The Senate’s Talking Privacy Laws Again…But Is Anything Different?

The Senate’s Talking Privacy Laws Again…But Is Anything Different?

If you want to take the privacy pulse of the nation, there are few better venues than a Senate Commerce Committee hearing in which to do so. Yesterday, the Committee that will be the source of a federal US privacy law – if there ever is one! – convened a hearing called “Revisiting the Need for Federal Data Privacy Legislation.” It’s fair to say they had an all-star cast of privacy experts as witnesses: Julie Brill, Former Commissioner, Federal Trade Commission William Kovacic, Former Chairman and Commissioner, Federal Trade Commission Jon Leibowitz, Former Chairman and Commissioner, Federal Trade Commission Maureen Ohlhausen, Former Commissioner and Acting Chairman, Federal Trade Commission Mr. Xavier Becerra, Attorney General, State of California   Pretty impressive! …

Did The EU Just Pull The Rug Out From Data-Driven Businesses? Here’s What You Need To Know.

Did The EU Just Pull The Rug Out From Data-Driven Businesses? Here’s What You Need To Know.

“The rug.” That’s how privacy activist Max Schrems began a tweet reacting to yesterday’s news that the Irish Data Protection Commission will act to stop Facebook from sending European citizens’ data overseas to the United States. Schrems, the individual most responsible for this development, was accurate to characterize this as a rug being pulled out from under the feet of the world’s biggest social network. But in truth, this is the opening gambit of a new data privacy chapter that could take years to unfold. Why Are EU Regulators Acting Now? Some background context: EU citizens’ data is protected by the provisions of the General Data Protection Regulation (GDPR). It’s a law that affords far greater privacy protections to European …

Here’s why a cookie consent manager won’t get you CCPA-compliant.

Here’s why a cookie consent manager won’t get you CCPA-compliant.

It’s a wild time in the world of data privacy. With the California Consumer Privacy Act becoming eligible for legal enforcement on July 1, companies all over the US are rushing to get compliant with the country’s first truly far-reaching privacy law. When a marketplace is full of urgency, it can be hard to separate truth from fiction. I’m writing to put paid to one of the more pervasive myths I’ve seen out on the front lines of CCPA compliance: the idea that you can adhere to the CCPA’s “Do Not Sell My Personal Information” requirement using just a cookie consent tool. You can’t. If you could, it wouldn’t be called a cookie consent tool. Here’s what I mean: Data …

What the Schrems II decision means for the future of data privacy… and your business

What the Schrems II decision means for the future of data privacy… and your business

There are two things businesses everywhere like: certainty and harmonization. The Schrems II ruling in the Court of Justice of the European Union (CJEU) strikes a blow on both of these counts with respect to the vast (and hugely valuable) transfer of user data from the EU to the United States.  By ruling that one of the two main legal protections for user data transferred to the US – the so called “Privacy Shield” – doesn’t sufficiently guarantee respect for fundamental data rights, the CJEU’s decision poses a clear and immediate threat to businesses that rely on Privacy Shield to facilitate data flows. That’s 5,378, including some of the biggest tech companies in the world.  It’s notable that while Privacy …

What FB’s “Limited Data Use” means for your marketing team’s CCPA compliance efforts

What FB’s “Limited Data Use” means for your marketing team’s CCPA compliance efforts

It’s been a long time since Facebook was on the receiving end of good press – heavy is the head that wears the social media crown. A quick win, in my view, would be to openly and proactively assist its many advertisers trying to comply with the California Consumer Privacy Act (CCPA).  The CCPA is the first major data privacy regulation in the US and a GDPR-lite for residents of California. But it’s quickly become a de facto standard for the entire United States, and many of tech’s leading lights have gone ahead and rolled out CCPA-level privacy protection for consumers all over the country.  So how does this relate to Facebook? The rollout of its Limited Data Use (LDU) …

CPRA Will Be On The Ballot. Here’s What It Means.

CPRA Will Be On The Ballot. Here’s What It Means.

I confess that the California Secretary of State’s announcement today, which affirmed the CPRA (or “CCPA 2.0”) will be put to public vote this coming November, and take effect as soon as next year, caught me by surprise.  When debate over its eligibility for inclusion arose, I expected legislators might angle to slow the tide of regulatory advance for California, and, in effect, for businesses across the country.  And I would understand that aim. I’ve seen very clearly the colossal strain that CCPA compliance efforts have placed on teams of all sizes. Ethyca’s technology can certainly alleviate large parts of it, but even key stakeholders among our clients have had to work hard to achieve the organizational buy-in and culture …

Ethyca’s funding announcement: a letter from the CEO

Ethyca’s funding announcement: a letter from the CEO

When we started Ethyca in 2018, we had a simple but challenging mission: Increase people’s trust in data-driven business. Today we announce two important milestones on that journey: the launch of Ethyca Pro and the news of our $13.5m Series A funding round. Ethyca Pro is the first completely self-service privacy solution, automating Data Mapping, DSR management and Consent for CCPA in California, GDPR in Europe, and future regulations like LGPD in Brazil. It’s a low-friction solution that integrates seamlessly with any enterprise data stack to perform all key privacy compliance tasks without any manual effort needed. You can try it completely free here. This round of funding was led by IA Ventures and joined by a number of exceptional investors and data …

Data privacy start-up Ethyca raises $4.2m seed round

Data privacy start-up Ethyca raises $4.2m seed round

July 25, 2019 – Data privacy start-up Ethyca announced that it had just closed its latest funding round, raising $4.2m. The New York-based company was set up by Irish engineer Cillian Kieran, who previously founded BrandCommerce and digital consultancy firm CKSK. The funding round was led by IA Ventures and Founder Collective, with Table Management and Sinai Ventures also participating. Cheddar’s Jon Steinberg and Moat co-founder Jonah Goodhart also contributed to the fund. Ethyca will use this round of funding to build out its team and product. Director of MIT’s Internet Policy Research Initiative, Daniel Weitzner, will also join the company as an adviser. The data privacy start-up provides developers and product teams with infrastructure to ensure consumer privacy throughout …

Ethyca announces world first self-service privacy products

Ethyca announces world first self-service privacy products

May 19, 2020, New York – Ethyca, a New York-based startup, today announced the launch of self-service privacy products, a world first. Teams will be able to start complying with privacy laws in minutes. Ethyca also announced that businesses can begin using its self-service product for free, enabling automated privacy compliance for a companies across a range of life cycle, from startup to enterprise. Ethyca will now allow businesses of all sizes to implement comprehensive privacy management within a few clicks and without a lengthy onboarding process.  Ethyca can confirm that their premium product, Ethyca Pro+, is now being used by multiple major direct-to-consumer brands. Companies everywhere are under greater pressure to comply with new privacy regulations such as California’s …

The Deep Privacy Challenge of Doing DPIAs Well

The Deep Privacy Challenge of Doing DPIAs Well

  Data Protection Impact Assessments are the sleeping giants that lie deep in the GDPR. Doing DPIAs well requires organizations to commit to responsible data management at a deep, deep level. That’s one of the reasons why they are so challenging. DPIAs: Why Do They Get Overlooked? If one were to poll a sample of business, technical, and marketing professionals on “GDPR provisions that keep you up at night,” it’s likely DPIA’s wouldn’t make the top three. There are flashier aspects of GDPR. Consent management. Right-to-object. Data Subject Requests. Since these are the elements most frequently in the headlines, they tend to take up the most space on a business’s priority list. But DPIA’s represent the biggest challenge to most …