Privacy Chats with Rachel and John

We all know the saying: nothing is certain except death and taxes. But in today’s digital world, there’s a third certainty—data. In this episode of Privacy Chats with Rachel and John, we ask a big question: what happens to your digital footprint after you die?💬 From personal anecdotes to platform policies, we explore:⚰️ The default “limbo” state of accounts on Google, Facebook, and Apple🛠️ Practical tools like Google’s Inactive Account Manager & Apple’s Legacy Contacts📜 Estate planning laws (like RUFADAA) that give loved ones digital access📉 The risks of doing nothing—and letting outdated Terms of Service decide for you🔑 Why password managers might be your unsung digital heirsThis episode is a wake-up call (and a gentle nudge) to take action while you can. 👀 Tune in, reflect, and maybe even update your password vault.Approximate timestamps:00:00 🎙️ Intro – Death, Taxes... and Data?  01:45 🧠 What Happens to Our Data After We Die?  04:10 👵 A Generational Shift in Digital Footprints  06:30 🗃️ Google Drive & Inactive Account Manager  10:45 📨 Setting Up a Digital Legacy with Google  13:15 📘 Facebook Memorialization & Legacy Contacts  17:40 💔 A Real Example: Remembering a Friend on Facebook  20:30 ❓ Who Can Request Memorialization (and How)?  23:20 ⚖️ The Legal Void Around Post-Mortem Data  26:00 📜 Estate Planning, RUFADAA & Digital Assets  28:40 🛠️ Tools to Prep: Password Managers & Account Access  30:15 🍏 Apple’s Legacy Contacts – Pros & Limitations  33:00 🎶 Why Digital Purchases Don’t Really Belong to You  34:50 🧩 Recap – 4 Things to Do Before You Die (Digitally)  35:45 📝 Disclaimer & Next Episode Preview  ___________________________________________________________________________________________________________________________________________________________________________________________________While this video's content is based on our own thoughts and professional opinions, it was also made possible through the consultation of the following resources: Benjamin Franklin’s last great quote and the Constitution: https://constitutioncenter.org/blog/benjamin-franklins-last-great-quote-and-the-constitutionWhat Happens to Your Social Media Assets After You Die?: https://www.cccba.org/article/what-happens-to-your-social-media-assets-after-you-die/Facebook Legacy Contact Settings: https://www.facebook.com/settings?tab=memorializationReport a deceased person’s Facebook profile: https://www.facebook.com/settings?tab=memorialization

In this episode of Privacy Chats, we explore the growing global momentum behind comprehensive privacy regulations. With over 140 countries that have embraced laws inspired by the GDPR, Rachel and John zoom in on four frameworks in particular: GDPR (EU), LGPD (Brazil), APPI (Japan), and PIPA (South Korea) — highlighting how they align (and diverge) across key areas including:Scope and extraterritorial reachLawful bases for processingData subject rightsSensitive data definitionsDPO and DPIA requirementsBreach notification rulesEnforcement, sanctions, and international data transfersAlong the way, we analyze which countries are still lagging, where U.S. state laws fit into the picture, and how global organizations can navigate compliance across borders.________________________________________________________________________________________________________________________________This episode was inspired by the following publications and resources:European Commission: GDPRhttps://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en?utm_source=chatgpt.comhttps://commission.europa.eu/law/law-topic/data-protection_enANPD Brazil: LGPDhttps://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdfSouth Korea PIPC: PIPAhttps://www.pipc.go.kr/engJapan PPC: APPIhttps://www.japaneselawtranslation.go.jp/en/laws/view/2616/en

Visual Artifacts Here! On Episode 33 of Privacy Chats, we revisit the United States’ evolving approach to AI governance, breaking down the latest policy mandates and exploring what they mean for responsible AI procurement, innovation, and public trust.And for a bit of perspective, we rewind the clock—comparing today’s AI frontier to past regulatory turning points, like the rise of the FDA.____________________________________________________________________________________________________________________________________________________________________________________This episode was informed by the following publications: - https://learn.g2.com/eu-ai-continent-action-plan - https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/ - https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence- https://www.theverge.com/2025/1/21/24348504/donald-trump-ai-safety-executive-order-rescind

