In the first episode of season two of Privacy Abbreviated, Dona Fraser, the SVP of Privacy Initiatives for BBB National Programs, is joined by new cohost Jason Cronk, the President of the Institute of Operational Privacy Design. After introducing Jason, Dona dives into some of the current topics regarding privacy and interviews Jason on his history in the field.
03:20 – When discussing his introduction to the realm of privacy, Jason mentions his early interest in Privacy by Design. The concept was developed in the 1990s to address the increasing effects of technology and large-scale data systems on privacy. It suggests that organizations should prioritize privacy as a default mode of operation rather than solely relying on regulatory frameworks.
Privacy by Design applies to three encompassing applications: IT systems, accountable business practices, and physical design and networked infrastructure. While it can be applied to all types of personal information, it should be applied more rigorously to sensitive data like medical and financial information. The strength of privacy measures is often proportional to the sensitivity of the data.
Ann Cavoukian, Ph.D., developed The 7 Foundational Principles to create actionable steps for this initiative, which dive into how companies should approach keeping user data secure.
08:10 – Jason warns that, in today’s digital age, even small companies can develop apps that become viral sensations overnight. However, with such rapid growth comes the risk of privacy issues. Small companies, especially, may lack the resources and expertise to ensure that their apps are designed with privacy in mind, leaving them vulnerable to breaches and data misuse. As a result, companies of all sizes need to prioritize privacy from the outset, implementing measures such as data encryption, user consent mechanisms, and privacy policies to protect user data and maintain trust in their products.
An app called “Girls Around Me” was created by a Russian developer and allowed users to view the locations of nearby women based on their Foursquare check-ins. The app received criticism for its potential to facilitate stalking and harassment. Eventually, the app was pulled from the market after Foursquare changed its API to prevent third parties from accessing its data. We see here negligence on two ends: Foursquare was irresponsible in its privacy practices, and the developer failed to consider the ramifications of his design.
Though this is an extreme example, privacy infringements are common when data security isn’t thoughtfully considered at every stage of a project. Security should be built in rather than added on after the fact.
17:20 – Regarding current events, Dona asks Jason for his insight on the recent TikTok hearing. The hearing was held on March 23, 2021, by the Senate Subcommittee on Privacy, Technology, and the Law. It focused on TikTok’s data privacy and security practices, particularly concerning its Chinese parent company, ByteDance.
Senators expressed concerns about the possibility of TikTok providing user data to the Chinese government. They questioned the app’s data retention policies, content moderation practices, and data-sharing agreements with third-party companies. TikTok’s witnesses defended the company’s practices, emphasizing that user data is stored in the US and Singapore and that the company has implemented strict data access controls and user privacy protections.
The hearing also addressed TikTok’s potential impact on national security and the need for greater regulation of social media platforms. Senators concluded by calling for more transparency and accountability from TikTok and for greater regulation of tech companies to protect user privacy and prevent foreign influence.
Closing the episode Dona encourages audiences to continue listening throughout the season as she and Jason delve further into the world of privacy, each sharing their insight and expertise on the optimal approaches to data security in an ever-evolving landscape.