Alysa Hutnik’s Post

#DataMinimization in #privacy discussions is an apple 🥧 theme in policy talks but I don’t hear as much discussion about monitoring what happens as a result of that policy decision, or some of the other less consumer friendly after effects. Solving privacy is not the end of the story. This quote from a recent review of #privacyresearch caught my eye for example: “Policymakers encourage companies to minimize the collection of personal data about sensitive characteristics such as age, gender, race, and sexual orientation. But if companies don’t know who is male or female, white or Hispanic, how can they test for and prevent algorithmic bias against those groups? Further, how can they avoid unfair treatment of marginalized groups in “data deserts”?” What is our answer to #datadeserts and #algorithmicbias that is not just happy talk? #privacylaws #privacypolicy #algorithmicdecisionmaking #moretothediscussion Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/eNU3w7un

Data Privacy Is for the Privileged

chicagobooth.edu

10 Comments

Gerard Stegmaier

Practical Problem Solver + Trusted Consigliere

Most of these things can be engineered around. The reality is that much of the policy talk is divorced from the engineering and technical realities. The people who make law and regulation often are completely attenuated from the people who must deal with it. And, often the advocates/intelligentsia are equally if not further removed. And, one step further, there is little to any mention, ever, of the First Amendment and expressive consequences resulting from government-driven efforts to discourage speech-related activities that are not deceptive. Really great prompt Alysa and sorry for the long, strident answer. We can do better but from regulators we need more, or just some carrot, rather than all stick all the time.

3 Reactions

Ben Winokur

Anonymize your data

I think this is driven at least in part by an overly narrowed definition of data minimization that focuses exclusively on *collecting* less data. But data minimization is not just about collecting less; it's about storing, processing, sharing, and using less personal information wherever possible in the data and model development lifecycles. Collect + anonymize is an important data minimization pattern that balances the need for transparency and auditability with the need to use only the minimum amount of personal data -- in the case of anonymized data, no personal data -- required to achieve the intended outcome.

2 Reactions

Heidi Saas

Data Privacy and Technology Attorney | Licensed in CT, MD, & NY | Ethical AI Consultant | Change Agent | ⚡️ Disruptor ⚖️

I agree on the necessary collection of data to achieve fairness, but we cannot trust them to do that just yet. I can also see shady lawyers using the overcollection of data as a defense to claims they failed to minimize data collection. 💀 Frat boys and free beer is what I think of when i hear "data minimization" promises from businesses. Only take what you need, ok!?!? https://smallworldadventures.com/wp-content/uploads/2010/04/keg-stand.jpg

2 Reactions

Jesse Tayler

Team Builder, Startup Cofounder and App Store Inventor

one thing we can do right now is respectfully separate the identity portion of the accounts we use in a ZKP connection so the service has no liability and we do not suffer loss of privacy. https://www.linkedin.com/pulse/unlocking-privacy-double-blind-zero-knowledge-proofs-identity-8brie

1 Reaction

Jenny Lynn Sheridan, CIPP-EU, CIPP-US

My favorite assessment question for infosec is the one about data minimization. The response is (mostly) crickets. Lots of work to do!

2 Reactions

Jonathan Barry-Blocker

Attorney | Community Advocate | Public Speaker

If testing/auditing data is critical, then compensate ppl for use of their data. Companies don’t have to guess about biased outcomes or feign ethical conundrums about data exploitation. Get consent and compensate.

See more comments

To view or add a comment, sign in

More Relevant Posts

Alysa Hutnik
11h
Report this post
*Very* detailed discussion on #APRA (and Section 230) in this podcast out this morning with Rep. McMorris Rodgers. Hard to know what will happen with APRA in this Congress but some of the themes she covers — strict data minimization, consent for targeting ads, broad definitions of sensitive personal information — may well have staying power. #privacylaws Kelley Drye Advertising Law https://lnkd.in/ee5Q78KG

‎The Chuck ToddCast: Rep. Cathy McMorris Rodgers targets Big Tech for her closing act in Congress on Apple Podcasts

podcasts.apple.com
Like Comment
To view or add a comment, sign in
Alysa Hutnik
13h
Report this post
According to local news coverage, #Vermont Governor Phil Scott, a Republican, mulling whether to veto the state’s #privacylegislation, concerned about the #PRA being used to file frivolous lawsuits. #privacylaws https://lnkd.in/eCTMtDqP
Alysa Hutnik
2d

