RAW privacy and GrumpyGDPR with Rie Aleksandra Walle

Please note this is largely an automated transcript. For accuracy, listen to the audio.

S05E04 - Privacy News (with Rie)

[00:00:00] Paul Breitbarth: This week we go back to the Nordics to talk with Valla, Our podcast colleague from Grumpy, GDPR. But this will not be some meta podcast about podcasting, pun intended. Instead, we talk about staying up to date with the flood of privacy, data protection, cybersecurity, and AI news that comes at us every day.

What resources are available? How do you remember where you found something? What are our own methods to stay up to date and how to prioritize reading everything. Lots of questions and who better to talk to than the founder of no ties consulting and the DPO hub, a community for DPOs to indeed, you guessed it, help them stay up to date.

My name is Paul Breitbart.

[00:00:51] K Royal: And I'm K Royal, and welcome to Serious Privacy. So Rie, we are absolutely thrilled to have someone grumpier than me on the call. 

[00:01:00] Rie Walle: Finally! Since when were you grumpy, K?

[00:01:03] K Royal: I was going to say, really, if we had to pick who was grumpy. but, okay, first, the unexpected question. And we're actually recording on Valentine's Day. So, I think this is a perfect, unexpected question. What is the last thing you fell in love with?

[00:01:20] Rie Walle: Is it totally geeky to say the GDPR?

[00:01:24] K Royal: Yes.

[00:01:26] Paul Breitbarth: But we'll accept that as an answer.

[00:01:28] K Royal: We'll take it. 

[00:01:30] Rie Walle: it's super geeky. I know, I know I shouldn't GDPR everything now, but I have to say that it was such a surprising passion of mine. So yeah, I'll actually stick to that answer.

[00:01:42] K Royal: I like it. Paul.

[00:01:44] Paul Breitbarth: I guess the new tile in my bathroom.

[00:01:48] K Royal: Ooh, did you find new tile?

[00:01:50] Paul Breitbarth: I found new tiles and have them installed and they look as amazing as I hoped it would be. So, the cooking show Serious Privacy has now become a housing show Serious Privacy, as you may have noticed. 

[00:02:04] K Royal: but you're going to have to post a picture of the tile. I wonder if we have the same taste cause I've chosen some tile too, but no, the last thing I fell in love with, well, I guess the last thing is we just went shopping at a store here called at home and I actually wound up buying two peacocks.

Pieces of artwork. I guess they're both pictures. They're artwork that you hang. One of them is, has some glorious greens as the background. So hopefully it will go in my new office. And the other one is, heavily beaded and stitched all in a,  Moroccan kind of style out of silver. So, I'm falling in love with peacocks all over again.

[00:02:45] Rie Walle: Because you have like a big peacock at home.

[00:02:48] K Royal: Not a real one, but yes.

[00:02:50] Paul Breitbarth: But will there be real ones in your garden? You, maybe you should get a real 

[00:02:54] Rie Walle: one. Well, we go over to my,  my daughter's family's house and on the way, there are people who have peacocks in the yard. So, we pass wild peacocks, I guess they're not wild, they're domestic, but there's peacocks. They're probably interbreeding with turkeys, which I gather could happen cause they're both large birds and we're going to have peacock turkeys or something.

[00:03:16] K Royal: I'm saying all of this with air quotes because I have no clue.  but I'd love to have peacocks and my husband's going, no.no. no. 

[00:03:26] Rie Walle: Yeah, mine would as well. 

[00:03:28] K Royal: So, we are. So, okay, let's kick it off and where do we dive in first? 

[00:03:34] Paul Breitbarth: I'm very curious to hear how Rie ended up in, in privacy.

[00:03:39] K Royal: yeah, that's a great one. And I love the shirt that you're wearing raw. I'm thinking this is raw privacy. This is, this is how it all happens. Tell us.

[00:03:48] Rie Walle: Yeah, raw for Rie Aleksandra Valle. So when I saw that, shirt, I just had to get it. So, yeah, I kind of fell into privacy. So to speak, because, the reason why I said,  the last thing I fell in love with was the GDPR isn't, of course, it's not the GDPR per se, it is the bigger vision behind the GDPR, the ambition of the GDPR.

Nobody saying would ever fall in love with legal text, right? So, I kind of, I used to say that I kind of fell into privacy because I haven't been in privacy and data protection for very long. My first meeting and reading of the GDPR was in 2017.

