PrivacyPod

Friends, Romans, countrymen, lend us your ears!  We’ve come to discuss if transparency matters, not to bury it. The insufficient privacy decisions that men do lives after them; The efforts for better privacy is oft interred with their business minded decisions; So let it be with transparency. The noble controllers hath told you GDPR is impossibly ambitious: if it were so, it was a grievous fault, And grievously hath DPAs enforced it. Here, under leave of our Executive Producer and the rest- For he is an honorable man; so are we all, all honorable people– come we to battle this out for once and for all. And battle we shall. It is no secret that the PrivacyPod back-chat is often turned into a gladiator arena where we battle our views to the very end. One of the most discussed subject is if transparency even matters and what is the point of it. This time, Floora has set up the challenge and armed our gladiators Milla and Pilvi with gladius swords and retes nets, and lets them lose on the arena. Who barricades themselves on a hill of business minded decisions? Does better transparency create more risks or will it reduce risks? Is transparency a zero-sum game? Who tries to take a victory lap on a high horse only to be knocked down? Who has the high ground? Who tries to win all Partners to their side with icky frases? Will our friendship survive this or will this be the end of PrivacyPod?  So grab some popcorn and join in for a Shakespeare level drama!    Links: Klarna case: https://www.edpb.europa.eu/news/national-news/2022/swedish-authority-privacy-protection-imy-issues-administrative-fine-against_en https://www.imy.se/en/news/administrative-fine-against-klarna-after-investigation/   Whatsapp case: https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry   Shakespeare: Julius Caesar, Act III, scene II: https://www.poetryfoundation.org/poems/56968/speech-friends-romans-countrymen-lend-me-your-ears https://www.youtube.com/watch?v=q89MLuLSJgk   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

30 Maalis 20241h 2min

It’s about time you fell in love with something  that will love you back, and that, our friends, is the crossroad of privacy, government openness, and freedom of speech. It doesn’t judge you, and we won’t either.  The European Court of Justice, however, will totally judge you, even if it goes against deep roots or local law in your country. In this episode, Pilvi and Jyri will discuss the new (Finnish!) European Court of Justice case “Endemol Shine”. Here a Finnish district court had denied the release of court documents due to GDPR to a producer conducting background checks for reality TV, despite local statutes on openness of court documents. We continue on the same path with discussing NOYB filing a complaint on MrKoll in Sweden, which touches upon the Nordic unwillingness to judge and define what journalism and media is. We end up wondering if GDPR is obliterating Nordic cultures and what consequences this may have.  On other news, the USA will totally judge you as well if you are TikTok or happen to be from Singapore. We discuss the “The US TikTok Ban” as an interesting reaction to possible cross-border data transfers to a country that might use that personal data for intelligence activities… sounds vaguely familiar. We also discuss the Verkkokauppa.com case where the Finnish DPA decided on a record fine of 856 000 euros for not having defined retention times for online customers’ customer account data as well as forcing all online customers to create an account. This episode will also include the first ever musical number of PrivacyPod. So push play, hop on to this love boat, and we´ll take good care of you.    (Ps. If you missed it, the EU Parliament accepted the AI Act.)    Links: Endemol Shine https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62022CN0740 NOYB and MrKoll: https://noyb.eu/en/swedish-data-brokers-claim-journalists-legal-protection-evade-eu-law How to get a media license in Sweden: https://mediemyndigheten.se/ansokan-och-registrering/medier-pa-natet/ H.R.7521 - Protecting Americans from Foreign Adversary Controlled Applications Act: https://www.congress.gov/bill/118th-congress/house-bill/7521?q=%7B%22search%22%3A%22TikTok%22%7D&s=1&r=5 Case Verkkokauppa.com (In Finnish, translatable): https://tietosuoja.fi/-/verkkokauppa.comille-seuraamusmaksu-asiakastietojen-sailytysajan-maarittelematta-jattamisesta-myos-vaatimus-asiakkaan-rekisteroitymisesta-oli-lainvastainen   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

22 Maalis 20241h

In this episode Milla, Pilvi, and Jyri try to save their faces after the Episode #51 meltdown only to discover that they are forever changed by that experience. Just when we brace ourselves to move forward like “a granny in a bog” as the Finns say, we hear a suspicious announcement: “Please remain calm, the end of the pre-DMA era has arrived, we cannot save you, enjoy the ride” that pushes us into observing the first signs of the DMA doomsday and ask: what is the point of all the new consents rolling onto our screens? Will it be an effective way to control the digital markets? Furthermore, we peek to the other side of the pond and see how the new executive order that the frisky American president has issued will change the US privacy forever… or is it just a big whoop about nothing? We also take a look at the EDPB’s opinion on the main establishment that seems like a promising idea but in reality, we arrive again to the question if it is—you guessed it–a big whoop about nothing? So turn up the volume and hold on to your doomsday hat, because this and much more awaits you and our other 5 listeners in this episode.    LINKS: About DMA https://digital-markets-act.ec.europa.eu/about-dma_en   The US Executive Order: https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/28/fact-sheet-president-biden-issues-sweeping-executive-order-to-protect-americans-sensitive-personal-data/ EDPB on main establishments: https://edpb.europa.eu/system/files/2024-02/edpb_opinion_202404_mainestablishment_en.pdf   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

