Moderated by Jonathan Tam, Privacy and Technology Partner at Baker McKenzie, I was fortunate to join Lisa Boyoung Kim, Senior Privacy Counsel and Advisor, California Privacy Protection Agency (CPPA); Hayley Tsukayama, Associate Director of Legislative Activism at the Electronic Frontier Foundation (EFF), and Mariam Abdel-Malek, Director, Privacy Legal at Pinterest. It was excellent to get the perspectives of a partner at one of the world's largest law firms, a California regulator (also recognized as the “Privacy Lawyer of the Year” by the California Lawyers Association), a well known Privacy Advocate from EFF and technology reporter, and a very talented in-house privacy leader and counsel at a major technology company. This balanced panel enabled for a phenomenal dialogue on some of the major challenges in data privacy and protection today.
We focused on “Your Rights and Obligation Under the California Consumer Privacy Act (CCPA) and U.S. Privacy Laws,” with panelists presenting viewpoints from their positions with a government agency, industry advocacy organization, private enterprise, and privacy technology platform vendor.
A discussion of CPPA regulations and enforcement
The panel opened with CPPA’s Lisa Boyoung Kim discussing its first set of regulations introduced earlier this year, including some of the key requirements under these regulations as well as the agency’s objectives regarding the risk assessment regulations. She pointed out that regulations were reorganized to make it easier for consumers and businesses to understand the rules. She also described what she considered to be some noteworthy parts of the CCPA regulations, along with new draft regulations encompassing computer science audits, risk assessments, and automated decision making. Lisa noted that enforcement of CCPA regulations is ongoing – although the agency has prosecutorial discretion like other enforcement agencies – and all organizations subject to the law are expected to comply. She also gave helpful guidance on keeping up with the CPPA's developments by signing up for alerts with them, as they are working hard to keep the community updated with various changes and developments.
The impact of CCPA on the private sector
From her perspective in the private sector, Mariam Abdel-Malek of Pinterest discussed the impact of the CCPA regulations and focus on businesses, as well as some of the other privacy laws enacted by different states and their implementation on a practical level. She discussed automatic decision making and profiling, processing activities, and the legal implications of new developments in ML/AI algorithms.
A prominent advocacy organization weighs in
Representing the digital rights group Electronic Frontier Foundation, Hayley Tsukayama said she believes the CPPA has been very thoughtful and deliberative, and has done well to center consumer expectations in many of its regulations, although she believes regulations around the “pay for privacy” practice could be stronger. She noted that CCPA is built on good, solid, well-known privacy tenets and created an important suite of rights that apply to a general set of companies. However, she commented that while the rights in CCPA are important, it’s also important to make sure they are easy to use.
Technology as a fundamental privacy program tool
As Co-Founder and Co-CEO of Relyance AI, I was asked for recommendations for companies seeking to stay on top of privacy regulations and requirements. Having served as a Chief Privacy Officer before founding Relyance AI, I emphasized the need to have the right teams in place combined with the right technology to build a comprehensive and compliant privacy program. I also noted the lack of consistency in privacy regulations across different jurisdictions, resulting in complications for businesses in their efforts to ensure compliance nationally and globally. There is one foundational principle from which every organization can benefit: regardless of the specific regulation, organizations need to know what data they have, who is accessing that data, and how the data is being handled and processed – tasks that can only be complete and accurate through the right, dynamic technology and automation.
As we enter this AI Renaissance, we can no longer rely only on individuals alone to keep pace with various data protection legal developments without technology. Privacy engineers and professionals must embrace AI and use it within their daily lives. Automation is the key to productivity, accuracy, and completeness of data protection programs.
Panelists close with an outlook
The panel concluded with an outlook about the California Privacy Protection Agency’s priorities, as well as what organizations should keep in mind as the number of privacy laws continue to grow and evolve. The CPPA’s Lisa Boyoung Kim said the agency will continue to focus on enforcement, rulemaking, and education, among other priorities. I added it will be important for businesses to follow various state and global privacy laws, ensuring compliance with first principles which map across many different requirements, building champions across the organization, and embracing technology in their privacy programs.
More information about future conferences and programs presented by the Bar Association of San Francisco are here. To learn more about how Relyance AI’s data privacy management platform can form the foundation of a strong privacy program, please book a demo here.
Read the original article on LinkedIn here.