[00:04:27] K Royal: Oh 

[00:04:28] Rie Walle: So, I am actually fairly new to the game.  but I'd say that a milestone was perhaps in 2012, that ironically, Facebook reminded me of just a few years ago, that I made this really angry update on Facebook about Google scanning all of the Gmail emails.

And I was furious because they used it for retargeting. And, you know, you could have awful examples like,   I want to, I need to, I have a burning itch of going back down below. In an email to your Australian friend. Can you imagine the ads they would create on the back of something like that?

[00:05:10] Paul Breitbarth: Yeah. 

[00:05:11] K Royal: I can. But, oh, that's interesting because I've been in privacy officially. My first title and when I joined the IAPP was back in 2008

[00:05:22] Rie Walle: Yeah. 

[00:05:23] K Royal: and I think one of the conferences I went to them now and I think if I recall correctly, IAPP had like maybe 3000 members back then. I tried to track down the membership data by year because they started, you know, publishing when they, when they got so big and all, but I think it was 2008.

They only had about 3000 members and I remember they put out their call for people to be on boards and I wrote Trevor Hughes directly cause you know, back then you did. And I was like, Hey, I'm new to IAPP. Am I allowed to apply for a board? And he said, absolutely. And that's how I got on my first board, my first year in IAPP.

so, I've been in it a while, but unofficially, I was in it quite a while before then without a job title or stuff, but just in things that I did. So, I love hearing from people who are so passionate about it, but they're relatively new and came into it through. 

[00:06:20] Rie Walle: But it's funny because the first, the first, time I, met with the GDPR was actually when I was working in the private public sector here in Norway. And I didn't realize that PowerPoint presentation with font size eight was actually about the GDPR until years later.

[00:06:41] Paul Breitbarth: That's a very bad presentation.

[00:06:45] Rie Walle: It was excruciatingly boring. And you know, that's one of the things that I really want to change with the GDPR in our space because it's so needed, but you know, okay, I've done so many different odd jobs. I've really been a jack of all trades. I've, one of my favorite jobs has, was being a janitor at the Norwegian Broadcasting Corporation.

And my favorite thing to do there was. sitting on top of those huge garden tractors, mowing the grass.

[00:07:13] K Royal: You know, we all joke that we, we do it all. If the napkins need to be folded and put on the table, by God, we fold the napkins and put them on the table. I'm going to now ask, if we need to mow the grass, we jump on a tractor.

[00:07:26] Rie Walle: yeah, that’s what we do. exactly. So I also been, five years in,  EY when it was called Ernst Young, big four, three years of them in the Middle East,  building a department for business development, working with strategic pursuits in that region, but worked. Primarily in the Nordics and abroad, so to speak, for, I don't know, since 2008,

[00:07:54] K Royal: Is Ernst Young officially not Ernst Young anymore? Now it's officially EY?

[00:07:58] Rie Walle: Yeah, it's been officially EY for years. 

[00:08:01] K Royal: Am I old school? 

[00:08:03] Rie Walle: You know, I still say Ernst Young too, because not that many people are familiar with the EY still, I'd argue, even though it's been the official one for years.

[00:08:15] K Royal: Oh, really? 

[00:08:16] Paul Breitbarth: The same with PricewaterhouseCoopers. That's also not gonna change 

[00:08:19] K Royal: PwC. Yeah, I guess that is true. But it is interesting then, because then that tells me that you may be new to privacy, but you're not new to controls and assessments and evaluating corporate activities.

[00:08:35] Rie Walle: Yeah, for sure. And just project management's been what I've done the most throughout my career. And that is, I used to call it my superpower. And now my superpower is the GDPR. And if you combine them, oh my gosh, it's amazing.

Just working. I agree the number one person a privacy office needs other than the privacy person is a project manager. And if 

[00:08:59] K Royal: you can combine two and one, they're not paying you enough. I'm just saying.  Efficiency 

[00:09:03] Rie Walle: Yeah. And it’s, you know, that is the way to attack it sort of, because the GDPR obviously isn't a project, but you should be doing certain GDPR activities as a project, obviously,  annual audits and annual reviews and all of that good stuff. So that's what I've done most, I think, just diving into all the complexity and the, all the details, distilling everything, and then putting it back together more efficiently.

Yeah. That is, what I love to do. 

[00:09:38] Paul Breitbarth: So, So, is it very different looking at the GDPR from Norway, than it would be if you were located in the European Union?