This is a 3-part episode, so see below for the time-stamps discussing each topic:🇪🇺 Europe’s AI Ambitions: 00:00-25:00 The EU is stepping up with new announcements aimed at accelerating its AI strategy. But is it too late to compete with the US and China, and how might this shape their positioning as key global privacy regulators? We unpack the optimism, the funding, and the political will behind Europe's AI push.🧬 23andMe’s Identity Crisis: 25:00-40:50 Once a pioneer in consumer genomics, 23andMe is now navigating a very public privacy backlash and a Chapter 11 bankruptcy. We explore what went wrong—and what it signals about trust in data-driven health companies.🧠 Chat Memory Is Here: 40:50-55:44 OpenAI just launched a game-changing “memory” feature that remembers your preferences and builds continuity across chats. Helpful or a little too close for comfort? We dive into the privacy implications and use cases.________________________________________________________________________________________________________________________________________________________________This episode was informed by the following publications: Europe’s AI Optimism: European Commission's latest AI initiatives look to drive competitiveness, broader integration: https://iapp.org/news/a/european-commission-s-latest-ai-initiatives-look-to-drive-competitiveness-broader-integrationShaping Europe’s leadership in artificial intelligence with the AI continent action plan: https://commission.europa.eu/topics/eu-competitiveness/ai-continent_enGDPR Simplification (LinkedIn post written by Stephan Geering): https://www.linkedin.com/pulse/gdpr-simplification-wish-list-stephan-geering-lnbge?utm_source=chatgpt.com23andMe: Congress has questions about 23andMe bankruptcy: https://techcrunch.com/2025/04/19/congress-has-questions-about-23andme-bankruptcy/?utm_source=chatgpt.comHow 23andMe's bankruptcy led to a run on the gene bank: https://www.npr.org/2025/04/25/1247139353/23andme-data-genome-bankruptcy-privacy-customer-data?utm_source=chatgpt.comWhat will happen to your 23andMe data — and can you delete it?: https://www.thetimes.com/us/news-today/article/what-happen-23andme-data-how-delete-tfjn5lfmx?utm_source=chatgpt.com®ion=globalChatGPT Memory Updates: ChatGPT can now remember and reference all your previous chats (Ars Technica): https://arstechnica.com/ai/2025/04/chatgpt-can-now-remember-and-reference-all-your-previous-chats/ Memory FAQ - OpenAI: https://help.openai.com/en/articles/8590148-memory-faq

HIPAA is a critical piece of the nuanced privacy puzzle in the US, but it’s often misunderstood — frequently reduced to just a medical form or mistaken for a blanket privacy law. On Episode 31 of Privacy Chats with Rachel and John, we bring you a HIPAA “crash course” - who it’s for, data in scope, and the consequences of non-compliance. And, just for fun, here are some silly HIPAA puns brought-to-you by ChatGPT: "HIPAA-chondriac" – Someone who constantly worries about privacy breaches."HIPAA-ly ever after" – What you hope for after a successful compliance audit."HIPAA-crite" – Someone who preaches privacy but doesn’t follow the rules."HIPAA-critical situation" – When someone is taking compliance a little too seriously.________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________This episode was directly informed by the US Department of Health and Human Services’ dedicated HIPAA page and by publications from the HIPAA Journal: https://www.hhs.gov/hipaa/for-professionals/privacy/index.htmlhttps://www.hipaajournal.com/new-hipaa-regulations

On Episode 30 of Privacy Chats with Rachel and John, we take a look back at the eventful-ness of 2025 thus far, including DeepSeek’s shake-up of the global AI tech sector and continuous policy implications of the new US Presidential Administration peeling back previous AI safety mandates. Have AI acceleration priorities eclipsed AI safety priorities? If so, how long will it take for the greatest harm to be felt? Would greater enforcement pressure lead to more compliance?This episode was informed by the following sources: "Congressional Committee Kickstarts New Federal Privacy Law Dialogue"​"Why AI Lawyers Need a New Ethical Code"​ "DeepSeek’s Popular AI App Is Explicitly Sending US Data to China""DeepSeek rushes to launch new AI model as China goes all in"​ - Reuters"A view from DC: The price of privacy enforcement"​ "A view from DC: US House Republicans organize a privacy working group" "A view from DC: The first few days of Trump’s AI and privacy agenda" Sean O’Brien on Privacy Safe SocialJen Easterly On The Future of Cybersecurity and Her Agency's SurvivalForeign Hackers Are Using Google’s Gemini in Attacks on the US

