Navigate LLC

01/18/2025

12/30/2024

Being present for others – a valuable reminder observed at a rest stop

As we approach a new year, I was reminded of an encounter a few years ago that seems particularly appropriate as we reflect on 2024 and how to improve in 2025. Unlike our other posts about the tangible steps to take when building, executing and maturing, and governing a privacy program, this post is about a "softer" skill set – being present for others. As privacy professionals we generally spend our days fighting the clock, executing against a seemingly endless task list and working hard to make a meaningful difference and add value to the organizations we serve. However, sometimes the best way forward is to truly focus with others rather than try to squeeze more out of a day.

After a long week of client activities, ending with three days of productive meetings at an out-of-town client, I faced a 4 hour car ride home. My colleagues drove separately as we started the week in different places. I started the trip home making a mental list of all the work that needs attention this weekend and next week, including catching-up on emails and voice messages. After a couple of hours driving, I stopped at a rest stop on the Penn turnpike that had a food court. After quickly getting a piece of pizza, I sat at a table and then powered up my MiFi and laptop to check email and started checking my voice messages. A few minutes later a man with his young son walked over and sat at the table next to me. The tables were unusually close, and it felt like we were sitting at the same table. The young boy had down syndrome. He needed help opening his drink, cutting his food and tying his shoelace. I could not help but notice the father’s response. He was totally “present” and attended to his son’s needs with patience and care. He engaged his son in non-stop conversation about baseball and their plans for the weekend. His mobile phone lay on the table face down and he never looked at it once, even when his son’s attention strayed. After they finished eating, they departed the same way they walked to their table, hand-in-hand and the son with his father’s undivided attention. It was a great reminder of the importance of being present not only with those that need us in our personal lives but also with our work colleagues and clients.

Being present is a skill that any professional dealing with multiple departments and multiple clients must strive to attain. Multi-tasking when alone is fine and can help maintain progress on numerous fronts. Multi-tasking when engaging with people is a detriment to all. However, in our hyper-connected world, this is a trap that any of us can easily fall into and for some has become the norm. The respectful attention this father paid to his son was a reminder of the same respectful attention we should all strive to show our colleagues and clients. Here’s to being more present in 2025!

06/30/2023

Is Australia Aiming at the Wrong Target? Google’s Chief Privacy Officer (CPO) Keith Enright believes so. The land down under is currently considering updates to its national privacy laws and one of key proposals is a standard in the EU’s General Data Protection Regulation (GDPR), the “right to be forgotten” (RTBF). But Australia is putting a specific spin on the RTBF. The proposal specifically targets online search results and stipulates that online search engines provide the ability to de-index search results that contain personal data like medical records, data on children, and exceptionally detailed, out-of-date, inaccurate, misleading, or irrelevant information. Enright says while Google is generally in favor of reform, the company believes it should not be singled out. He said, “We feel strongly that if you are creating a legal right to remove information from the internet, those requests should be directed to the publishers of that content rather than to search engines because, of course, even if it is suppressed from a search engine, that content still exists on the internet elsewhere.” Enright emphasized that Google’s crawlers continuously survey websites. So, if a host site removes the content per a consumer’s request, the issue with the search engine will “correct itself”. On the other hand, the Office of the Australian Information Commissioner says targeting search engines makes the most sense because it can be difficult to remove information at the source. The site may be hosted overseas where Australian law does not apply or domestic sites may ignore takedown requests. While true, there seems to be an argument on both sides. Time will tell how the final law takes shape. https://bit.ly/46m7JPf

As country considers ‘right to be forgotten’, firm says it would be more effective to create legal obligations for sites hosting information