[00:09:48] K Royal: Hmm.

[00:09:50] Paul Breitbarth: Does that make a difference?

[00:09:52] Rie Walle: Not in my experience. And it's an interesting question because most of my clients have been US based. Ah,

[00:10:00] K Royal: Okay. have

[00:10:01] Rie Walle: had actually the do they realize Norway is not part of the EU?

[00:10:06] K Royal: No.

[00:10:08] Rie Walle: So, I worked with the GDPR internationally almost from the get go. I wouldn't say all along, but, after, you know, the pandemic hit and wiped out my entire pipeline and planned Norway tour to help small business owners get a grasp of the GDPR. I had to rethink and then I 

[00:10:26] K Royal: Hmm. 

[00:10:27] Rie Walle: international, much earlier than planned.

[00:10:31] K Royal: And never looked back.

[00:10:32] Rie Walle: Never looked 

[00:10:33] K Royal: Never looked back. We say that like it was so long ago. Yeah. 

This, this will be like the great depression of our grandparents eras when they talk about people coming through the great depression or coming through the great wars, the, the pandemic is going to be the thing that defines this generation and the activities and behaviors that it changed because of it, because it did, let's be honest, it did. but when you think, there's so many questions I want to ask Rie, so, I think, Paul, unless you have something to start with, I want to, I want to ask you of all the activities that you've seen, which one do you think is really the hardest for companies to understand how to do Right.

[00:11:17] Rie Walle: the rope up a hundred percent article 30 all day long. I mean, we have been struggling with this for years and it's grown into this monstrosity, right? 

We have, we have, tried to like this still the entire GDPR into this one and I can't even call it a document. What is it? You have to, it's not linear. You have to attack it from at least three different perspectives to get everything covered.

Oh my gosh, you're, you're setting me on a path here, Kay, because I can, we should have an entire separate episode on Article 30.

 Somebody said 

it's just a document. And maybe that's what it should be now. You know, I am on new territory here in terms of my own thinking, but I might agree with that person who said that.

Maybe it should just be a document, like something you draw up when you need it, instead of trying to squeeze every little GDPR article into it. 

[00:12:19] K Royal: Oh, it's almost impossible. I've struggled with it with every company I've been at. So, this is nothing particular about any one company. So, these are companies I've consulted with as well. I so agree. I didn't know where you were going to go with the answer. It could have been consent. It could have been cookies.

There were a whole bunch of things that could be, but I agree. It's really hard to get a good grasp on the ROPA. And I know that when I was at TrustArc and we were designing the form, no one wanted to design it from the perspective of the processor. 

Because the processors don't have to document as much as the controllers do.

But I will say that being on the processor side, controllers want you to turn in a ROPA to them. That's essentially their documentation. For what a controller needs to know under article 30 as opposed to what a processor needs to turn in Under article 30.  so it's really interesting to that extent and then also The fact that you keep trying to tell them when they ask for what's your legal basis.

It's like regardless of which company. So, I'll just say, we're a processor. We don't determine the legal basis. You're the controller. You determine the legal basis. We don't, we can guess what we think you mean.  We can guess what you gonna rely on, especially if it's consent, if we're the ones collecting it for you.

But in essence, the processor doesn't control the legal basis of processing either. It's the controller. So, I agree. I think there's a lot more complexities around the ROPA to unpack than a lot of people really realize, and it's more than just a document map. 

[00:13:58] Rie Walle: Paul, what's your thought on that?

[00:14:00] Paul Breitbarth: Well,  it's a continuous struggle. even if you, if you use software, trying to get the information,  out of the organization is, is hard.   so I think for me, the easiest way out,   is to use contracts as the basis for the ROPA.  which means that it is more,   more product oriented and more tools oriented than it is actually oriented at the actual purpose of the processing, which to the letter of the law is not how it should be.

but I do believe that in the spirit of the law, it works because you do have control over what data you process, for which reason, who has access, what the legal basis is, et cetera. You can do your risk assessments on that basis. but just the hook is different. And,   also in, in my days at Nymity and TrustArc, this is something that I already advocated.

in, in theory, I love the idea of a good article 30 register.   the only thing is that you can only do it well, if you start building it from the moment you start the company. And the moment you start the company, you do not have the budget nor the resources to actually create a ROPA. 

so it is something that was designed for the for the ideal world that doesn't exist.

