The Apple AirTag debacle shows that there is a need to diversify privacy to protect people and brands. Diversifying privacy means more than diversifying product development and privacy teams. It means looking outside the compliance bubble and centring marginal voices, including those that challenge the status quo. 

Abigail Dubiniecki talks to Stewart Dresner and Tom Cooper and explains what went wrong with the Apple AirTag. 

Apple is usually regarded as the company at the privacy friendly end of the spectrum.  The latest consumer tech products are promoted as offering convenience. But developers ignore, understate or underestimate the possibility for harm. Harms to individual users as well as communities.

Some products and services are intended to vacuum up masses of data to monetise it. But even if a company rejects the outright monetisation of data as its main purpose, and instead is trying to create a product with privacy protections, some unforeseen problems can occur.

Apple and other companies can learn lessons from the AirTag story to avoid damage to their reputation.

This podcast is based on Abigail's article in PL&B International Report April 2022.

Resource referred to in the podcast: Just Tech

 Abigail Dubiniecki is a privacy lawyer and consultant based in Canada who helps clients in the UK and Canada implement GDPR and other privacy and data protection laws. She specialized in operationalizing Privacy by Design and is a privtech and  emerging tech enthusiast. 

Age verification and estimation by companies to protect the privacy and safety online for young people

Stewart Dresner talks to Iain Corby, Executive Director, The Age Verification Providers’ Association (AVPA) and Project Manager, euCONSENT. 

There is consensus that young people should be safe online. But how should organisations behave in an ethical way? How to reconcile the commercial objectives of data acquisition and retention, and the legal objective of data minimisation and data protection by design?

There are many international and national initiatives on online safety for young people. All are trying to protect “the best interests of the child”. How are companies engaging with them?

There is a continuum as children mature into teenagers and then into adults but regulations impose specific ages when content should be restricted. This is the issue at the core of attempts at regulation to better protect young people from online content of a violent or sexual nature, or increasing the risk that they will be led to the consumption of tobacco, alcohol, gambling and other dangerous and inappropriate content.

Iain Corby discusses with Stewart Dresner how companies are working together to achieve a credible method of age estimation and verification.

Privacy Laws & Business will cover this subject in more depth in our free webinar on the afternoon of Wednesday 16 March:  Helping young people to better protect their privacy and safety online. 

In addition to Iain Corby, participants will include the Acting Head of Children’s Policy at Ireland’s Data Protection Commission, a representative of the games industry, academics, and a Privacy Policy Manager for Meta.

Justin Antonipillai, Founder and CEO, WireWheel, discusses with Helena Wootton and Stewart Dresner the privacy laws most likely to be adopted in the US. His experience of leading President Barack Obama’s attempt to have a federal privacy law adopted by the US Congress enables him to explain why he considers such a law in the next five years as unlikely. The new Chair of the Federal Trade Commission, Lina Khan, is more energetic on privacy issues. Stronger sanctions are likely but the FTC is constrained by its narrow scope and lack of a comprehensive federal privacy statute.

Meanwhile, the initiative is being taken by the states, with California in the lead once again as it was some 20 years ago with a data breach law, later copied by the other 49 states over the next 20 years. Virginia and Colorado are now the first states to follow California’s lead in adopting new state privacy laws but each one is different from the others, making life difficult for companies doing business across the country.

Antonipillai, having led the US negotiations with the EU on the EU-US Privacy Shield, is aware of the commonalities and differences between the two sides. Companies need to map their collection, storage and disclosure of personal data against the many different privacy laws around the world and take steps to manage the personal data in their systems is a consistent way taking into account the interests of the data subjects.