In Episode 29 of Privacy Chats, Rachel and John cover the growing concerns over cybersecurity and privacy as it relates to Chinese-made consumer technology and how numerous countries have responded to such risks. They discuss the ever-evolving position of the U.S. with respect to TikTok and the downstream effects of our political landscape on U.S.-based Technology companies.________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________The episode was informed by the following resources & publications: Article about data being stolen through camera apps. What do our security agencies have to say about this? "China State-Sponsored Cyber Threat: Advisories" Advisory about Small Office / Home Offices Comments by Christopher Wray on the China Threat on 60 Minutes on January 12th Colonial Pipeline Attack CISA / FBI Joint Statement about PRC Targeting Telecommunications Recommendation to use encrypted telecommunications Article about China pursuing intellectual property U.S.-China Economic and Security Review Commission Chinese Spy Balloon U.S.-China Economic and Security Review Commission (2024 Report) Translation of the China Data Security Law Information about the 2 laws passed in 2021 Pillsbury Law Firm Article about the China Data Security Law NYOB Action against TikTok and others  Article about TikTok bans around the worldNYT Article about TikTok and the current status TikTok Project Texas

Decentralized social media is gaining traction, but is it really the future of online discourse? Many users are begging for a paradigm shift in how social media platforms are governed today. This stems from growing concerns about mainstream, centralized platforms’ impact on privacy, democracy, mental health, and public discourse. In episode 28 of Privacy Chats, we investigate the rise of platforms like BlueSky, exploring how they work, their privacy implications, and whether they truly offer an alternative to centralized giants like X and Threads. We succinctly break down the AT Protocol, content moderation models, and the broader challenges of balancing user control with accessibility. Tune in for an insightful discussion and decide for yourself whether decentralized social media platforms will indeed represent a new paradigm shift for social media —or if it's destined to remain a trend. This episode was informed by the following sources: ⁠Bluesky Privacy Policy⁠ - last updated May 22, 2024AT Protocol Quickstart Guide, Glossary of TermsEmbedded.Substack.com: Seizing social media for the people- by Kate Lindsay on Januray 29, 2025DustyCloud.org: How decentralized is Bluesky really? - By Christine Lemmer-Webber on November 22, 2024TheWrap.com: Bluesky’s Momentum Rolls on, as Daily Users Surge 45% Since Thanksgiving by Sean Burch on December 20, 2024

Replying to those ridiculous “hi, how are you?” texts sound like innocent fun. But what if there’s something much more complex going on under the surface? On episode 27 of Privacy Chats with John and Rachel, we investigate the ever-growing popularity of text-based scams, from "warming" phone numbers to "pig butchering" schemes (wild name, huh?) AND “smishing” attempts disguised in everyday transactions, such as package tracking and road toll notices. We break down how scammers manipulate victims, the tactics used to gain trust, and how these scams have continued to evolve globally. With practical security tips and insights from authoritative sources, our goal is to equip listeners with the knowledge to keep their friends and families safe from these increasingly sophisticated digital threats.This episode was informed by the following publications & forums: FTC: How to Recognize and Report Spam Text MessagesUS Senate Federal Credit Union Security Corner Blog: Why Responding to “Hi, How Are You” Texts Can Be RiskyBuilding a Digital Defense against Oops Wrong Number TextsPig Butchering ScamsFTC: Why It’s Not Rude To Ignore Hi How Are You Text Messages From StrangersBitDefender: Wrong Number Text Scams and How To Protect Against Themr/Scams Reddit Discussion & Anecdotes on Random Hello Textsr/OutOfTheLoop Reddit Discussion: What’s going on with scammers “happening to text the wrong number”?

On Episode 27 of Privacy Chats with Rachel and John, we build upon our prior episode uncovering gift card scams - this time, focusing on how scammers trick people into purchasing and sending gift card details under false pretenses - such as fake IRS threats, tech support scams, or impersonation schemes - what they’re used for, why they’re effective, and most importantly, key prevention tips to help you and your family keep your wits about you in the new year! ................................................................................................................................................................................................................................................................................................................................................................Resources that inspired our episode:Maryland Legislation ~ Consumer Protection - Retail Sales of Gift Cards (Gift Card Scams Prevention Act of 2024)https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/hb0896?ys=2024RShttps://mgaleg.maryland.gov/2024RS/fnotes/bil_0006/hb0896.pdfGift Card Exchange websitehttps://www.cardcash.com/sell-gift-cards/Reddit Thread about Scammers extracting money from gift cardshttps://www.reddit.com/r/explainlikeimfive/comments/1ckyqu3/eli5_how_do_scammers_extract_money_from_the_gift/Jim Browning YouTubehttps://www.youtube.com/watch?v=h9Rk51WQC9AMoney.com article about sites to sell gift cardshttps://money.usnews.com/money/personal-finance/spending/articles/sites-to-sell-gift-cards-online

