As part of the IAPP's Global Privacy Summit, Goodwin facilitated a webinar on Thursday April 15.
In 2019, the New York Times took a trip down memory lane to the 20th century by advocating for simplicity in privacy notices. Many privacy professionals rightly concluded that the paper doesn’t understand privacy notices. The paper’s thesis was based on a false premise that the ways in which companies process personal data are simple enough to reduce to brief, straightforward statements that the average consumer can understand. In reality, the ways in which personal data is processed are so advanced that they are difficult to understand even for privacy professionals. The FTC, when conducting privacy-related investigations, isn’t satisfied by reading the privacy notice. Instead, the Commission routinely asks for in-depth presentations and opportunity for follow-up questions. But data processing is increasingly complex, as any science, and privacy notices are no longer designed for consumers. In fact, consumers don’t read them — but regulators, consumer advocacy groups, investors, the media and plaintiffs’ lawyers do. The modern privacy notice seeks to satisfy that audience by articulating the company’s business strategy and privacy philosophy, establishing data rights, including myriad disclosures required by an ocean of privacy laws, and protecting the company from enforcement. The complexity that these considerations mandate is here to stay. In this panel, we cast aside the simplicity for the sake of simplicity, and talk about real challenges that companies face in designing their privacy notices and how they meet those challenges.
David S. Kantrowitz
Matan Balas, Balas Law
Ashley Yesayan, CEO and Founder, OneVillage