#RSAC: The Growing Relevance and Challenges of Privacy

Written by

The privacy challenges brought about by surging data creation and collection were the subject of a keynote discussion among chief privacy officers from LinkedIn, Apple and Google during a keynote session on day two of the RSA Conference 2022.

Moderating the session, Dominique Shelton Leipzig, partner at law firm Mayer Brown, observed that privacy has “gone from a legal issue to a business issue” and is regularly covered in the mainstream media.

Each panelist explained that privacy was a central component for each of their organizations, in which data plays such a critical role in the business models. Encouragingly, this is now starting to take hold more generally. Kalinda Reina, chief privacy officer at LinkedIn, noted that it is an area that companies are “finally beginning to integrate into the way they do business,” making it easier for privacy professionals “to get some of the things that we had been trying for years to move forward with.”

Describing the development of privacy professionals, Google’s chief privacy officer, Keith Enright, outlined: “Watching the growth and maturity of the profession extend over time has been incredible.”

Shelton Leipzig asked the panelists for their thoughts on the trend of anti-trust and consumer protection rules being incorporated into privacy; this is highlighted by the proposed Digital Markets Act in the EU.

Enright expressed “grave concerns” over anti-trust bills currently going through the US Congress. In particular, the push to require open-sharing for phones and other digital devices, which is likely to “introduce new privacy and security risks.”

He added that the proposals could restrict the ability of companies like Google to act upon information to prevent cyber-attacks and exploits, as it could open them up to legal claims by third parties. Therefore, “we need to preserve flexibility to protect our users, leveraging observed intelligence efficiently and effectively as we can.”

Jan Horvath, chief privacy officer at Apple, agreed that the open-sharing proposal could have significant privacy and security implications. For example, she said Apple’s app store “has really good privacy protections,” with developers having to agree to certain rules. The new rules would prevent Apple from “holding developers to that level of privacy.”

The panel also discussed the challenges posed by the sheer volume of data being created. Shelton-Leipzig pointed out that 2.5 Quintilian bytes of data per day are created, with 127 new connected devices being created per second, and pondered how this scale impacts the work of companies like LinkedIn, Apple and Google.

Google’s Enright challenged the notion that processing data at that scale is a bad thing. “If we are making people’s lives better, if we are delivering value to our users and customers around the world, and we are doing this responsibly, we need to challenge this assumption that processing data is intrinsically negative.”

LinkedIn’s Reina noted, “that our world has completely shifted in the past 20 years in terms of the amount of data that is being collected and created all the time.” This has changed the privacy profession as it has brought about the need “to think about the governance of data in organizations,” including how it is tracked, policies are put in it and deleted automatically.

The role of engineers in actualizing the governance of privacy policies and procedures was also addressed in the session. Apple’s Horvath said that deep technical knowledge is critical to privacy, such as understanding databases. “The best friends a privacy person has in a company are security and privacy engineers,” she stated.

Enright concurred, commenting that “the privacy engineering function at Google is perhaps the most fundamental when I think about our product strategy. The way things are evolving is about more than meeting the requirements of changing laws.”

The panelists all agreed that privacy is a crucial component of organizations’ environmental, social and governance (ESG). Reina said this was a gradual progression, “but now we’re beginning to see the public show an interest as well,” meaning they are increasingly judging companies on this issue.

What’s hot on Infosecurity Magazine?