Gift cards are a fun way to spread holiday joy, removing the guesswork for the giver while ensuring the recipient gets exactly what they’re looking for…... .until you find that a scammer has interfered in the process! On Episode 25 of Privacy Chats with Rachel and John, we break down the vulnerabilities and scams associated with gift cards, particularly those involving the theft or misuse of funds loaded onto gift cards, based on John’s own experiment evaluating the security of cards between different vendors. Tune in to learn about the various security features (or lack thereof) on common gift cards, how scams often occur, and different prevention strategies to minimize risks for gift card givers and receivers.

People often wonder if their phone is listening to them when they see advertisements related to things that they recently discussed, but didn’t search on their phone.  Could this be true?  Is your phone listening to you?On Episode 24 of Privacy Chats with Rachel and John, we look at published findings of other people who have dived into this topic.

Artificial Intelligence continues to move the boundary of hypothetical technologies - such as brain reading devices - closer and closer to reality. How close we are to that boundary today, and where that boundary sits in terms of becoming a threat to privacy and civil liberties, remains a subject of debate. On Episode 23 of Privacy Chats, Rachel and John discuss the progress made in recent neurotechnology advancements as well as other affect-recognition technologies, including non-invasive video reconstruction using brain activity and brain fingerprinting (yes - you read that right!) What can, or should, we expect as far as effects on law enforcement and personalized advertising activities? Is it too early to tell? Tune in and join the conversation too find out! This episode was inspired and informed by the following publications: 19 May 2023 - Cinematic Mindscapes: High-quality Video Reconstruction from Brain ActivityBrain fingerprinting: a comprehensive tutorial review of detection of concealed information with event-related brain potentials Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)

What will a second Trump term mean for US Privacy and AI Policy? Former president Joe Biden set a record number of Executive Orders into motion related to Artificial Intelligence and National Security into motion during his term, but there’s still plenty of work to be done. FTC Chair Lina Khan pursued legal action against US technology companies in an unprecedented way during Biden’s term and pushed the boundaries of the FTC’s enforcement role in the process. And although containing the harmful impacts of AI remains a bipartisan goal, to what extent - considering the anticipated tradeoffs to innovation - is where the divide continues to exist.  How will the new administration impact the direction of Privacy, Security, and Artificial Intelligence policy, both on a domestic and international scale? On episode 22 of Privacy Chats with Rachel and John, Rachel talks about her 3 key predictions regarding how the Trump administration will likely respond to the activities set into motion under former President Joe Biden. …..…..…..….. …..…..…..….. This episode makes reference to the following Executive Orders instituted under former president Joe Biden:  (EO 14110) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 13985) Executive Order on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government (EO 14117) Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern This episode was written inspired by research involving the following publications:  NextGov.com: Trump promised to repeal Biden’s AI executive order — here’s what to expect next IAPP News: A view from DC: What does a second Trump presidency mean for privacy, AI governance? IAPP News: A view from DC: The beginning of the end of the free flow of data Oversight.house.gov: Oversight Committee Releases Staff Report Finding FTC Chair Khan Abused Authority to Advance the Biden-Harris Administration’s Agenda Security Infowatch: What can the security industry expect from a second Trump term?  Tech Press: Where US Tech Policy May Be Headed During a Second Trump Term CNN.com: 2016 Presidential Campaign Hacking Fast Facts Wikipedia: Donald Trump Tiktok Controversy Wikipedia  Reason.com: https://reason.com/2024/04/24/another-illegal-power-grab-from-the-ftc/ White House.gov: Fact Sheet: Key AI Accomplishments in the Year Since the Biden-⁠Harris Administration’s Landmark Executive Order

Doxing is “the action or process of searching for and publishing private or identifying information about a particular individual on the internet, typically with malicious intent.” - Oxford Languages New technologies, and faster processing of information is making it far easier to find and access information about us.  AI will bring this to the next level allowing for rapid aggregation of disparate data. On Episode 21 of Privacy Chats with Rachel and John, we look at new technologies that make it easier to identify people and access information about them, and why we might want to be more cautious about what information we allow to be out there for people to access and utilize.

