The Privacy Insider by WireWheel

Updates On The EU-US Data Privacy Framework (SPOKES Spring 2023)

A risk-based approach was an innovation promised by policymakers. Risk-based meant the likelihood and magnitude of adverse outcomes on people related to the processing of their data. Yet privacy regulators and courts ​often discount ​risk analysis ​that is not directly tied to individual autonomy, transparency, or the ability to exercise data subject rights, negatively impacting innovative data uses. Join us for this session​ where we will show examples of how companies can leverage a risk-...

Generative AI (SPOKES Spring 2023)

As generative AI tools, like ChatGPT, continue to gain popularity, concerns about privacy and data protection have also arisen. Our panel features three distinguished experts in the field of privacy and generative AI who will explore the legal, technical, and ethical challenges related to the use of AI systems. Throughout the discussion, our panelists will share their experiences and insights into the complex landscape of privacy, data protection, and generative AI. We will explore the lega...

Privacy Predictions For 2023 (SPOKES Spring 2023)

Clean Rooms (SPOKES Spring 2023)

Clean rooms have emerged as a promising solution for brands looking to connect with trusted data partners while managing sensitive customer data in a privacy-first era. With the looming post-cookie future, clean rooms offer a collaborative technology for organizations to run advanced analytics across their key customer touchpoints and channels. However, concerns remain about the inconsistent approach among providers, unclear privacy protections, and insufficient personally identifiable info...

Healthcare Enforcement Cases: GoodRx And BetterHelp (SPOKES Spring 2023)

The Federal Trade Commission (FTC) has recently taken enforcement action against both GoodRx and BetterHelp for their handling of sensitive health information. GoodRx has been accused of failing to report unauthorized disclosure of consumer health data, while BetterHelp has been accused of deceptive marketing practices and violating data tracking and health privacy regulations. Both companies have been fined, BetterHelp $2.2. million and GoodRx $1.5 million. They are required to implement s...

Enforcement in Europe (SPOKES Spring 2023)

Global Privacy Day Forum | Enforcement Under CCPA

In August, California Attorney General Bonta announced the first-ever California Consumer Privacy Act (CCPA) enforcement action, a $1.2M settlement with Sephora. While CCPA gives consumers a wide range of rights, it creates a series of obligations for businesses. This groundbreaking Sephora case involved an overlap in marketing and privacy that many brands are now assessing: targeted advertising data collection and opt-out policies.

Europe and the Next Wave of Privacy Regulations

The GDPR was implemented nearly five years ago, and has established Europe as a global leader in tech regulation. Now new regulations such as the DSA, DMA, AI Act, and the European Strategy for Data have changed the landscape. Join us on January 10, 2023, for this webinar with Karolina Mojzesowicz, Deputy Head of Unit Data Protection, European Commission, where we will discuss the lessons learned from the implementation and enforcement of the GDPR, and explore how these new regulations will...

Enforcing and Implementing California’s Landmark Privacy Laws

Stacey Schesser, the California Attorney General, will be speaking on the topic of “Enforcing & Implementing California’s Landmark Privacy Laws.” In this panel discussion, Ms. Schesser will provide an insider’s perspective on the enforcement of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). She will discuss the various tools at her disposal for ensuring compliance, as well as the challenges and opportunities presented by these laws to businesses. M...

Tackling CPRA & Unique State Privacy Regulation Challenges

We discuss the challenges and opportunities of implementing the California Privacy Rights Act (CPRA) and other state-level privacy regulations. This panel consists of experts in privacy law and policy, and will focus on the unique challenges and considerations of implementing state-level privacy regulations. They will discuss the requirements of the CPRA and other state laws, and explore best practices for compliance. Additionally, the panel will discuss the potential challenges and opportu...

Advertising Leaders Roundtable

WireWheel brings together leaders from advertising companies, as well as privacy experts and legal professionals to discuss the CPRA and how it differs from other privacy laws. We’ll explore the impact of the CPRA on the advertising industry, including the challenges of complying with the law and the potential risks and benefits of the new regulations. The panel will also offer insights on how the advertising industry can prepare for and adapt to the changes brought about by the CPRA.

IAB’s GPP And MSPA

The IAB’s GPP (Global Privacy Policy) and MSPA (Media Rating Council’s Media Supply Chain Transparency and Data Governance Program) will discuss the efforts of the Interactive Advertising Bureau (IAB) to promote privacy and transparency in the digital advertising industry. The GPP is a framework of privacy principles that aim to provide guidance on data collection, use, and disclosure in the digital advertising ecosystem. The MSPA, on the other hand, is a set of guidelines and standards fo...