12 Maalis 202457min

We started this episode with so much enthusiasm, positivity, and excitement but we ended up thinking that this is the episode we wish to exercise our right to be forgotten on. We start with the Google case on, you guessed it, right to be forgotten, where the Swedish court ordered Google to pay SEK 50 million in fines and declared that Google cannot provide publishers a list of de-listed websites to the webmasters thus confirming the EDPB’s (and WP29’s) guidance on the matter. We question the EDPB guideline and the Court’s ruling and somehow we end up in a very confusing situation where Pilvi rambles on, Jyri refuses to understand, and Milla is desperately looking for an exi(s)t sign. We caution you to listen at your own risk. We also cover the latest DMA drama regarding Apple app store including Spotify’s hot take on it. Furthermore, we return to Google and wonder how the consent mode v2 can be legal? Join in for the episode and please have mercy on us.    LINKS: The Irish Independent article: https://m.independent.ie/irish-news/courts/google-forced-to-stop-telling-publishers-about-right-to-be-forgotten-decisions-after-court-ruling/a596519256.html Sweden’s Aftonbladet article: https://www.dagensmedia.se/medier/digitalt/dom-mot-google-vinner-laga-kraft/   On Google’s consent mode v2: https://www.cookiebot.com/en/googles-consent-mode-deadline-ads-privacy-compliance/   Spotify’s take on Apple store changes and the issues with the DMA: https://newsroom.spotify.com/2024-01-26/apples-proposed-changes-reject-the-goals-of-the-dma/ Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

20 Helmi 20241h 2min

Take a tight grip on your cups listeners, because today we are spilling the hottest tea of the legal world, a behind the scenes story of the AI Act. We delve into this with a person who had the front seat at the closed-door tea party: Dan Nechita, the Head of Cabinet to Romanian MEP Dragos Tudorache (Renew Europe) at the European Parliament. Dragos Tudorache has served as a rapporteur on the file. Renew Europe is liberal, pro-European political group of the European Parliament founded for the ninth European Parliament term. The group is the successor to the Alliance of Liberals and Democrats for Europe (ALDE) group which existed during the sixth, seventh and eighth terms from 2004 to 2019. Renew Europe has been pushing for AI systems that respect fundamental rights and the EU's democratic values, provide legal certainty concerning innovation and investment, and facilitate the development of a single market for lawful and safe AI. Dan takes us to the room where it all happened and talks about what transpired during the all-nighter negotiations in December.  He also sheds light on the background of the AI Act and whether or not we can breath already or will there be more changes. We try to guess why did the AI Act leak as well as what happened to the General Purpose AI, and if the Fundamental Rights Risk Assessments is just a DPIA that slays. We also discuss whether the legislators understand how expensive this will be for the organizations: is it a case of because you’re worth it…or because they can afford it? ...And Milla and Pilvi totally forgot that this was our 50. podcast. Oh well, we will celebrate at 100 then.   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

3 Helmi 202453min

A new year of PrivacyPod is kicked off with an episode covering the hottest topics and most intriguing privacy news so far! Hosted by Milla and Laura, in this show our privacy DSARs speculate what the actual is up with Meta’s consent or subscribe. And it would not be a 2024 privacy show if we would not dip in to what to expect in 2024 regarding recently leaked the EU AI Act. We discuss a German case where the local court raised the bar high for answering data subject access requests (commonly known as DSARs) on time. Somewhat unexpectedly we find ourselves defending data brokers and cursing the difficulty of meeting those tough transparency requirements.  Links Meta decision coming: https://politico-tech.simplecast.com/episodes/an-exit-interview-with-europes-most-powerful-privacy-regulator  Leaked AI act: https://iapp.org/news/a/eu-ai-act-draft-consolidated-text-leaked-online/ German case https://www.arbeitsrechtsiegen.de/artikel/bewerberanspruch-auf-auskunft-nach-art-15-dsgvo-und-schadensersatz-aus-art-82-dsgvo/  Black tiger case https://www.gegevensbeschermingsautoriteit.be/burger/gba-sanctioneert-gegevensbeheerder-black-tiger-belgium-wegens-gebrek-aan-transparantie https://www.autoriteprotectiondonnees.be/citoyen/lapd-sanctionne-lentreprise-de-gestion-de-donnees-black-tiger-belgium-pour-manque-de-transparence https://www.dataguidance.com/news/belgium-dpa-issues-174640-fine-black-tiger-unlawful  Poland Bisnode 2019: https://iapp.org/news/a/polands-dpa-issues-first-gdpr-fine/  https://uodo.gov.pl/en/553/1572 (The Supreme Administrative Court upheld the decision of  the Personal Data Protection Office (UODO)   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

28 Tammi 202458min

In this week’s episode Milla discusses with Gabriel Silva from TravelPerk the best practices for using AI to enhance your work as a privacy professional. TravelPerk has recently started using a custom-built Legal Bot, which crunches through hundreds of privacy and other legal questions. What do you need to consider when you outsource legal work to a bot? How do you finetune the model to make sure that the answers are relevant? Gabriel shares his practical experience on all of this. We also discuss other AI tools that are available for anyone. What kind of work tasks is AI good for? How to get started with prompting - and how to get better at it?  Gabriel is based in Barcelona and works as Legal Manager for privacy at Travel Perk which is a platform for business travel bookings. Gabriel has previously worked at Google at Google’s legal operations.   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

12 Joulu 202354min

This week on PrivacyPod: EDPB’s guidelines on the infamous cookie article! EDPB published a couple of weeks back guidelines on the technical scope of Article 5(3) of the ePrivacy Directive (also known as the golden rule… no, sorry, the cookie rule). Hannes (!), Heikki (!!), Laura (!!!!) and Milla (????) go through the guidelines, speculating why do we get guidelines on this topic right now, considering that the legislation is not exactly fresh out of the oven. What exactly is then the technical scope of the cookie article? And how will organizations go about implementing the new guidelines, once they have been adopted after the consultation period? Also in this episode: Hannes, Heikki and Milla share reflections on the recent IAPP Brussels conference. Don’t worry though privacy folks, we only discuss the official program - what happens in Brussels, stays in Brussels.   Links: edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf (europa.eu)    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

25 Marras 20231h 6min