The actual cost to a company from a privacy enforcement action could be many times higher than the regulator's fine, Clarip CEO Andy Sambandam said in an interview. Privacy has become a quickly rising concern for companies amid a growing number of privacy laws and state enforcement actions, he told Privacy Daily.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
While children and teens' safety online has been a focus of regulators and lawmakers globally, privacy experts believe this trend will continue growing, according to their recent posts.
A coalition of organizations and privacy experts raised concerns about a new feature of digital identity systems that allows the government to track individuals through documents such as driver’s licenses. The “phone home” functionality is built into identity systems and allows “authorities to track when or where identity is used” when the identity issuer or third party interacts with the user’s app, said a Monday statement by the coalition, which included the American Civil Liberties Union.
Julie Brill, chief privacy officer and corporate vice president for Global Privacy, Safety, and Regulatory Affairs at Microsoft, will step down from her full-time role in July, she said in a LinkedIn post Friday. Brill said she will launch a consultancy in September with Microsoft as her first client. Before her time at Microsoft, Brill was a commissioner at the FTC, and later was part of the privacy and cybersecurity practice at Hogan Lovells.
Biometric systems must be designed in a way that honors the ability to revoke and delete data, especially with the rise of biometric authentication in daily life, said privacy-focused system design software engineer Naveen Kumar Reddy Pajjuri in an IAPP piece Wednesday.
The European Commission Wednesday unveiled its latest proposals that are intended to reduce administrative costs for European business by simplifying a range of rules, including in the General Data Protection Regulation (GDPR). The GDPR change, which differed slightly from what was expected, drew mixed reactions from stakeholders.
The EU-U.S. Data Privacy Framework (DPF) appears to be holding despite Trump administration actions in connection with the FTC and Privacy and Civil Liberties Oversight Board (PCLOB), Irish Data Protection Commissioner Dale Sunderland said during a May 14 interview at the IAPP AI Governance Global Europe conference in Dublin.
The U.K. Information Commissioner’s Office (ICO) plans to “relax” online advertising-related privacy enforcement, using the General Data Protection Regulation's "legitimate interest" principles as justification, Executive Director-Regulatory Risk Stephen Almond told us in April at the IAPP Global Privacy Summit in Washington (see 2504280042). Almond said regulators will look to loosen enforcement standards under the Privacy and Electronic Communications Regulations (PECR).
Businesses must traverse an expanding “minefield of state and international regulations,” said BigID CEO Dimitri Sirota in an interview last month at the IAPP Global Privacy Conference in Washington. The emergence of AI has also created privacy compliance challenges -- but the emerging technology could also make some aspects of the data protection profession more efficient, he said.
DUBLIN -- EU digital rules such as the General Data Protection (GDPR) and AI Act must align with technological reality or risk harming innovation, speakers said Wednesday at the IAPP AI Governance Global Europe 2025 conference.