GenAI (Generative Artificial Intelligence) and AI in general, continues to be all-the-rage, permeating nearly every business conversation involving automation, scalability, and improved insights in the pursuit of minimizing cost and maximizing revenue. Given Privacy and AI are inseparable concepts at their core - what does this increased emphasis on AI mean for professionals subject to these technologies in their day to day roles?  On Episode 20 of Privacy Chats with Rachel and John, Rachel and John reflect on the industrial revolution’s influence on surveillance, standardization, and automation, how these practices have influenced the economic imperatives of AI, and how AI will continue to challenge the concept of worker’s reasonable expectation of Privacy in the modern workplace.

Privacy Engineering is an essential function of mature Privacy Programs, joining aspects of software engineering, data protection, privacy compliance, and privacy risk management. On the latest episode of Privacy Chats, Rachel interviewed Jay Averitt, a Privacy Engineer at Microsoft, who shares his career journey, how he would describe Privacy Engineering at an “ELI5” level, and what in particular makes Privacy Engineering a challenging yet meaningful career. Jay regularly writes about the Privacy industry on LinkedIn, initiating insightful conversations regarding common challenges faced and crowdsourcing practical, real-world solutions with other Privacy professionals: https://www.linkedin.com/in/jay-averitt/.

Innovation is the spark that ignites the engine of progress, all of which is fueled by cooperation and a mutual interest in creating a better world. We tend to look at privacy from the perspective of what is, rather than from the perspective of what could be.  On Episode 20 of Privacy Chats with Rachel and John, we spin a new narrative on how data could be owned, managed, and distributed in a way that brings a new level of transparency and control to individuals and contributes to the greater benefit of humanity.

AI Tool Koe Recast claims that its AI voice-generating software requires just a few sentences of audio to replicate your voice. If that’s not suspicious enough, other options need as little as three seconds to capture and reproduce it to a convincing degree. Long gone are the days of Caller ID Spoofing!  Scammers these days might just be using ChatGPT to help write a convincing story as well. Such AI impersonation tools are surely a small price to pay for the $2.7B that US consumers lost to imposter scams in 2023 alone. And although it’s been the tried-and-true method for decades, phone calls are no longer the scammer’s medium of choice. According to the FTC, the highest overall reported losses were caused by scammers on social media. We’ll have to wait and see if the FTC’s amendments to their Trade Regulation Rule meaningfully improves the situation in 2024.  In the meantime - you can tune into Privacy Chats with Rachel and John to learn more about the very real implications of high quality deep fakes found in our everyday lives. What’s cooler than out-scamming the scammer, anyway?

In this snappy episode within our new “Security for Privacy” (S4P!) series, we challenge your knowledge on password best practices through a fun and engaging quiz format. Tune in to learn what it takes to create resilient passwords and manage them appropriately in 2024 - both for yourself and for your organization! __________________________________________________________________________ Resources used to inform this episode: NIST’s New Password Rule Book: Updated Guidelines Offer Benefits and Risk MS-ISAC Security Primer – Organizational Password Best Practices A look at Password Health Scores around the world in 2022 - Dashlane

Impersonation scams are not what they used to be. According to recent FBI research, Americans lost roughly $1.3 billion in 2023 to scammers running impersonation scams. In our new “Security for Privacy” series, Rachel and John dive into the most prevalent form of social engineering today, particularly how scammers disguise themselves as trusted figures and how to identify them before it’s too late. Links to information sources used in this episode: https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineeringhttps:// www.fbi.gov/wanted/cyber/russian-interference-in-2016-u-s-electionshttps:// www.usa.gov/imposter-scamshttps:// www.fcc.gov/grandparent-scams-get-more-sophisticatedhttps:// www.aura.com/learn/why-do-scammers-want-gift-cards

