Here are CARU's key takeaways from IAPP's Data Privacy Summit.
1. GDPR was the Star
GDPR was paid a lot of attention--and with good reason. One panel answered a very serious question--will there be a grace period? According to Andrea Jelinek (current head of the Article 29 Working Party), there will be a two-day grace period because GDPR goes into effect on a Friday. So essentially, take the weekend, but they'll see you bright and early Monday morning. Other questions linger about whether GDPR principles become the norm because easier than parsing out privacy based on location?
2. Good Faith (We Think) Will Go A Long Way
When it comes to GDPR there is still A LOT of confusion. This reminds us of when COPPA was updated back in 2012. Although lawmakers and regulators are doing their best to answer questions, it seems impossible to address every question by May 25. Making a clear and substantial effort to comply seems as though it will go a long way, keep an eye on the article 30 deliverables. Even if you aren't entirely clear of all the nuances, making a good faith effort to comply could earn major points.
3. State Laws on Privacy are Continuing to Expand
State laws on privacy are continuing to grow– especially in the area of student privacy – in 2017, 28 bills were passed.
4. Best Practices for Consent and Notice Revisited – for connected devices.
It seems that we are all overwhelmed and exhausted from too many privacy notices. We are all just too overwhelmed for privacy notices to be effective--we've got a bad case of privacy notice fatigue.
It used to be that the Federal Information Processing Standards (FIPS) was sufficient to protect our individual data. However, it seems that this is no longer enough. Too much data is being collected from too many places for this notice to truly present an informed choice. We must consider how to simplify and make notices most effective – i.e. timely, persistent and on demand, incorporating technology. For starters, keep the privacy policy concise with need to know basics, what is collected, why it is collected and with whom it is shared.
5. Keynotes Lewinsky and Ronson
Both keynote speakers put public shaming on the internet into perspective. Each discussed how posts on social media can be misinterpreted and cause real world harm, so we should all take note and be more accountable.
If you can't wait to learn more about privacy as it pertains to children, sign up for our conference May 2 in San Francisco. Learn more here.