Strategic Privacy by Design: An Interview with Jason Cronk

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be […]

Article 35 and Article 25 Square Off

For those not buried in the details of the European General Data Protection Regulation, there is often confusion about be the differences between Data Protection Impact Assessments (Article 35) and Data Protection by Design and Default (Article 25). Many people assume that DPIAs, as the impact assessments are called, are synonymous with with Data Protection […]

Transparency and Risk

I submitted comments to the Working Party 29 in response to their recently published Guidelines on Transparency under Regulation 2016/679 (aka GDPR). One of the points I highlighted was their promotion of Recital 39 which stipulates “Natural persons should be made aware of risks, rules, safeguards and rights in relation to the processing of personal […]

Article 12 – Transparent Information

As companies scurry to bring their personal data governance into compliance with the EU General Data Protection Regulation, they would do well to revisit their public facing privacy statements, in light of Articles 12, 13, and 14.  While Articles 13 and 14 hold the substantive requirements of an organization’s privacy statement, Article 12 has important […]