Key Takeaways from the Inaugural Privacy Summit 2023
By Hina Moheyuddin and James Burrell
The inaugural Privacy Summit, hosted by California Lawyers Association’s Privacy Law Section, brought together some of the most prominent legal minds in the field to discuss the latest developments in privacy law. Held over two full days in Los Angeles on February 9 and 10, the conference was packed with informative panels and sessions where attendees were treated to a wealth of information and insights into the most pressing privacy law topics and concerns of the day.
The latest developments with the California Consumer Privacy Act (CCPA) and the near-final new regulations promulgated by the California Privacy Protection Agency (CPPA) were threads interlaced throughout the entire conference, but the conference covered a wide range of topics, ranging from developments in artificial intelligence to the latest in employee privacy law.
II. PRIVACY TRENDS, INCLUDING CCPA ENFORCEMENT UPDATE
The schedule for the conference was packed with informative and engaging sessions. The first day kicked off with one of the event’s highlights: the opportunity to hear from both sides on the recent settlement between Sephora and the California Attorney General’s office. Stacey Schesser, representing the California Attorney General’s office, spoke about CCPA enforcement actions to date, providing attendees with valuable insights into how the CCPA is being enforced and underscoring the importance of implementing Global Privacy Control (GPC). Critically, the Attorney General’s office is prepared to fully enforce the amended CCPA starting July 1, 2023.
Attendees were then treated to a series of panels focusing on the latest developments and trends across the privacy law spectrum. A panel on privacy law in the courts provided updates on class action developments from both sides of the aisle, highlighting recent litigation and its impact on privacy law. Another panel offered different perspectives on the best practices for building a multi-jurisdictional compliance program and strategies to keep pace with rapidly changing privacy laws and regulations throughout the world.
Not all of the attendees were lawyers, and some panels featured industry experts who described the development of technologies such as AI and advertising technologies along with the technological and regulatory challenges faced by stakeholders involved.
III. INSIGHTS FROM CA AND UK PRIVACY OFFICIALS
On the second day, Ashkan Soltani, the executive director of the CPPA, discussed his vision for the CPPA and described the process of creating the new agency from scratch. Playing his cards close to the vest, he discussed the expected growth of the CPPA and suggested ways the privacy law community could bond together through shared experiences and ideas.
Michael Murray, Head of Regulatory Strategy at the UK Information Commissioner’s Office, also discussed his experience with the UK’s Age Appropriate Design Code and revealed his cooperation with key figures in California, sharing his earned expertise. This session provided valuable insights into how this new regulation is likely to impact the industry and what steps companies can take to comply with its requirements. It also gave valuable insight into the goals and thought process of a regulator and how organizations must create a culture of compliance in order to successfully meet all regulatory obligations.
IV. PANELS DELVE INTO AI, EMPLOYEE, AND HEALTH PRIVACY
The panels on the second day split into two tracks, which offered attendees the opportunity to tailor their experience to their individual interests. Track 1 focused on the hottest issues in privacy, while Track 2 focused on issues in the entertainment industry. Attendees were free to choose which sessions they wanted to attend and could switch between tracks as desired.
Track 1 sessions covered a range of topics, including health privacy, the battle of AI privacy, employee privacy, and the state of cross-border data transfers in 2023 and beyond. Attendees were treated to insightful and engaging panel discussions, which provided valuable insights into these pressing issues.
The first panel, titled "Health Privacy: Pixels, Apps and Emerging Issues," discussed the challenges and opportunities posed by technology in the healthcare industry. The discussion covered a range of topics, including how health apps collect and use data, the importance of protecting sensitive health information, and the challenges of complying with regulations like HIPAA and the CCPA.
The second panel, "Battle of AI Privacy: EU vs. US," brought together experts from both sides of the Atlantic to discuss the different approaches taken by regulators in Europe and the United States. The discussion focused on issues such as the use of personal data in AI models, the role of privacy in innovation, and the importance of transparency and accountability.
The third panel, "Employee Privacy Fireside Chat," featured an in-depth discussion about the unique challenges posed by employee privacy. The discussion focused on the impact of the updated CCPA on employee privacy but also covered topics such as the legal and ethical considerations of monitoring employee communications and behavior, the role of consent in employee privacy, and the importance of clear policies and procedures.