Privacy Predictions For 2023

Bringing together experts in privacy law and policy to discuss their insights and forecasts for the future of privacy in the coming year. The panel consist of legal scholars, policymakers, and industry experts, who will share their thoughts on the key trends and developments that are likely to shape privacy in 2023. Topics of discussion include the impact of emerging technologies, the evolution of privacy regulations, and the role of privacy in the digital economy. This panel will provide a...

Armchair Discussion With Cameron Kerry On The Path To A Comprehensive Federal Privacy Law

Features a conversation with Cameron Kerry, a prominent expert on privacy law and policy. The panel will focus on the current state of privacy law in the United States, and the challenges and opportunities of creating a comprehensive federal privacy law. Kerry will share his insights on the complexities of the issue, and discuss the key factors that need to be considered in order to develop an effective and sustainable privacy framework. The panel will also provide an opportunity for audien...

XR In The Wild West World: Privacy For Immersive Tech

Discusses the challenges and opportunities of developing and implementing privacy safeguards for immersive technology such as virtual and augmented reality. This rapidly growing field has the potential to revolutionize industries and change the way we interact with the world, but it also raises complex privacy concerns. Panelists will discuss the current state of privacy regulations for immersive technology, and offer insights on best practices for protecting user data and ensuring that ind...

Resurrecting A Risk Based Approach To Privacy

A risk-based approach was an innovation promised by policymakers. Risk-based meant the likelihood and magnitude of adverse outcomes on people related to the processing of their data. Yet privacy regulators and courts ​often discount ​risk analysis ​that is not directly tied to individual autonomy, transparency, or the ability to exercise data subject rights. From Schrems II on this has negatively impacted innovative data uses. Yet it is clear that data protection, while fundamental, is not ...

The EU-US Data Privacy Framework - A View From The Front Lines

Hear from the lead negotiators of the European Union-U.S. Data Privacy Framework on how it came together, what challenges were involved, and what they see on the horizon of cross-border transfers with the EU.

Analyzing The EU-US Data Privacy Framework - Expert Panel

EU-US Data Privacy Framework – Our Expert Commentators! You have just heard from the lead negotiators for the US and EU about the current state for the new EU-US Data Privacy Framework (EUDPF), and what the path is to an Adequacy Decision. Now hear from some of our leading experts on what this means, and how companies should plan for the new EU-US DPF, including: The New Executive Order directing Federal Agencies to implement measures for complying with the European Union-U.S. Data Privac...

Enforcement Under CCPA

In August, California Attorney General Bonta announced the first-ever California Consumer Privacy Act (CCPA) enforcement action, a $1.2M settlement with Sephora. While CCPA gives consumers a wide range of rights, it creates a series of obligations for businesses. This groundbreaking Sephora case involved an overlap in marketing and privacy that many brands are now assessing: targeted advertising data collection and opt-out policies

Age Appropriate Design Code

This panel will discuss the regulations and guidelines that are in place to ensure that products, services, and online content are designed in a way that is appropriate for different age groups. The panel will address issues such as data privacy, advertising, and access to age-restricted content. The panel consists of experts from both the EU and US. They will share their insights on the challenges and opportunities in creating age appropriate design code, and explore best practices for ensu...

California Privacy and the Expanding Scope of What is a “Sale” of Data

Did you know that use of the Facebook/Meta Pixel is now a “sale” of data under CCPA? Did you know that sharing customer data for measurement, frequency capping, and cross-contextual behavioral ads may also be a “sale” of data? Learn about: The definition of Do Not Sell and Do Not Share and what they cover The targeted advertising technology affected by Do Not Sell and Do Not Share What you need to do today to comply   Any information or materials that WireWheel provides, including but ...

California Employee DSAR Requests: What you need to know

Join privacy experts, Rick Buck, WireWheel CPO, and Sheridan Clemens, WireWheel VP of Privacy, to understand what companies need to do to be prepared for these requests. In this webinar you will learn: Who needs to comply? What types of employees are covered? How should companies collect the requests? How should companies think about processing requests? What is different about fulfilling employee data subject access requests (DSARs) vs. consumer DSARs? What should you do today to start...

Are You Ready For CPRA?