[00:15:21] Rie Walle: yeah

[00:15:22] K Royal: You make me think it's along the lines of a secret, Paul. It ceases being a secret as soon as you tell a second person. So the first person who starts the company can do the ROPA, but as soon as you get a second person in, then you've lost all control and you have no idea where your data's going.

[00:15:37] Paul Breitbarth: Yeah, to some extent, I guess that's true.   but before we turn this into an episode of ROPA. 

[00:15:43] K Royal: we're not, We're not, 

[00:15:46] Paul Breitbarth: at some point, later in Season 5. 

[00:15:48] K Royal: We're going to tease the senses with ROPAs to come. 

[00:15:51] Paul Breitbarth: exactly. let's, turn, to the news. Rie, I have to ask you what your top story for the past month was. My best guess is that it would be the EDPB's DPO study. 

[00:16:03] Rie Walle: No, you wouldn't guess really,

[00:16:07] Paul Breitbarth: then

[00:16:08] Rie Walle: oh my gosh, I'm not sure how many fans I have at the EDPB these days, but I have to, I have to start by saying that I am very well aware that there are so many incredibly talented people in the DBAs and in the EDPB. It's not that I'm having a go at any,  anybody or at,  at the EDPB in particular, but at the same time, I have to say, I'm, I'm really disappointed because I've never had reason to distrust the EDPB.

I don't think anybody else had any reason to distrust anything that they put out.  although we might disagree, which happened frequently with what they drew up in their guidelines and so forth. But when I. And I didn't intend to go into the,  DPO report at all at that granularity. It was like, you, you know, when you do a due diligence of a vendor and you see that first red flag, what do you do?

You dive deeper, right? Because that is a, a, a source of concern. So I started going after that red flag and I found another one, and another one, and another one, and it, it, as things are now I am. pretty shocked at the level of,

how should I phrase this diplomatically? 

[00:17:25] K Royal: Inanity 

[00:17:30] Rie Walle: Let's just say that I think we have to disregard the report. And I'm also now questioning the DPO's responses because I pulled out the DPO data specifically where only DPOs had responded, which,  was

six countries. And now I am getting a lot of feedback following,   a LinkedIn post I did the other day of DPOs admitting to not having responded truthfully.

In fear of being investigated by the DPA after since the survey came from the DPA, they would have access. They could identify which company you were responding on behalf of because of how the questions were phrased. So you know, it's not a DPO report episode either, but I just,  you know, I'm, I'm very grumpy, Paul, very, very grumpy. 

[00:18:22] K Royal: but didn't you expect this somewhat to come? Because when we were at the Nordic privacy arena. The topic was raised that these surveys were going out, to companies about DPOs and their duties. And it was raised, well, why are they going to the company? Why aren't they going to the DPO? and what level of honesty and forthrightness do you expect if you're tracking who is going to and what company they're with and everything?

So didn't you have some sort of niggling fear that it was going to come out to be like this, or were you hoping for the best regardless?

[00:18:55] Rie Walle: No, I was hopeful. I was hopeful that we would still be able to see some key trends and have some interesting feedback, but looking at the quality of the data now, like for example, the Dutch survey that had only 9 percent response rate, and there are other findings that are really concerning. So I don't know, maybe I have to do that,  huge DPO survey that I've dreamt of doing for the past years.

[00:19:22] Paul Breitbarth: an anonymous fashion.

[00:19:24] Rie Walle: Very anonymous. And I also, okay, I have to mention, I also thought that the EDPB used a professional firm to do this. And I don't think that they

[00:19:33] Paul Breitbarth: No. 

[00:19:33] Rie Walle: don't know, but it doesn't seem like it.

[00:19:36] K Royal: It doesn't seem like they did it to me. I'm, I'm the same way you are. If you look at it from a purely academic statistical analysis approach, it does not look. like they used an external firm to do it. If they did, it's, it's not someone that pulled together the statistics you would expect to see from that level of study.

But again, I think we should pull together a DPO report. And I mean, frankly, from my side, I'd love to pull in a CPO report.   to see what the crossover of roles are as well.   because I think that's very interesting across the globe, the DPO versus the CPO and who has what responsibilities and everything.

[00:20:16] Paul Breitbarth: So Gary Edwards, if you're listening, we have some ideas for you. Gary Edwards 

[00:20:21] K Royal: Oh yes, 

exactly, 

[00:20:23] Paul Breitbarth: with the survey.