In Episode 17 of Privacy Chats with Rachel and John, Rachel shares her synopsis on what may be one of the wildest healthcare privacy breaches to date. As of June 17th, a Texas surgeon is facing federal charges for leaking patient information in an attempt to expose continued gender-affirming care at Texas Children's Hospital, blowing past the boundaries placed by HIPAA to protect sensitive healthcare information.  Who’s involved? Who’s to blame? What is at stake? Tune in as Rachel and John explore the political, legal, and ethical implications of this controversial incident!------------------------------------------------------------------ HIPAA & Privacy Laws June 17th: Doctor charged for unauthorized access to personal information of pediatric patients at Texas Children’s Hospital June 17th: Indictment accuses former Texas Children’s Hospital doctor of obtaining patient names, treatment codes illegally June 10th: Whistleblower faces federal charges after exposing alleged continuation of gender-affirming care at Texas Children’s Hospital

The EU AI Act was first proposed by the European Commission in April, 2021 and has been working its way through the legislative process ever since. John had a chance to hear from other industry experts about this at the 2024 IAPP Privacy Summit, taking away key insights for discussion. On episode 16 of Privacy Chats, Rachel and John decipher the EU AI Act’s known tenants - such as its focus on improving internal markets while protecting democracy - and hypothesize on its long term implications to global innovation.

Although Privacy isn’t explicitly called out in the US Constitution, there is a long history of recognizing that people have a right to privacy and that this right can be inferred from several amendments in the U.S. Constitution. In this episode of Privacy Chats with Rachel and John, John leans into his studies as a Masters of Privacy Law student at Seton Hall University School of Law to educate us about the nuanced relationship between Privacy and the U.S. Constitution.  We discuss significant Supreme Court cases of the last century which demonstrate the implicit recognition of Privacy as well as common misconceptions regarding the direct interpretation of the Constitution as a guarantor of the right to Privacy in the US.

In this exciting interview episode of Privacy Chats, Rachel and John have a conversation with Associate DPO (Data Protection Officer) Gonzalo Caro, to deliberate about the recent explosion of Generative AI (“Gen AI”) powered technologies and the implications to personal data processing. Gonzalo supports the Office of the DPO at Meta in Dublin, Ireland, which allows him to share his views about Gen AI from a uniquely informed lens. DPO’s play an integral role in ensuring the company they represent is compliant with relevant privacy laws and regulations and employs a risk-based approach toward doing so.

On February 8th, 2024, the Wall Street Journal reported that OpenAI CEO Sam Altman sought to raise $7 trillion in funding to expand their footprint in the global AI market. Coincidentally, an episode of Privacy Chats with Rachel and John was brewing in the background to shed light on the potential privacy risks of Large Language Models (LLMs). Covering all angles of the potential privacy risks of Large Language Models (LLMs) is no easy feat, but John and Rachel share what’s top of mind in their experience and research through answering the following questions:  What are “LLMs”, and how do they work on a fundamental level? How might LLMs pose a risk to Privacy? What can you do to help mitigate these risks in today’s world?  It’s critical to evaluate and manage risk for any new technology early and iteratively in order to balance the benefits with the prospective harms on a micro and macro level. Tune in to hear a different perspective on the very technology that’s taken the world by storm!

Is Your Car Watching You Drive? Internet- connected cars continue to be one of the fastest growing IoT markets, with over 400 million connected cars projected to be in operation by 2025 (source). In this 20 minute episode of Privacy Chats with Rachel and John, we investigate the most common capabilities of connected vehicles on the market by researching answers to the following questions: Why are vehicles becoming increasingly internet-connected?  What data are connected vehicles collecting, and what is it used for?  Which functions pose a threat to protecting your privacy? Who are the threat actors?  What can we do about it?  Tune in to learn what your car might be capable of in the future (or perhaps today!) on your morning commute.

Happy New Year! In Part 2 of 2 of our dual- New Years' release of Privacy Chats with Rachel and John, we delve into the recently adopted SEC rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies.  With the rules in effect from December 18th and reporting requirements starting on December 25th, we explore the impact on investors and the motivation behind the SEC's decision. SEC Chair Gary Gensler emphasizes the materiality of cybersecurity incidents to investors, drawing attention to specific breaches that significantly affected shareholder value.  Our discussion covers oversight disclosure requirements for publicly traded companies, detailing the annual disclosure of their cybersecurity program in their 10k, as well as per-incident disclosure obligations on their 8-K forms within four business days. The rule's formal intent is to provide timely transparency to shareholders about risks affecting financial performance, reputation, or compliance. While proponents believe it offers "decision-useful" information, opponents express concerns about potential disclosure during ongoing investigations.  December 14th statement by Erik Gerding: https://www.sec.gov/news/statement/gerding-cybersecurity-disclosure-20231214#:~:text=In%20July%20of%20this%20year,management%2C%20strategy%2C%20and%20governance SEC.gov’s Official Press Release: https://www.sec.gov/news/press-release/2023-139 Official Text: https://www.sec.gov/files/rules/final/2023/33-11216.pdf