Join us as Rick Buck, Chief Privacy Officer discusses the upcoming CPRA Regulation, how it may affect your organization, and how you can comply with it. In this webinar, you will learn: How to get ready for the CPRA Differences between opt-in/opt-out How CPRA differs from GDPR And much more!

Differential Privacy: Lessons For Enterprises From US Government Agencies

Enterprises trying to keep up with technological advances and a rapidly changing regulatory landscape can learn from their public sector counterparts who have been finding innovative ways to publish data while respecting the privacy of individuals. This talk will review recent uses of differential privacy in the public sector, based on actual case-studies at the US Census Bureau and the Internal Revenue Service. We will emphasize the tools and processes that enable “negotiations” between th...

How To Think About Buying Privacy Technology

Determining the best privacy technology for your organization can be overwhelming. In this session, privacy experts provide you with the knowledge on what you should consider before making software decisions.

Closing Session And Privacy Predictions For 2023

Implementing Consent: A Plan For Agencies

Digital agencies often serve as the connective tissue between organizations and technology — which means that as data privacy regulations continue to expand and evolve, agencies need to stay on top of how to responsibly serve their clients.

Consent - Beyond Compliance

Several state laws require consumers to opt-in and opt-out of targeted marketing. Companies can look at this as a compliance burden or as an opportunity. This panel will discuss how to take these new requirements – along with the deprecation of cookies- and turn it into an opportunity.

What To Expect In 2023

It’s one thing to have a pulse on state-by-state privacy legislation; it’s another to actually comply with the patchwork of laws. This session will focus on how you can prepare for these regulations in practice: what each state requires, what it means to actually opt-in and opt-out, and how you can build a connection with your customers.

Consent And Preference Management Across The Globe

Once upon a time, consent was almost as simple as “just” managing cookies. Today, organizations are mobilizing to figure out strategies for managing consent across multiple channels, brands, and devices, from phones to smart TVs to connected appliances. This discussion will focus on how companies can use consent as a way to build trust, collect more first-party data, and be confident in their regulatory compliance.

Keynote Session | Bruno Gencarelli, Head of Unit International Data Flows and Protection, DG Justice – European Commission

Customer Loyalty, Privacy & Data Governance

Loyalty programs are the backbone of many companies, but come with a slew of traps, risks, and complexity related to data privacy. This panel will examine how to responsibly manage your loyalty program data, from communication preferences and data storage to data sharing and regulatory considerations.

Preparing For Federal Regulations Coming Down The Pipeline

It’s no secret that fragmented state-by-state data privacy regulations have put companies in a spin trying to figure out how and where to focus their compliance energies. This panel will focus on where federal data privacy regulations are gaining traction: protecting children’s privacy, and what your organization should keep top of mind.

Accountable Executives = Accountable Privacy Programs

Regulators from California, France, Australia, and points in between are increasingly requiring organizations to prove their comprehensive privacy programs are operationally effective and aligned with executive governance and accountability. This means corporate controls binding on even the most senior executives, investment across the organization, and real-time performance data. Scott Taylor, VP Chief Privacy Officer at Merck, and Marty Abrams, Executive Director at the IAF have been expl...

Keynote Session | Bruno Gencarelli, Head of Unit International Data Flows and Protection, DG Justice – European Commission

A Conversation About AI And High-Risk Processing

Artificial intelligence is more than a buzzwordy trend — it comes with very nuanced real-world consequences and implications. This session will be an open discussion about how to think about high-risk processing in the context of artificial intelligence, from ethical concerns to practical regulatory considerations.

Multi-State Legislation: An Operational Readiness Discussion

Several states have new privacy regulations taking effect in 2023. This discussion will focus on practical and actionable guidance to help companies prepare for and comply with new fragmented data privacy rules.

How To Become A CPO

Are you considering the path to Chief Privacy Officer? Hear insights from data privacy executives at Ampersand and Stott and May to help you strategize your journey to CPO.

Privacy Operations In Practice

As privacy regulations proliferate, companies are looking at how privacy can become integral in the design of products and systems. Learn from privacy experts the methodologies, tools, and techniques to ensure that your company integrates privacy into its design process.

Keynote Session | Philip J. Weiser, Attorney General – Colorado

Consent And Advertising In 2023

Building consent into your advertising program is an increasingly important consideration in today’s modern privacy-centric world — whether you’re managing one brand, several brands, or multiple brands and channels, this session will spell out best practices, offer operationalize guidance for upcoming regulations, and discuss trends and myths percolating throughout the industry.