06/28/2023

The G7 Expresses Concern over AI – The data protection and privacy authorities of the United States, France, Germany, Italy, United Kingdom, Canada, and Japan met in Tokyo on June 20 & 21. These G7 officials prioritized their discussion around the quickly developing artificial intelligence (AI) models known as generative AI. These models like ChatGPT, Google Bard, and Microsoft Bing Chat have the members concerned. In a draft statement on the G7 officials warn, “We recognize that there are growing concerns that generative AI may present risks and potential harms to privacy, data protection, and other fundamental human rights if not properly developed and regulated.” But this is not the first time the G7 nations have addressed the AI issue. In April of this year the members laid out what is called the ‘Hiroshima Process’ to align on preventing disinformation and promoting responsible use of the technology, among other topics. The Hiroshima process hopes to create and promote a voluntary Code of Conduct on generative AI that the European Commission is developing with the United States and other G7 nations. The code of conduct, still in its draft form, calls on AI developers to implement security safeguards that cannot be circumvented, ensure personal data is accurate, complete, and free from discriminatory effects, and be transparent enough to explain how the model works. In addition, the G7 is urging generative AI creators and providers to create technical and organizational measures to ensure data subjects can exercise their rights under applicable privacy laws. These are noble and appropriate goals but lack the force of law. But we may not need wait long. The EU is on the verge of adopting the world’s first comprehensive legislation on AI. Will the law align with the G7 goals? https://bit.ly/44mR1NS

The privacy watchdogs of the G7 countries are set to detail a common vision of the data protection challenges of generative AI models like ChatGPT, according to a draft statement seen by EURACTIV.

06/27/2023

On Second Thought, Some Data… Is stored in China. Recently, we posted about a Forbes article that rebutted the claim of TikTok CEO Shou Zi Chew that no consumer data of US users was stored in mainland China. Chew made the claim during more than five hours of testimony before Congress in March of this year. The Forbes article precipitated a response from a bipartisan group of senators demanding the CEO explain the discrepancy. Now, the social media giant has issued a response to the congressional letter. What did it say? TikTok defended the CEO’s testimony by making a distinction between user data that is supplied by consumers and data that is provided by content creators. Consumer data is that which is used to open a user account and browse postings. This data, according to the company, is stored in data centers in the United States and Singapore. However, content creator’s data like signed contracts and related documents for U.S. creators who start a commercial relationship with TikTok to earn money could be stored in parent company ByteDance’s servers in mainland China. Such information might include tax forms, social security numbers, and other personal data. The letter specifically stated that Chew’s testimony was pertaining to the user data, not the creator data, so his statements were true. So, are the senators convinced? Not so much, Senate Democrat Richard Blumenthal and Republican Marsha Blackburn remain skeptical about the distinction. In a joint statement they said, “TikTok executives appear to have repeatedly and intentionally misled Congress when answering how the company secures and protects the data of Americans.” So, one distinction has been disclosed. Will more clarifications be forthcoming? https://bit.ly/46mCQu7

TikTok has said under oath that Americans’ data has always been stored outside China. Now it’s saying there are big exceptions for creators.

06/23/2023

FISA Section 702 Under the Microscope – Section 702 of the Foreign Intelligence Surveillance Act (FISA) is currently scheduled to expire at the end of the calendar year. Section 70 allows warrantless surveillance of foreign nationals. While many argue that reauthorization is crucial to the security interest of the United States (US), there is a problem. First authorized by Congress in 2008, Section 702 allowed the FBI to spy on more than 246,000 foreign nationals in 2022. So, it’s working as it should, right? In the course of those investigations the information on 119,000 US citizens was also obtained. And that has some in Congress deeply concerned enough to say they will not vote for reauthorization without significant changes to protect US citizens. Senate Judiciary Committee Chair Dick Durbin said, “I will only support the reauthorization of Section 702 if there are significant – significant – reforms. And that means, first and foremost, addressing the warrantless surveillance of Americans in violation of the Fourth Amendment.” Many are calling on the FBI to obtain warrants for surveillance by showing probable cause. However, Matt Olsen, assistant attorney general of the National Security Division at the Justice Department pushed back saying, “Every judge that’s looked at this issue, every federal judge, including judges on the FISA court have concluded that a warrant is not required under the Fourth Amendment for searching the lawfully collected data that is in the FBI holding.” It seems the debate on this will continue through the summer and it is unclear what reforms the reauthorization will include. But, if we take the lawmakers at their word, it is sure to change dramatically. https://bit.ly/3qTAUcr

Senate Democrats are stressing their unwillingness to reauthorize a law that allows for warrantless surveillance of foreign nationals without significant reforms — aligning themselves with many of …

