#50: In the room where the AI Act happened with Dan Nechita

Hot off the press! In this week’s episode we go through our very first reactions to EDPB’s final recommendations on supplementary measures, the most awaited document of this year. Is it risk based approach now, or not so much? We also chat about UK’s adequacy decision and reflect upon how the new standard contractual clauses should be viewed in the current landscape of international data transfers. This episode features a very special guest! Panu and Milla are joined by Trevor Hughes, President and CEO of the IAPP. We talk about Trevor’s career in privacy, IAPP’s role in fostering the privacy profession and IAPP’s return to live events this year. Also included in the episode is a wonderful motivational speech from Trevor on what keeps him going as a privacy professional. And of course, we could not let Trevor go without going through our GDPR Quiz. Listen in for his impressive results! EDPB’s final recommendations on supplementary measures https://edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf   New SCCs https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod Email: tietosuojapod@protonmail.com

23 Juni 20211h 2min

Welcome to another episode of PrivacyPod, this week with our resident cookie monster Heikki Tolvanen and Milla Keller. Heikki is excited about ice hockey (Milla is not), Milla is excited about the new SCCs (Heikki is not). We discuss German data protection authorities joint efforts in auditing Schrems II compliance, a class action against TikTok in the Netherlands, and Garante’s blocking of the covid app in Italy. Listen in also for our view on the latest decision from the Finnish supervisory authority, which makes us just ask… Why? In the episode you can also hear the poorest pep talk in human history, and the above mentioned excitement from Heikki… Well, let’s just say Finnish guys express emotion in very subtle ways. German DPAs investigate data transfers: https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/pressemitteilungen/2021/20210601-PM-Schrems_II_Pruefung.pdf Final version of the new Standard Contractual Clauses is ready: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en TikTok gets sued in the Netherlands: https://www.dw.com/en/dutch-parents-sue-tiktok-for-14-billion/a-57762350 Garante blocks the Italian covid vaccine app: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9592623 Decision from Finnish DPA regarding a small data breach: https://finlex.fi/fi/viranomaiset/tsv/2021/20210843 We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod Email: tietosuojapod@protonmail.com

9 Juni 202147min

This week we are back to our regular programming with an episode packed with privacy news. Panu and Milla are reflecting upon how GDPR’s birthday celebrations went last week – our baby is three years old already! Where did the time go! Other than that, we discuss the newest wave of cookie complaints from NOYB and will wait eagerly for our third co-host Heikki’s feedback on our coverage of this topic (the feedback will probably be negative). And what about those ECHR judgments on mass surveillance in Europe – puts our Schrems II discussions in a slightly awkward light, no? Listen more in the episode!   New wave of cookie complaints from NOYB https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-issues-more-500-gdpr-complaints   Digital Rights alliance complaint against Clearview AI https://www.dataguidance.com/news/eu-noyb-and-other-privacy-groups-call-eu-authorities   EDPS investigations following Schrems II https://edps.europa.eu/press-publications/press-news/press-releases/2021/edps-opens-two-investigations-following-schrems_en   European Court of Human Rights verdicts on state surveillance https://hudoc.echr.coe.int/eng#{%22itemid%22:[%22002-13278%22]} We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy Instagram: @privacypod Email: tietosuojapod@protonmail.com

3 Juni 202148min

In our third episode, Panu and Milla dive deeply into the mysteries of the Doctolib case from the French courts. Thankfully, we have Michael Hopp who works as a Partner at the Copenhagen based law firm Plesner to guide us through the murky waters of international transfers. Michael is one of the original pioneers in Nordic privacy and has extensive experience in multitude of privacy disciplines. He also teaches on the subject a lot and thus this episode is a great listen also purely as a learning experience. What was the Doctolib case actually about and what have people misunderstood on it? Can we use cloud services again? And how fast can Michael run a half marathon? Listen in and find out! Read into the Doctolib case here: https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/ The Norwegian guidance on Schrems II case: https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2020/sos-om-nye-regler-for-overforing/ We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy Instagram: @privacypod Email: tietosuojapod@protonmail.com

28 Apr 20211h 4min

Welcome to the second episode of PrivacyPod, a show about EU privacy, technology and cookies. Our regular content covers recent privacy related news, and in addition to this we feature interesting guests to hear about their career and their take on current privacy developments. PrivacyPod is hosted by Panu Pökkylä and Milla Keller. This time we talk to privacy counsel Emina Gaspar-Vrana from Trustly Group. Emina shares her interesting work experience from many sides of privacy: from private practice to the Swedish DPA and lately at one of Europes growing fintech. And of course Panu and Milla subject their guest to the merciless tutelage of the GDPR Quiz. How did Emina succeed in it? We also cover some of the latest news in the word of privacy. Such as: The Bavarian DPA orders a small German company to stop using Mailchimp over Schrems II concerns: https://edpb.europa.eu/news/national-news/2021/bavarian-dpa-baylda-calls-german-company-cease-use-mailchimp-tool_en  The European Union and the United States are pushing for intensified pace in the EU-US data transfer negotiations: https://ec.europa.eu/commission/presscorner/detail/en/statement_21_1443 European Parliament resolution on the Commission evaluation report on the implementation of the General Data Protection Regulation two years after its application: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0111_EN.html Google to bypass testing FLoC in Europe over GDPR concerns: https://www.adexchanger.com/platforms/google-will-not-run-floc-origin-tests-in-europe-due-to-gdpr-concerns/ We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy Instagram: @privacypod Email: tietosuojapod@protonmail.com

30 Mars 202158min

Drumrolls please, PrivacyPod’s first episode is out! This is a podcast about privacy, technology and cookies. Our regular content covers recent privacy related news, and in addition to this we feature interesting guests to hear about their career and their take on current privacy developments. PrivacyPod is hosted by Heikki Tolvanen, Panu Pökkylä and Milla Keller. In this week’s episode we are excited to have Tobias Bräutigam join us for a discussion on how companies are dealing with the Schrems II decision in practice. Tobias currently heads the data protection practice at Bird & Bird Finland and on top of this holds a docentur at the University of Helsinki. You can find Tobias on Twitter with the handle @PrivacyFin. In addition to our discussion on Schrems II we’re diving deep on the Deutsche Wohnen case – a puzzling court decision where the Berlin data protection authority’s fine of 14.5 million euros on the company was revoked due to procedural issues. News on Deutsche Wohnen in German: https://www.berliner-zeitung.de/mensch-metropole/deutsche-wohnen-muss-doch-keine-strafe-in-millionenhoehe-zahlen-li.141971 English news coverage on the case: https://www.dataprotectionreport.com/2021/02/deutsche-wohnen-fine-now-declared-invalid-by-a-german-court/#:~:text=Deutsche%20Wohnen%20fine%20now%20declared%20invalid%20by%20a%20German%20court,-By%20Christoph%20Ritzer&text=The%20Regional%20Court%20(Landgericht)%20of,case%20to%20the%20next%20instance. Case summary on the original data protection authority’s decision: https://edpb.europa.eu/news/national-news/2019/berlin-commissioner-data-protection-imposes-fine-real-estate-company_en   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy Instagram: @privacypod Email: tietosuojapod@protonmail.com

10 Mars 20211h 12min