#Vermont #Privacylaw awaits the governor’s signature (and lots of us frequently refreshing the legislature’s page for the final published language set to be released sometime today). In the interim, Joe Duball spoke with some of the key legislators and provides helpful insights on some of the unique implications of this bill including: Scope of the #PRA as to large data holders (does this end up being most enterprises?) and data brokers including for selling or even processing sensitive PI. Consumer health data and political affiliation are sensitive PI and subject to the PRA #dataminimization requirements Special treatment for pseudonymous PI There’s also emphasis on holding processors responsible when their processing looks like controller activities and diligence/accountability expectations (as we’ve seen more of in the state laws) And of course more controls on data brokers, kids/teen data. Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/e53A6PmF
Like Comment
To view or add a comment, sign in
Alysa Hutnik
1d
Report this post
Jonathan Joseph so controversial at the end⚡️ Can we go back to my happy place of #healthprivacylaw and #adtech?!?

Ketch

5,301 followers
1w

There's no better way to end the week than with a #PrivacyHuddle! Tune in as Alysa Hutnik and Jonathan Joseph dive into all that's happening in privacy now, including: 🔘 The Washington AG’s FAQs on MyHealth, My Data 🔘 What's happening with Publishers and Privacy And you'll wanna stick around until the end to hear Alysa's take on the Drake and Kendrick Lamar beef 🥊 #DataPrivacy #HealthTech Kelley Drye & Warren LLP Kelley Drye Advertising Law

1 Comment
Like Comment
To view or add a comment, sign in
Alysa Hutnik
1d
Report this post
#darkpatterns in the news. Arizona Attorney General's Office sues #Amazon for its subscription cancellation process and bias allegations over its algorithmic practices. While this is largely a #consumerprotection focused suit over making it difficult to cancel #subscriptions, the claims regarding #darkpatterns are ones we are also seeing raised in privacy inquiries. Here, questions are raised as to: ➕How many clicks to make the business friendly choice versus the choice less advantageous to the business (whether cancellation, restricting data use, etc.). Put another way, parity concerns in the time it takes to sign up compared to the time and effort it takes to cancel. ➕What types of nudges and how many to prompt and influence decision making. There is a real continuum on such claims. All marketing is designed to be persuasive. So far, it seems the problematic nudges veer more into false urgency or scare tactics. ➕Critical assessment of the language used and overall presentation in the user interface that inform the consumer’s decisionmaking. Harkens back to 🍞&🧈#adlaw topics like the 4️⃣Ps — #prominence, #presentation, #placement, and #proximity. (Refresher on those concepts can be found in the always helpful Lesley Fair posting about Operation Full Disclosure at https://lnkd.in/eBwt6ty8) Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/eH92R-Z2

Attorney General Mayes Sues Amazon for Unfair and Deceptive Practices

azag.gov
Like Comment
To view or add a comment, sign in
Alysa Hutnik
2d
Report this post
From #Vermont state representative Monique Priestley on the #PRA👇🏻
Monique Priestley

Techie | Gamer | Connector | Convener | Nonprofit Founder & Leader | VT State Representative
3d Edited

As H.121 is being considered for signature, I think it's worth sharing the most powerful House Floor speech I've heard in my first term. The entire room stood still. House Commerce & Economic Development Chair, Michael Marcotte (R) is one of the most impressive leaders I've ever had the privilege of learning from. "I think we all need to realize what Private Right Action is and what it does... I think that the balance that we have struck in this amendment, by limiting the PRA to data brokers and large businesses that have over 100,000 Vermont consumers - try to imagine how many of our businesses have [that]... To me, that sounds like Big Business - Big Tech - hiding behind organizations that they fund, bringing that fear to states that want to protect their consumers... At a fundamental level, for us to limit the ability to use the courts for what our Constitution made our courts for, runs counter to what we ought to be standing for. And again, that's not a partisan position, that's what our Constitution says our courts are for... If we vote against this bill because there's a private right of action in this amendment, then we're telling our constituents that we're extinguishing your right to seek redress over grievances you might have with a business over your data and how they deal with it... We're extinguishing that right! Or we can go home and tell our constituents that we're here and we're protecting you! Every one of you! We can go home and tell our constituents that we protected you if we pass this bill. That is what we can do." Watch his full House Floor speech: https://bit.ly/121PRA (Minute 44:15 of May 9, 2024 3:15pm House Chamber Feed) #dataprivacy #consumerprotection #techpolicy FYI Phil Scott Kendal Smith Lydia Slauson Fauna Hurley Jason Gibbs
Like Comment
To view or add a comment, sign in
Alysa Hutnik
2d
Report this post
#Vermont #Privacylaw awaits the governor’s signature (and lots of us frequently refreshing the legislature’s page for the final published language set to be released sometime today). In the interim, Joe Duball spoke with some of the key legislators and provides helpful insights on some of the unique implications of this bill including: Scope of the #PRA as to large data holders (does this end up being most enterprises?) and data brokers including for selling or even processing sensitive PI. Consumer health data and political affiliation are sensitive PI and subject to the PRA #dataminimization requirements Special treatment for pseudonymous PI There’s also emphasis on holding processors responsible when their processing looks like controller activities and diligence/accountability expectations (as we’ve seen more of in the state laws) And of course more controls on data brokers, kids/teen data. Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/e53A6PmF
4 Comments
Like Comment
To view or add a comment, sign in
Alysa Hutnik
6d Edited
Report this post
This is a #privacy #bigdeal.👇🏻Do companies start #optingout of certain states due to #PRA risk? Not a viable strategy for long term as data practices continue to become more heavily regulated x ♾️ in more and more states/national level. #privacylaws #moreprivacylaws More press from CR on this here touting the pro consumer features of the law: https://lnkd.in/euCgq_2K.

