), explains the organisations, websites and major media groups behind GPC. They include the Washington Post, the New York Times, the Financial Times, browsers, including Mozilla’s Firefox, DuckDuckGo, Brave and Consumer Reports. They are working together to develop GPC. We discuss with Rob how GPC’s web-based opt-out works and how it could enable website users to implement their opt-out rights around the world. The opt-out right for individuals has gained traction in the USA as a result of California’s Privacy Rights Act of 2020 but the principle applies wherever the GDPR ripples around the world. How has the attitude of major tech companies to opt-out technology developed in recent years? The new US federal political landscape in January 2021 could provide fertile ground for a federal privacy law which might include these rights. Will privacy regulators in other countries start to recognise the value of GPC and will the mass of consumers take up GPC?Participants:Rob Shavell, Founder and CEO, Abine; DeleteMe and BlurHelena Wootton, Correspondent and Data Lawyer, Privacy Laws & BusinessStewart Dresner, Chief Executive, Privacy Laws & Business
How did FutureFlow (a start-up business)  win the confidence of the United Kingdom’s ICO’s regulatory sandbox to enable its anti-money laundering service to be ready for the market and also protect personal data?Share the inside story of how FutureFlow has developed its software with the cooperation of major financial institutions and the financial regulatory authorities to track the flow of money in the international monetary system. FutureFlow’s objective is to be transformative for society by combating multi-billion dollar money laundering, and to enable personal data to be retained by the individual bank while sharing suspicious transactions with the authorities. We show how the ICO was helped in its work by close cooperation with the Financial Conduct Authority. This narrative has an international dimension, as the fight against money laundering does not stop at national borders. If your company is doing something daring with personal data, but you are willing to have your positions challenged by exploring the boundaries of data protection law, this podcast will help you to move forwards to achieve a win-win in both commercial and regulatory terms.We talk to the founder of FutureFlow and the head of regulatory assurance at the UK Regulator. Find out how both sides have benefited and learned from their experience of this one year ICO regulatory sandbox programme.Participants:Chris Taylor, Head of Assurance (Supervision), Information Commissioner’s OfficeVadim Sobolevski, Co-Founder, FutureFlowHelena Wootton, Correspondent and Data Lawyer, Privacy Laws & BusinessStewart Dresner, Chief Executive, Privacy Laws & BusinessSee Privacy Paths episode 6 for the first podcast on the ICO’s regulatory sandbox.If you are interested in applying for the ICO’s Regulatory Sandbox, you can find more information on their website.
HR data in Covid times

HR data in Covid times


COVID-19: The impact on wellbeing and the use of personal data in HR.What has been the impact of COVID-19 on the mental health and wellbeing of employees? How are organisations balancing their obligations under data protection laws when using employee data to ensure the effective management of their employees? What steps should organisations take with particular care for processing sensitive health data? How should organisations recognise the boundaries between work life and home life when so many people are now working from home? At what point does management monitoring become too intrusive? This podcast provides useful answers to these questions.Participants Alison Deighton, Director and Co-founder, HelloDPOJenai Nissim, Director and Co-founder, HelloDPOHelena Wootton, Correspondent and Data Lawyer, Privacy Laws & Business
The European Data Protection Board has issued GDPR controller-processor guidelines (for consultation) which define the roles and responsibilities for the different actors. Laura Linkomies talks with Elisabeth Jilderyd, International Legal Advisor and Coordinator, International and EU Department at Sweden’s Data Protection Authority about the controller-processor relationship, joint controllers, drawing up agreements between the parties, and their responsibilities in case of a data breach.
Innovation and privacy are often regarded as incompatible. They were brought together for mutual advantage in the United Kingdom’s ICO’s regulatory sandbox. Onfido, which provides proof of identity using facial recognition, has now emerged from the sandbox in its first cohort. We discuss with Onfido's Director of Privacy and the ICO’s Head of Assurance how they assessed the risks and took the plunge. Find out how both sides have benefited and learned from their experience of this one year programme. Participants: Chris Taylor, Head of Assurance (Supervision), Information Commissioner’s Office Neal Cohen, Director of Privacy, Onfido Helena Wootton, Correspondent and Data Lawyer, Privacy Laws & Business Stewart Dresner, Chief Executive, Privacy Laws & Business The article on Onfido’s rationale for entering the sandbox, published in the September 2019 edition of Privacy Laws & Business United Kingdom Report is available free of charge by e-mailing If you’re interested in applying for the ICO’s Regulatory Sandbox, you can find more information on their website.
The online advertising market is changing rapidly. Regulators are on the case. Consumers are waking up to that fact that their personal data is being used (or mis-used), and are taking back control. How are businesses reacting and what does the future hold for this multi-billion dollar industry. Tom Cooper discusses these issues with privacy lawyer Abigail Dubiniecki, My Inhouse Lawyer.For more details see Abigail's article: Achieving a privacy-first Adtech digital marketing strategy, in PL&B UK Report July 2020.See also:IAB Europe Guide to the Post Third-Party Cookie EraICO's Update Report into Adtech and Real Time Bidding 
The end of 2020 and the EU-UK transition period is fast approaching. Valerie Taylor and  Helena Wootton discuss what will happen to international transfers of personal data from the EU to the UK and how should organisations prepare.A fuller analysis is available in the July 2020 edition of Privacy Laws & Business UK Report.
In a podcast aimed at licencees and managers, Helena Wootton, Stewart Dresner and Tom Cooper discuss possible data protection pitfalls of collecting data from customers and make some practical suggestions.Useful links: UK Government guidance - Keeping workers and customers safe during COVID-19 in restaurants, pubs, bars and takeaway services Hospitality -  Coronavirus track and trace: 7 steps to complying with data protection law from Stewart Dresner, Privacy Laws & Business:"I stated in the podcast that retaining personal data for its purpose, in this case for Covid-19 tracing, (the purpose limitation principle) is a longstanding principle going back to the UK’s Data Protection Act 1984. I wrote an article in The Economist  in 1987 reflecting the importance of this principle by referring to the first use of a search warrant by the Data Protection Registrar [the regulator] to investigate a part-time policeman who was suspected of using the Police National Computer to check up on the boyfriend of his daughter. A similar case involving a policeman, who worked part-time as a debt collector, led ultimately to a decision in the UK’s highest court referenced as R. v. Brown [1996] 1 AC543 on interpretation of the Data Protection Act 1984 Section 1 (7)"
How have Covid-19 tracing apps addressed data protection issues? Do they work and are there lessons there for all app developers?Hosted by Tom Cooper, Deputy Editior, with Laura Linkomies, Editor, and Helena Wootton, Data Lawyer and Correspondent.MIT article on tracing the tracing apps mentioned in the discussion -
In our first podcast, Professor Graham Greenleaf, PL&B Asia Pacific Editor, discusses the privacy aspects of Australia’s CovidSAFE voluntary contact tracing app with Stewart Dresner, Publisher, Helena Wootton, Data Lawyer and PL&B correspondent and Tom Cooper, Deputy Editor.A fuller analysis is available in the June 2020 edition of Privacy Laws & Business International Report.
Download from Google Play
Download from App Store