The final track 1 panel, "The State of Cross Border Data Transfers in 2023 (and Beyond?)," focused on the complexities of cross-border data transfers and the challenges of complying with regulations like the GDPR and the CCPA. The discussion covered topics such as the adequacy of current data transfer mechanisms, the impact of recent court decisions on cross-border data transfers, and the future of data localization laws.
V. PANELS FOCUS ON ENTERTAINMENT INDUSTRY ISSUES
Track 2 sessions focused on issues in the entertainment industry, including managing cybersecurity and ransomware threats, children's privacy, and the risks associated with the metaverse. These sessions provided attendees with a unique perspective on the privacy concerns facing the entertainment industry.
The first panel, "Managing Cybersecurity and Ransomware Threats: Be Prepared!", discussed the increasing frequency of cyberattacks, the different types of ransomware, and how companies can best prepare for and respond to these threats. Panelists emphasized the importance of having a cybersecurity plan in place and regularly testing it. The panelists also discussed the role of insurance in mitigating the financial impact of a cyberattack. Overall, the panel provided valuable insights into the importance of being proactive in cybersecurity measures.
The second panel was "Children, Kids, Minors, Young Adults…What are they called and why their privacy matters!" It focused on the unique privacy concerns related to children and young adults. The discussion covered topics such as data collection from children, parental consent requirements, and the impact of new technology on children’s privacy. The panelists also discussed the challenges of enforcing privacy laws related to children and the potential for regulatory changes in the future. Overall, the panel provided a thought-provoking discussion on an important and often-overlooked topic.
The third panel, "The Future is the Metaverse, but Privacy Risks are Now!", focused on the emerging technology of the Metaverse and the potential privacy risks it presents. The panelists discussed the challenges of privacy protection in a virtual world and the importance of proactive measures to mitigate risks. They also discussed potential regulatory changes and the importance of collaboration between tech companies and regulators.
The final Track 2 panel was a meet-and-greet with Michael Murray. The discussion covered a range of topics, including the differences between UK and US privacy regulations, the role of international collaboration in privacy regulation, and emerging privacy issues. It provided valuable insights from a regulatory perspective and an opportunity for attendees to engage with an industry leader.
Overall, the Track 2 panels provided valuable insights into privacy concerns related to the entertainment industry. The panels covered a range of topics, from cybersecurity threats to emerging technologies, and provided actionable advice for companies looking to improve their privacy practices. to network and learn from industry leaders.
Overall, the panels offered attendees a diverse range of perspectives and insights on some of the most pressing privacy issues of the day. From the challenges of complying with complex regulations to the opportunities and risks posed by emerging technologies, the discussions were engaging, informative, and thought-provoking. The panelists were engaging and knowledgeable, and the sessions provided a great opportunity for attendees to hear from experts in their fields who brought a wealth of experience and knowledge to the table.
VI. JOINT SESSION ON DATA ETHICS
The conference concluded with a joint session on data ethics, which provided attendees with important insights into the ethical considerations surrounding the collection, use, and sharing of data. The panelists highlighted the importance of ethical decision-making in the context of AI and emphasized the role of lawyers and privacy professionals in promoting ethical practices in the industry. This session offered a thought-provoking and engaging discussion that left attendees with much to consider.
Overall, the Privacy Summit 2023 legal conference was an enormous success. The conference provided attendees with a valuable opportunity to learn about and discuss the latest developments in privacy, network with peers, and engage with experts in a range of related topics. The variety of tracks and sessions on offer provided a comprehensive view of the latest research and best practices, ensuring that attendees were exposed to a broad range of perspectives and insights.
The quality of the panels and discussions was uniformly high, with panelists demonstrating deep expertise and a clear passion for their subject matter. Additionally, the conference was well-organized and efficiently run, and attendees left the conference feeling energized and excited about the future of data privacy law and eager to implement and incorporate the new knowledge they had gained.
Hina Moheyuddin is a contributing member of California Lawyers Association’s Privacy Law Section Publications Committee and currently serves as the committee’s Vice Chair. She is a privacy associate at Aleada Consulting, where she advises clients on privacy and data protection issues.
James Burrell is an associate at Rutan & Tucker, providing expert legal analysis and guidance to clients on a wide range of privacy, cybersecurity, data breach, and technology-related matters.