2016年IAPP全球隐私峰会:关键主题和外卖

全球隐私

上个月,来自世界各地的隐私和安全专业人员聚集在华盛顿,D.C。为国际隐私专业人士协会全球隐私峰会2016年。会议重点关注隐私的新观点,欢迎(回来)人类因素,政府监管机构在建立和执行安全和隐私惯例方面的越来越多,以及新的欧盟隐私发展,这可能会产生持久的影响行业。

我们在那里占据了一切,并提供了这五个重点和外卖的关键领域。

  1. 监管机构的作用。每年,IAPP展示来自美国和国外的监管机构,提供关于隐私和安全的观点。今年似乎更加重视监管机构通过执法行动,考试/审计以及在建立安全性最佳实践方面的突出作用方面塑造隐私和安全。超过80个全长面板演示的三分之一以上特色政府机构代表和监管机构。Beyond the typical expected agencies (e.g., the Federal Trade Commission, Federal Communications Commission, various Attorneys General’s Offices, Department of Commerce, and the Department of Health and Human Services), representatives from non-traditional government agencies made notable appearances, including the U.S. Department of Transportation, the Consumer Financial Protection Bureau, Department of Education, Commodity Futures Trading Commission, and the City of Seattle. In a possible signal from these agencies that they intend to get more involved in cybersecurity and data privacy in 2016, they discussed a wide variety of new topics, including the connected devices and the internet of things, financial institution examinations, and encryption. Organizations, especially those that are in highly regulated industries, are well-counseled to take this as a sign that enforcement investigations and proceedings have not yet reached their high point.
  2. GDPR和欧洲隐私。不出所料,许多会议探讨了即将实施欧洲的GDPR - 其一般数据保护规范。GDPR将会涉及扫地的变化欧洲对隐私和数据保护的监管,包括向任何向欧洲居民提供服务的公司提供域外适用性,以及公司全球总收入的潜在罚款高达4%(4%)。虽然过去的课程侧重于欧洲议会最近的GDPR可能包括什么,但大部分重点都转向实际建议(见我们的建议这里)开始为GDPR做好准备,这可能在采用后两年强制执行。特别关注许多人是在欧洲的个人与个人的现实 - 无论是客户,员工还是其他人 - 这对考虑这些新要求如何影响贵公司并相应准备至关重要。
  3. 欧盟数据传输,隐私盾牌和数据本地化。数据流动 - 无论是跨境还是海洋 - 仍然是对话的一个重要话题,因为它已经在过去几年。与会者和发言者专注于细节提议隐私盾牌已提议取代无效的欧盟 - 美国。Safe Harbor Framework for transfers of personal information from the EU to the U.S. In a joint session with FTC Chairwoman Edith Ramirez and Chairwoman Isabelle Falque-Pierrotin of Europe’s Article 29 Working Party and President of CNIL (France’s data protection authority), the key question was whether U.S. company compliance with the Privacy Shield would be a long term solution for EU-U.S. data transfers? Not necessarily in Ms. Falque-Pierrotin’s view. Privacy Shield may not be sufficient under the GDPR, nor will it be a magic bullet for all types of data-transfers. Under this view, U.S. companies may have to continually reassess data transfers and change business practices in order to stay on top of evolving European regulator views of what is required for “adequate” protection of personal data.Other sessions explored growing data localization trends (such as in Russia and China) that restrict the removal of data. These rules pose some challenges to scaling businesses globally, companies that do business internationally should understand how existing and emerging restrictions on data transfers impact business models and processes so that they can develop appropriate data storage and transfer strategies. In Russia, for example, there are exceptions that would allow onward transfer of data outside of Russia.
  4. FCC训练。与过去几年一样,FCC往往是在中心阶段,特别是在其作为隐私和数据保护监管机构的突出处,特别是鉴于最近发布的建议规则的通知(NPRM)寻求强大隐私和数据保护义务关于电缆公司和无线运营商等宽带提供商。在FCC执法局负责人的高度预期的会议上,在FCC的执法局负责人中,对FCC目标提供了重要的洞察,并在传播部门的隐私实践中审查的局势审议增加背后的动机。勒布朗法通过执法行动与规划程序进行了解违法行为,解决了主席团的利弊,以清楚地说明隐私义务。他还分享了在培养执法行动之前,FCC始终考虑行为是“令人愤慨的”,并考虑供营商行为的责任(在NPRM中解决)。Leblanc确定了对电缆和卫星操作员实践的重点,并开放互联网订单执法作为2016年的最重要优先事项。所有互联网服务提供商和与其业务的人可能希望花时间了解广泛和详细的拟议隐私法规。
  5. 跟踪和数字广告。基于利益的广告,在线跟踪和交叉设备跟踪是今年峰会的讨论主题。作为基于利益的广告生态系统仍然很复杂对于执行各种目标广告角色的公司,广告商和网站和应用程序运营商必须跟踪他们使用和共享的信息以及在这些空间中使用服务提供商时的隐私考虑因素。作为跟踪和定位技术的创新,生态系统中的它们和演员都必须评估如何应对监管机构指导和兴趣以及行业代码和指导方针,这些技术和指导方针都解决了实践和个人选择和选择退出的透明度等主题。例如,仅次于FTC举行了一个交叉设备跟踪的研讨会和相关隐私问题,以及在追求研讨会之后的峰会上共享的FTC律师,FTC将继续密切监控交叉设备跟踪,与业界在开发最佳实践时,并在其认为实践是不公平的情况下实现执法行动或欺骗性。这一领域预计将仍然是追踪和广告客户和展望在线的公司的最高隐私问题(和持续的监管重点),并且留在适用的法律,行业代码和公司隐私承诺中非常重要对这些做法。