Thinking with GDPR (Andrew Cormack)
Europe's General Data Protection Regulation (GDPR) is sometimes portrayed as a complicated obstruction to doing what we want. This talk will look at the law behind the slogans: finding a rich source of guidance on how to develop the effective, privacy-respecting services that our customers and users - not just in Europe - need and expect. We'll look at the principles of Accountability, Necessity, Purpose Limitation and Information, and show how these help us design services that work better for users and providers. Specific examples will be taken from access management and data analytics.
mHealth Wearables and Apps: A changing privacy landscape (Christine Suver)
The use of wearables and smartphone apps to collect health-related data (mHealth) is a growing field. Wearable and health apps can continuously monitor our physical activity, sleep, heart rate, glucose levels, etc. They provide a rich data set that can supplement the data from occasional doctor's visit. But what are the privacy considerations of mHealth? We will explore global privacy principles, discuss the tension between anonymity and data utility, and propose ways to improve privacy notices/policies.
A look at China’s draft Personal Information Protection Law (Judy Bai)
With measures to ensure privacy getting prioritized worldwide, many countries have framed relevant laws and regulations on personal information protection. On October 21, 2020, China released its draft Personal Information Protection Law (PIPL) for public consultation.
When the draft PIPL gets passed, it’ll be China’s central and universal governing law on protecting personal information. While no definitive timeline has been set for the final law, we discuss some of the key features of this important piece of draft legislation and how businesses (based in China and those engaged in commercial interactions with people living in China) should prepare ahead to ensure data privacy compliance.