Joe Duball

News Editor at IAPP - International Association of Privacy Professionals
6d

BIG BREAKING: It happened. The elusive ripple of a private right of action has now become a reality in the U.S. state privacy law patchwork courtesy of Vermont. The Vermont General Assembly went down to the wire May 10 to grant final passage to House Bill 121, a comprehensive privacy law with a targeted right of action AND data minimization standards. The PRA is limited to data brokers and “large data holders,” which are companies carrying data on more than 100k Vermonters. May create less animosity around potential frivolous lawsuits. Minimization language requires companies to limit practices to what is “reasonably necessary and proportionate.” Those standards won’t cover sensitive data, which will still require user consent for processing. The bill also contains stiff health data standards, data broker registry and “credentialing,” children’s privacy provisions and much more. This is a big deal. Blue states still left on the board (and maybe those able to amend existing law) can turn to this bill as an example of what’s possible and palatable. A shift is not assured, but the potential alone may change the patchwork outlook forever. Here’s the bill page:

H.121

legislature.vermont.gov

2 Comments
Like Comment
To view or add a comment, sign in
Alysa Hutnik
1w
Report this post
#StateAttorneysGeneral not rolling over on the issue of federal #privacylaw #preemption in #APRA bill. Joined by the attorneys general of Connecticut, Delaware, Hawaii, Illinois, Maine, Massachusetts, Maryland, Minnesota, Nevada, New York, Oregon, Pennsylvania, Vermont, and the District of Columbia, CAAG Rob Bonta urges Congress to amend APRA so it’s a floor, not a ceiling. Nobody likes a #patchwork approach, but also cognizant of federal laws that get long in the tooth when it comes to adapting to technology and new use cases. (ECPA as one example comes to mind….) Still, this friction point should be solvable. There’s just not that much time in this session to work through. Although I continue to hear from others who are more optimistic…. Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/ewQCy5ta

Attorney General Bonta to Congressional Leaders: Federal Data Privacy Law Should Set a Floor, Not a Ceiling

oag.ca.gov

1 Comment
Like Comment
To view or add a comment, sign in
Alysa Hutnik
1w
Report this post
#Personalization vs. #privacy 🤼 vs⚖️ It’s informative to see how #marketers / #martech (not lawyers) are more frequently addressing privacy changes in business communications and developments. For example, below is my redux from this recent #martech article: 🔮Privacy is the future; marketers need to embrace it to win. 🥠Get over cookies and lean into #AI and #CDPs to adapt. [me: CDPs are new??] 🧸Modernized #dataenrichment options support #personalization without compromising #privacy or #consumertrust. 💪#Brands are stronger when they put #transparency into practice not just words. 😊Customers welcome positive privacy experiences and that pays a dividend with #customerloyalty. But maybe my newsfeed is way too personalized🤣 Jon Suarez-Davis (jsd) Jonathan Joseph are you hearing this POV more now from marketers than you have in the past (as in the economic POV aligns)? I see personalization / 360 view on the consumer / fill in synonym on #firstpartydata packaged with privacy trends now seemingly in many more (sometimes surprising) corners. #privacylaws #adtech #martech #listening Kelley Drye Advertising Law Kelley Drye & Warren LLP https://lnkd.in/dK_iWAcY

Navigating personalization vs. privacy: 3 tips for delivering win-win customer experiences | MarTech

martech.org

3 Comments
Like Comment
To view or add a comment, sign in

3,480 followers

669 Posts

View Profile Follow

Alysa Hutnik’s Post

More Relevant Posts

Explore topics