“Nothing ever happens in privacy, the team will manage itself”

This statement, which did not survive the test of time, was shared by one of the privacy pros who  participated in this month’s International Association of Privacy Professionals’ Women Leading Privacy networking session. I co-lead the session.

Some pet peeves/needs in leadership that we discussed

As always, it was great fun speaking with Future of Privacy Forum’s lovely and knowledgeable mobility guru Chelsey Colbert during Part 2 of OneTrust DataGuidance’s connected vehicles and data protection presentation.

Here are some takeaways from our chat:

  • In the Cold War spy series “The Americans,” characters kept changing their route to and from their

Children’s data isn’t child’s play.

If you have a product or service that collects information from children, you should:

  • Be transparent. No, really. And figure out the best ways to be transparent for kids, which includes just in time notices, video and audio. It is a good idea to enlist the help of UX/CX experts

CNIL, the Commission Nationale de l’Informatique et des Libertés, which is France’s Data Protection Authority, publishes framework to deal with post-Schrems II cross border transfers following the European Data Protection Board’s final guidelines on supplemental transfer measures:

Step 1
  • Inventory your transfers (involve: DPO, information systems department, purchasing department, operational managers of services, digital service

Third country laws – more than meets the eye. In practice – problematic legislation in disguise.

The European Data Protection Board has issued a “Transformers” style plan for assessing whether or not you can transfer information to a third country.

  • Controllers and processors are to conduct a thorough risk assessment of the laws of the

Commission d’access a la information du Quebec has issued guidance on employee geolocation tracking.

Here are some key takeaways:

  • Unless the law expressly provides for it, a company may not require a person to be tied to a device that makes it possible to know where he is.
  • Without obtaining valid consent from its employees,

Maybe someone is reading them after all? European Commission opens for consultation its report of the sector inquiry into consumer internet of things (IoT) devices.

The report shows that in addition to quality, brand reputation and privacy, the number of users plays a crucial role in competition. The privacy notice of the relevant device is

Several German Data Protection Authorities commence independent investigation of cross border transfers of personal data in violation of Schrems II.

The investigation has commenced by sending companies questionnaire regarding among other things, the use of service providers for:

  • sending e-mails
  • hosting of websites
  • web tracking
  • the administration of applicant data
  • the internal exchange of customer