eWhite House Watch - Full Article

Recap of IAPP Global Privacy Summit 2017

By Ilona Korzha


As is every year, eWhite House Watch had the opportunity to report on the annual International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington D.C. on April 19-20 this year. 


The world’s biggest privacy conference was especially important this year as its more than 3,000 attendees pondered answers to such questions as what impact does the newly adopted European Union’s General Data Protection Regulation (GDPR) have on the U.S. companies that do business in Europe, how to deal with ever increasing cybersecurity risk, how to manage rising customer expectations and effectively handle government investigations of data breaches.


Some of the most thought-provoking discussions were led by the Summit’s keynote speakers.  Among them was Tristan Harris, former Google product manager and a current leader of the “Time Well Spent” movement, which focuses on changing how we consume information and use technology in a way that hijacks our attention, and addressing brain hacking – which hooks you in and unnecessarily wastes your time – by providing information in more substantive way that aligns with your needs.  J.D. Vance, who wrote Hillbilly Elegy: A Memoir of a Family and Culture in Crisis drew attention to the issues that resulted in last year’s arguably historically peculiar U.S. election. 


The keynote speakers during the Closing General Session highlighted how technology and science advancements can have tremendous impact on individuals and if not careful, may be abused.  Rabia Chaudry, who hosts Undisclosed podcast and authored Adnan’s Story talked about how a legal system can fail an individual and offered the example of how information from a cellular phone provider, that warned cell pinging on incoming calls was not necessarily an accurate representations of the location of the person who received the call, was wrongfully withheld by the government.  Had this information been disclosed, the evidence would have discredited the prosecution’s phone evidence.   


Rebecca Skloot, whose book The Immortal Life of Henrietta Lacks became a motion picture that came out the day after the Summit, raised an issue of ethics and its application to science and technology advancements.  Skloot followed a decade-long investigation and reporting of how HeLa cells – first ever human cells to grow indefinitely in labs – were obtained from Henrietta Lacks without her consent and the adverse effect that had on the Lacks family.


Keeping up with its reputation of presenting distinguished panels of legal and privacy experts to share their experiences and insights, providing diverse perspectives from around the globe, and offering the highest standard of privacy education, IAPP offered a number of sessions broken down into “Advanced Topics in Privacy,” “Active Learning,” “Conversations in Privacy,” “Training,” and “The Little Big Stage” categories.  Here are some of the highlights of the discussions on these panels.   


Two attorneys, who usually find themselves on opposite sides, summarized “The State of Data Breach Litigation Today.”  Jay Edelson, who represented plaintiffs in privacy violation lawsuits against such giants as Amazon, Google, and Apple, provided the attendees with the perspective of plaintiffs’ bar and discussed recent trends in litigation.  Meanwhile Douglas Meal, partner at Ropes & Gray who usually defends those types of companies, talked about issues of standing for class actions and how to defeat those lawsuits at the motion to dismiss stage.  The panelists also talked about Spokeo’s impact on data breach cases. Fernando M. Pinguelo, Esq. (CIPP), a trial lawyer and partner and chair of Scarinci Hollenbeck’s Cyber Security & Data Protection group, added: “Judicial interpretation of the law is in a state of flux where any change in a fact pattern has the potential to alter the direction of any existing holding. Trial lawyers and their clients – and the judges before whom we appear – are on the front lines of making new law.”


Continuing with the litigation theme, the “Multi-State Privacy/Security Investigations” panel, that consisted of three state attorneys general, discussed the types of investigations they are working on and how state attorneys general might approach privacy regulation under a Trump administration.


Other panels addressed other topics ranging from discussing issues with Artificial Intelligence, to Payment Card breaches, to how to manage privacy and security risk in B2B vendor contracts, to Privacy in Online games.


Not surprisingly, there was also a lot of discussion surrounding cybersecurity and data breaches. The “Shakedown Street: Cyber Extortion, Data Breach and Dirty Business of Bitcoin” panel shared their stories about hacking and how companies deal with Ransomware and ransom demands. The panel not only discussed how companies pay when faced with a ransom and who they pay and why, but also ways and reasons for refusing to comply with the requests.  The “What the Hack is Going on Around Here” panel touched on similar issues and offered the audience practical tips on the changing nature of damage done by hackers and cultural differences, and what that means for how companies address data protection.


The Summit also focused on international topics, spotlighting issues for companies operating in Latin America, Mexico, Asia-Pacific, Canada, and the European Union.


Afterwards, eWHWblog spent time with Kristen J. Mathews, Esq. (CIPP), partner and head of Proskauer’s Privacy & Cybersecurity group, who was also among the esteemed group of speakers and whose timely panel topic drew a large crowd, and she summarized her presentation as follows: “Just like we have done with data protection laws for years, we will find ourselves engaging in risk-based analysis to contend with this new breed of data legislation that has popped up around the globe.” For a recapitulation of Ms. Mathews’ topic “What Companies Need to Know to Comply With International Data Localization Laws,” click here.


Inclusion and diversity were front and center again this year, with a number of Minorities in Privacy, LGVTQ, and Women Leading Privacy meetings held and a panel on how women can “tout their privacy cred,” which discussed such issues as self-promotion, handling common barriers to advancement, and tips to further development and career.


As in years past, the Summit brought together thousands of privacy practitioners and gave them an opportunity to grow their knowledge and network, discuss imperative privacy issues, and assess the privacy landscape.  Angelo A. Stio, III, Esq. (CIPP), partner with Pepper Hamilton LLP, summed it up best: “I look forward to this event each year.  It always provides me with a forum to engage in substantive discussions on the latest privacy issues and an opportunity to catch up with old friends and make new connections.”


Leave a Reply