06/21/2023

AI on Hold – We have posted in the past about the various privacy risks associated with language trained AI models. Most of the news has been about OpenAI’s chatbot known as ChatGPT. But ChatGPT is not the only game in town. Search giant Google has its own version known as Bard and Microsoft has a product called Bing Chat. Last week we posted about how Bard was collecting geolocation data, “to provide, improve, and develop Google products and services and machine learning technologies.” Some in the privacy community pushed back on Google advising users of the privacy risks. These privacy risks have caught the attention of the Irish Data Protection Commission (DPC). Last week, the DPC paused the launch of Bard in the European Union (EU) saying that Google had not provided sufficient information about how Bard protects EU citizens privacy. Bard, already available in 180 other countries including the United States (US) and United Kingdom (UK) but has so far not made the tool available in mainland Europe for EU member countries. A Google spokesperson said, “We said in May that we wanted to make Bard more widely available, including in the European Union, and that we would do so responsibly, after engagement with experts, regulators and policymakers." Apparently, the consultation is taking longer than Google had hoped. When will Bard deploy to the EU? With no transparency from the DPC any guess would be wild speculation. https://politi.co/3qVVVmI

The Irish privacy watchdog said the tech giant has given insufficient information about how it will respect the EU’s data privacy rules.

06/16/2023

To Tell the Truth – Back in March, TikTok CEO Shou Zi Chew testified before the US Congress for more than five hours. Chew took the opportunity to defend the wildly popular social media platform’s privacy policies and emphasize its separation from the Chinese government by pointing out, “TikTok itself is not available in mainland China, we’re headquartered in Los Angeles and Singapore, and we have 7,000 employees in the U.S. today.” So, no data in China, no problem, right? Maybe not. According to a recent report by Forbes, TikTok has stored sensitive financial data about some of its biggest American and European contributors on servers in China. The report details how the company stores tax forms, social security numbers, and other personal data of those who earn money for their content with TikTok’s China-based parent ByteDance. Now, United States Senators are demanding answers about the contradictory testimony. A group of bipartisan senators led by Richard Blumenthal, the Democratic Chair of Senate Judiciary’s privacy and technology subcommittee, submitted a letter through Forbes that questioned Chew’s statements saying, “TikTok allowed private data about American users to be stored and accessed in China, despite repeated public assurances and Congressional testimony that TikTok data was kept in the United States.” Even further, Senate Intelligence Committee Vice Chairman Marco Rubio has requested that Attorney General Merrick Garland open a Justice Department investigation into Chew’s testimony to determine of the CEO committed perjury. The drama about TikTok is far from over. Will Chew or TikTok respond to the senators? https://bit.ly/3pbTyeO

Bipartisan Senate leaders are pressing TikTok CEO Shou Zi Chew to explain testimony that runs counter to findings in recent reporting by Forbes.

06/14/2023

Can You Tell Me Where You Are? When talking to a friend on a mobile phone this seems like an innocuous question. But, when asked by AI chatbot, it might seem a bit creepy. Artificial intelligence (AI) has been at the top of the news recently. AI promises to make our lives easier, respond to problems more quickly, and solve deep mysteries that have confounded scientists for decades. But does an AI chatbot really need to know your location? Yes, and no, depending on the circumstances. Google’s AI chatbot known as Bard recently began asking users to share specific geolocation data when using the service. Why? According to Google, Bard asks for this information, “to provide, improve, and develop Google products and services and machine learning technologies, including Google’s enterprise products such as Google Cloud.” While we all want improved products and services, some privacy advocates are sounding a warning bell about the location requests. Sarah Myers West, the managing director at the AI Now Institute, says, “There’s a whole host of reasons to be concerned about the security of location data and its implications for the privacy of users of the system.” What are the risks? Beyond sharing the location data with law enforcement, leaks of the data could lead to stalking and other types of harassment by those who have access to the data. Sharing any personal data with an AI chatbot can be risky, but geolocation data seems especially sensitive. Would you give up your location to a chatbot? Why or why not? Share your answer in the comments below. https://bit.ly/3NrqVng

Sharing any form of personal data with generative AI models can be risky, privacy experts say.

06/13/2023

Have you ever been coached on delivering effective presentations? Here are five rules to help you engage your audience. https://www.linkedin.com/pulse/reflections-from-coaching-session-effective-chris-zoladz-1f