Data Privacy Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • Users Need to Understand How Advertisers Use Their Data “Consumer data should be owned by the consumer. If we want to collect and use it for any marketing purpose, we must explain how we will do so – and obtain consent and permissions. (GDPR explains this quite nicely.) But to get that agreement, the consumer must understand the trade-off. They need to understand what’s in it for them and see real value in the arrangement. On the whole, I’d argue we’re not yet holding up our end of the bargain,”... More
  • Study: Blurring Your Face Doesn’t Fool Facial Recognition Software About face. “Obscuring your face does not hide you from facial recognition systems, researchers have found.” “A group from the Max Planck Institute found that blurred images were still individually identifiable with just a few non-obscured images to train from. With the proliferation of images on social networks, it is possible that almost anyone’s blurred face could still be identified.” “The researchers said only 10 fully visible examples of a person’s face were needed to identify a blurred image with 91.5% accuracy. With an average... More
  • European Auto Manufacturers: Customer Choice Should Drive Access to In-Vehicle Data “[T]he customer is king. And data sharing increases comfort and convenience for customers, improves products and services, and contributes to achieving societal goals such as improving road safety, reducing fuel consumption and facilitating traffic management,” says Eric-Mark Huitema Director General of European Automobile Manufacturers’​ Association (ACEA). “[The] principle that should guide the future framework for access to in-vehicle data is customer choice.” “In-vehicle data sharing should be based on clear terms and conditions ensuring that consumers know what data they share and... More
  • Ad Tech Companies Improving Consent Mechanisms to Earn Consumer Trust Consent seems to be the hardest word. “Ad tech companies are investing in better consent and preference experiences for end users simply because they have no other choice but to try and emerge as brands that end users can safely trust,” says Romain Gauthier Gauthier, CEO and co-founder of French consent management platform Didomi. Ad tech companies are in a good position to help address that challenge because they have integrations with both supply and demand, said Todd Parsons, Criteo’s chief product officer. “Making consent interoperate... More
  • Spanish Data Protection Authority: Poster Not Adequate Consent for Photos, Video “No consent – no photos” is the new “No shirt, no shoes (no mask), no business.” You need consent under GDPR to take photos or videos in a pub and upload them to the pub’s social media networks. An informative sign is not enough, says Spain’s Agencia Española de Protección de Datos – AEPD. The fact that the pub had provided an explanatory poster does not guarantee that the consent was unequivocal, since it can’t prove that each and every one of... More
  • Canada’s Privacy Commissioner on Weaknesses of CPPA Privacy Legislation “Canada Privacy Commissioner Daniel Therrien said key parts of the proposed Consumer Privacy Protection Act (CPPA, also known as Bill C-11) won’t increase consumers’ control over their data. He suggested quick and effective remedies for violating the law and encouraged innovation. “[The CPPA “leaves out an important facet of our current legislation, the idea that meaningful consent requires that the person giving it understands the consequences of what they are consenting to.” “Moreover, the privacy notices that serve as the basis for... More
  • The Benefits of GDPR Compliance and Ethical Handling of Data “Complying with GDPR and ethical considerations when developing a digital service is actually a ‘win win situation.'” – says Forbrukerrådet’s eloquent Finn Lützow-Holm Myrstad in a conversation with IAPP – International Association of Privacy Professionals’ Jedidiah Bracy. Some key points: If you don’t collect the data, it can’t be peaked or misused. If there is too much data, it’s bound to be misused. Data Transparency: This is important, but it won’t fix everything. You will never have the perfect consumer who will make... More
  • Post-Cookie Lessons for Marketers From the Pharma Industry “Cookie replacement solutions connecting first-party data to individual ads through universal IDs are coming, but rather than chasing a retooled version of a historically clunky solution, marketers should build new data frameworks that employ statistical modeling and AI to illustrate a probabilistic media journey,” says Mark Sturino, VP of data and analytics at Good Apple. “The specifics of how this can be done will vary by industry and primary KPIs; building plans that consider media mixes at the DMA level with... More
  • Can Location Data Truly Be Anonymized? New Research Says No “A vast body of research has shown [mobility] data is highly reidentifiable. Previously, researchers showed that knowing four random points of someone’s trajectory points, such as when and where you take your morning coffee, was enough to uniquely identify that person 95% of the time in a dataset of 1.5 million people. Other studies have replicated similarly high unicity numbers with location data obtained from vehicles, smart cards in public transport, credit card transactions and mobile phone metadata in a... More
  • Federal Cyber Shield Act Aims to Protect Connected Devices U.S. lawmakers have reintroduced legislation to protect connected devices. “IoT” should also stand for “Internet of Threats” until we put in place appropriate cybersecurity safeguards, said U.S. Sen Ed Markey. The Hill reports that the Cyber Shield Act introduced by Sen. Markey and Rep. Ted Lieu would: Create a voluntary cybersecurity certification program for internet-connected devices. Establish an advisory committee made up of cybersecurity experts in government, the private sector and academia to create security benchmarks for internet-connected devices. The benchmarks would enable the... More