Cross-Border Data Transfers: What’s Next

The US and the EU have reached a new framework for cross-border data transfers. This webinar, featuring Justin Antonipillai – Founder and CEO of WireWheel; Dan Solove – President and CEO of TeachPrivacy; and Josh Harris – Director, Global Privacy Initiatives of BBB National Programs, will focus on what the new agreement means, steps that companies should take today, and what to expect in the future.

Innovating DSAR Fulfillment with Microsoft and WireWheel

New privacy laws in California, Virginia, Colorado, and across the globe give consumers and, in some jurisdictions, employees the right to access their personal data by making a Data Subject Access Request (DSAR). Finding data, especially in unstructured data sources like Microsoft 365, is challenging for privacy, HR, and IT teams. This episode features Rick Buck, Chief Privacy Officer, and Hammad Rajjoub, Product Leader, from Microsoft, to explain how WireWheel’s integration with Microsoft...

Is Web3 Privacy Compliant?

Blockchain, crypto and the other technologies that power Web3 promise a world in which governance over data is decentralized. No central bank altering rates, no bank charging fees, no title company controlling ownership. However, the decentralization implicit in Web3 creates problems with modern privacy laws. Who is the controller in Bitcoin? How can I request that my purchase history of Dogecoin is deleted when the blockchain is designed to be immutable? Does the record of an NFT purchase c...

Practical Tips for Building Your Privacy Operations

With new state privacy regulations coming in 2023, many organizations are looking to build, grow and optimize their privacy organizations. Many organizations are in reactive mode, rather than proactive mode. They are looking for ways to move to a more proactive and more sustainable model and to know what they should be doing now to prepare for 2023. Join WireWheel CPO, Rick Buck, as he leads a discussion with a consultant from Grant Thornton and an experienced CPO to learn: A framework for...

Making Privacy a Strategic Advantage: How to Win Over the Tech Executive

Technology is critical to the success of any privacy program, but privacy often falls into compliance as a cost center for chief information and technology officers. Privacy professionals must partner with technology leadership to build the business case for privacy programs.  We talk with Forrester Principal Analyst Sara Watson about how to help your CIO and CTO to make privacy a strategic business priority and the keys to translating privacy needs into business objectives.

Knowledge Creation and Data Protection: How an Enterprise Data Strategy Enables Both

The process of “knowledge creation” has been called “thinking with data,” and the process of “knowledge application” has been called “acting with data.” Understanding the difference between knowledge creation and knowledge discovery and the purposes for which they are being undertaken is critical to understanding how they should be governed as part of an enterprise data strategy. - JoAnn Stonier, Chief Data Officer at MasterCard - Martin Abrams, Executive Director and Chief Strategist at T...

Explaining AI: How To Implement “Explainability” in Emerging Global AI/ML Regulations

This panel focused on the emerging principle of “explainability” in regulations that deal with AI and automated decision-making technologies. Lee Matheson (Policy Counsel, Global Privacy at the Future of Privacy Forum), Dr. Sara R. Jordan (Senior Researcher, Artificial Intelligence and Ethics at the Future of Privacy Forum), Renato Leite Monteiro (Co-Founder at Data Privacy Brasil), and Christina Montgomery (Vice President & Chief Privacy Officer at IBM Corporation) discussed how to implem...

Vaccine Requirements, Biometrics, and the Challenge of Managing Employee Healthcare Data

Vaccination requirements present a novel and urgent challenge for privacy officers today. However, the current crisis might be a harbinger for a not-too-distant future in which CPOs are forced to reckon with the widespread use of employee health data, from vaccination records to biometrics, in their organization. Robert Glaser (Chief Privacy Officer and Vice President at Advyz Cyber Risk Services, a division of Entisys360), Virginia MacSuibhne (Chief Compliance & Privacy Officer at Agilent ...

Privacy in the Metaverse

Facebook’s decision to rebrand as Meta should serve as a wake-up call for privacy officers: the metaverse isn’t coming, it’s already here. As technology teams invest in immersive digital experiences such as VR / AR, privacy officers need to consider the implications of these new technologies and develop frameworks that can adapt.  Jennifer Vancini (General Partner at Mighty Capital), Christy Steele (Principal at Sands Capital), Jeremy Greenberg (Policy Counsel at Future of Privacy Forum) jo...