Happy New Year! In Part 1 of 2 of our dual- New Years' release of Privacy Chats with Rachel and John, we discuss the Federal Trade Commission's (FTC) proposed updates to the Children's Online Privacy Protection Act (COPPA).  The FTC aims to address issues such as inadequate consent models, data retention concerns, and misleading statements related to children's privacy. Major proposed changes include restrictions on the use and disclosure of children's personal information, limiting services' ability to monetize children's data, and shifting the burden of security and safety from parents to internet providers. The FTC's role in protecting children's privacy, previous COPPA updates, and the expanded definition of personal information are highlighted.  The updated COPPA Rule would require changes in targeted advertising, opt-in mechanisms, limitations on push notifications, restrictions on surveillance in schools, and enhanced data security measures. This episode emphasizes the significance of these changes in safeguarding children's data and includes a quote from FTC Chairperson Lina M. Khan regarding the proposal's affirmative obligations on service providers. FTC Report Update: https://www.ftc.gov/news-events/news/press-releases/2023/12/ftc-proposes-strengthening-childrens-privacy-rule-further-limit-companies-ability-monetize-childrens 'Official Proposal Text: https://www.ftc.gov/system/files/ftc_gov/pdf/p195404_coppa_reg_review.pdf

Join us in this episode of Privacy Chats with Rachel and John for a deep dive into the Digital Markets Act (DMA) and the Digital Services Act (DSA). We navigate the intricacies of these new regulatory requirements by breaking down key questions such as: What is the Digital Markets Act / Digital Services Act? Who do they apply to? What do they have to do with Privacy? What do these companies need to do (or avoid doing) as a result of this regulation? How are they enforced? What are the intended benefits of each? When does it come into effect? The objective of this chat is to shed light on the DMA's and DSA's implications to in-scope companies as well as to the users of those services.

In this captivating dialogue, we sit down with our knowledgeable friend, colleague, and fellow privacy & security professional, David Greene. The three of us engage in a comprehensive conversation regarding the implications of the California Privacy Rights Act (CPRA) on the broader California Consumer Privacy Act (CCPA), pivoting the free-flowing discussion around the following questions: What's the difference between the CCPA the and CPRA? Why was CPRA necessary so soon after the CCPA was enacted? Do we call it "CCPA" or "CPRA" now? What are the costs for violating it? What are some examples of violations? Why should I care if I'm not a California resident? Tune in to this enlightening discussion and gain valuable insights that will help you navigate elements of the CPRA and stay informed about the evolving landscape of data privacy and protection. --> CPRA Official Text --> CCPA Official Text

In Episode 4 of Privacy Chats with Rachel and John, we discuss the practicalities of owning a smart refrigerator and the inherent privacy risks that come with them. We pose the following questions in an attempt to uncover the actual likelihood that individuals will experience problems resulting from data processing associated with smart refrigerators as well as the potential impact, should they occur: Is my refrigerator spying on me? Why would my refrigerator have a camera and a microphone? How do I know if my refrigerator has a camera and a microphone? Is it worth the risk to have these sensors in my refrigerator? Who am I at risk from? What can I do to mitigate these risks?

On Episode 8 of Privacy Chats with Rachel and John, we discuss the challenges and complexities of cross-border data transfers, particularly in the context of the European Union's General Data Protection Regulation (GDPR).  The need for data transfers has increased with the advent of cloud technology, but varying rules on data protection and privacy across countries make it difficult to ensure individuals' protection under multiple jurisdictions. The EU in particular recognizes the importance of taking special considerations into account prior to sensitive transfers through mechanisms like Adequacy Decisions, assessing appropriate safeguards, and acknowledging limited exception cases. We cover how the US, once covered by the Safe Harbor agreement, faced challenges due to the Snowden revelations, leading to the invalidation of Safe Harbor and subsequent attempts at Privacy Shield. We also give mention to to Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) as additional mechanisms for ensuring compliance with data protection laws.  The broader context of our discussion includes global trends in cross-border data transfer restrictions, including stricter regulations and conditional flow regimes.

