Becoming a Data Guardian

Today’s Privacy Insider comes to you from Courtney Branson, our Head of People. Courtney joined us just last year and has already made an incredible impact on our culture. Below, she shares a story about her daughter. 

The day after my daughter was born, two strangers came into my hospital room. At first, I thought it was a mistake, but nope — they were there to see me. As they tell me a story about how they officiated my parents’ wedding back in the ‘80s, I’m still trying to figure out why they are there. 

Lo and behold, my proud mother, a first-time grandmother, had tagged me in a photo of my newborn alongside our location on Facebook. This couple saw the post and moseyed to the hospital, where the staff happily showed them to my room. Why not? They had all the information they needed. 

I’d already lost control of my daughter’s image by day two. The parenting classes teach you about infant CPR, not how to consider or talk about digital privacy. It brought up questions that I hadn’t asked before and uncovered assumptions I had made. 

It also revealed my temporary role as the guardian of her image, stories, and data. Before I even relay an anecdote about her to someone, I ask myself: Who am I sharing this with, why, and how will it be used? Now that she’s older, I ask for her consent before sharing a photo or story and make it clear she can revoke that consent. It matters for the trust between us. 

I learned this the hard way when she overheard me telling a colleague a story without her permission. Being thoughtful with someone’s information is an act I deal in daily as a People leader. For trust to exist, there’s a need for confidentiality and clarity about how information will be shared and used — and why. 

That’s what data privacy laws are doing. They establish rules for consent 𑁋 what can be shared and with whom, creating standards by which consent can be revoked and information deleted. When people and companies follow and respect those, trust is created and maintained. 

(Consent was given by my daughter for this story on April 5th, 2022.)

Proposal would amend LGPD to allow census, exam data sharing

The new proposal would allow organizations to share data from both the School Census and the National Exam of Secondary education. Here’s why: The restrictions imposed by the LGPD — i.e., that children’s personal information can only be shared with parental consent — has limited published studies meant to inform the educational conditions in Brazil. 

Read More   

UPDATE: CNIL decides EU-US data transfer to Google Analytics illegal

Commission Nationale Informatique & Libertés (CNIL), the French Data Protection Agency, has ordered three French websites to comply with GDPR just one week after the Austrian Data Protection Authority ruled that the use of Google Analytics violated the GDPR. In other words, CNIL agrees with the decision that Google Analytics is illegal under GDPR..  

Read More

Belgian DPA (“APD”) Decision on IAB Europe and the TCF: IAB Europe Submits Action Plan, A Key Milestone in the Process

As IAB Europe and the Transparency and Consent Framework (TCF) move forward, IAB Europe has officially submitted its action plan to the Belgian Data Protection Authority (APD). This action plan explains how IAB Europe will deliver on the formal orders made by Belgian ADP’s “interpretation of the GDPR and the obligations the decision creates for IAB Europe.”

Read More