On this episode of Privacy Chats with Rachel and John, we delve into the key highlights of the ADPPA (American Data Privacy and Protection Act) drafted on June 21st, 2022. This groundbreaking legislation introduces critical principles, including data minimization, individual data ownership, and the right for private legal action. We explore its scope, covering elements such as consumer protection, covered data, and how the FTC enforces data security. The ADPPA could be a significant step toward filling the gaps in the patchwork of privacy laws left open by the sectoral approach to data privacy protection in the US. The Act emphasizes consent, especially for sensitive covered data, and provides strong protections for children under 17, setting it apart from COPPA. Data brokers are required to undergo audits, and the Act tackles civil rights and algorithmic decision-making, ensuring large data holders conduct annual impact assessments. Watch to learn how ADPPA impacts corporate accountability, data access, data portability, and its enforcement mechanisms, including the possibility of private right of action.

On this episode of Privacy Chats with Rachel and John, we discuss one of the major conundrums facing the social media industry today: balancing privacy and security while maintaining adequate age verification mechanisms to ensure the protection of children online. Throughout the chat, we reflect upon the current federal children's online protection law, COPPA (the Children's Online Privacy Protection Rule), including its history, basic requirements, and practical limitations in today’s online environment. We also dive into the recently re-introduced Kids Online Safety Act ("KOSA"), a bill endorsed by US Senators Richard Blumenthal (D‑CT) and Marsha Blackburn (R‑TN) that aims to protect minors from online harms, particularly on social networking sites. 

On Episode 3 of Privacy Chats with Rachel and John, we dedicate an episode to speak informally about the modern concept of Privacy using the following question prompts to drive our discussion: What is “Privacy” and why should it matter to the everyday person Who are the different "actors" involved in the Privacy equation What lead us to the path of learning more about Privacy and getting into the field professionally Why Privacy is a complex topic, despite it getting so much attention in modern conversation Where we fall on the “spectrum” of personal privacy risk in our everyday lives

In this episode, we share what we've learned after independently researching the topic of the history of Privacy in the European Union - an ambitious task given the influential role that Europe has played in the context of Privacy frameworks and legislation in the 20 and 21st century! Throughout their discussion, we give mention to the following topics which span over 100 years of economic, technological, and political developments: Pivotal moments in US, EU, and World History leading up to WWI/WWII The Universal Declaration of Human Rights The Council of Europe and The European Convention on Human Rights and Fundamental Freedoms The state of Information Technology approaching the 1940's / 1950's Political Evolution in the EU from the 1950's to the Early 2000's, including the Treaty of Rome, the creation of the European Economic Community, the Maastricht Treaty, Treaty of Lisbon, and the creation of the Council of Europe A (brief!) history of the Organization for Economic Cooperation and Development (OECD) + the OECD's guidelines governing the protection of Privacy and Transborder Flows of Personal Data (“The Guidelines”) "Convention 108” aka the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data The 1995 Data Protection Directive Trans Atlantic Data Flows, Working Party 29 & the Safe Harbor Principles A (brief) mention of GDPR & the ePrivacy Directive

For our very first episode, we wanted to kick off our channel with a video discussing the topic of the History of Privacy. We give mention to the following topics while sharing what we've found through our own independent research with one another: Introduction of Warren and Brandeis article: "The Right to Privacy" The 4 categories of Privacy, including Bodily Privacy, Territorial Privacy, Communication Privacy, and Information Privacy Robertson v. United States (1952) Post-Brandeis era mentioned of Privacy in US law, including the 1905 Georgia Supreme Court Ruling's recognition of Privacy Privacy trends and laws and their growing relevance to the technologies available at the time, such as the invention of the printing press and photographs Katz v. United States (1967) & the "Reasonable Expectation of Privacy" doctrine Olmstead v. United States (1928) Bodily Privacy & the relevance of it in the Griswold v. Connecticut case (1965) and Roe v. Wade (1973) Fair Information Practices (1972) OECD's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) as a foundational set of privacy principles Sector specific laws in the latter part of the 20th century, including FERPA (1972), FISA (1978), and HIPAA (1996)