[00:20:24] K Royal: exactly to pull those together. But no, I do think it would be a good endeavor to go through.  but I do think you would want the anonymity. But what would be really interesting is, in addition to anonymity, would you be able to get DPO at the same company and be able to correlate their responses together, even without knowing who the company or who the people are?

So that would be really good.   to be able to say associate with ID number blank blank blank or survey number blank blank blank because I think that would be the next level of information to get is to see when a company has both the DPO and a CPO, how did those duties overlap? Which one's responsible for doing what?

Do they report to who?   and things like that. I think there's a whole lot more to dig into for that. I think it's fascinating, but that's a great transition into your effort with the DPO Hub. So tell us how that came about because I'm fascinated. And yes, I'm a member, but yes.

[00:21:26] Rie Walle: well, that wasn't planned at all either, because when I started with the GDPR, I worked with small, tiny micro companies. You know, I often talk about the carpenter and people might not know this. I talk about The Carpenter on Grumpy GDPR, and that is actually based on one of my very first customers. I went out to their premises several times.

There was a five person company, family company, been around for years. just, you know, trying to run their,  carpentryish business. And I really witnessed firsthand how complex and how excruciating the requirements are for those kinds of,  of businesses. So that's. That's where my entire GDPR journey started.

And then I really wanted to create online courses to make privacy and data protection available for everybody. And guess what happened? I went full on, on online marketing. I tied together these different services with automation efficiencies and all that good stuff. 16th of July, 2020. So I had to pivot again because I had built everything on US based services.

So, from that again, I went back into consulting and speaking, doing more of that. And. I, I've been on LinkedIn since 2008. I love LinkedIn. I have used LinkedIn extensively for networking, just connecting people from different regions, countries, all over the place.  I love it. And that's the main intent with LinkedIn, right?

And so,   I started posting cases and updates from across the EU specifically. And more and more people like me were starting to comment. And in the beginning I was like, what is this? You're not my target audience. 

And who are, who are all these? People like DPOs and privacy officers and whatnot from all over the place.

And,  I guess the DPO hub kind of found me in a way I just created the service on back of, on the back of everything that was happening in the market and specifically what I was struggling with myself as an external DPO for several companies.

[00:23:48] Paul Breitbarth: So how do you keep track? Because you write a lot of analysis with highlights and scorings and lots of emoji to help clarify what,  what people need to pay attention to. is, what is your approach? What's your structure?

[00:24:02] Rie Walle: Well, my structure, it has definitely changed over the years. I am a huge spreadsheet fan. I put everything and the kitchen sink into a spreadsheet, and I absolutely love,  the graphs and the macros and all of that good stuff, 

And it kind of,   that was the first Excel or spreadsheet defeat I have ever experienced because my GDPR, no, my DPO hub that started as a spreadsheet, it was absolutely insane in the end.

It was so many columns and so many tags and so many rows, like hundreds and hundreds and hundreds of rows. So I had to,  admit defeat there. And,  then,  somebody tipped me. No, it was Miloš actually. He tipped me about this tool called Obsidian, which is,   based on Markdown. So it's a super light and it's a note taking app.

So I transferred my database to there because my issue has all along been, how can I get everything that's in my head? Because if people ask me about cases and connections and all of that, I can pull something out. Yeah, that happened in Spain, that happened in France. Oh, there's this Finnish decision or a Swedish court ruling, but I need somewhere more tangible, right?

So I started building everything in Obsidian and that's when I realized that I can actually get this. Published in a way so that others also can leverage it. But I'd say the first and foremost tool that I use is,   an RSS reader.

So it's basically an app where you subscribe to different websites and whenever they publish an update, for example, the EDPB or DPA, you get it immediately in that RSS feed as, sort of like a social medium. I'd say.

[00:25:56] K Royal: Old school  Jack. 

[00:25:59] Paul Breitbarth: It is old school tech. I also still use a lot of RSS feeds,   on a variety of topics, not just on, on privacy, also a lot on travel and some other stuff. 

[00:26:08] K Royal: Food networks. 

[00:26:10] Paul Breitbarth: that more and more websites stop offering RSS feeds. 

[00:26:16] Rie Walle: that is hugely frustrating. 

[00:26:17] Paul Breitbarth: is annoying. So stop doing that people. It doesn't cost a thing to have an RSS feed. So have it

[00:26:24] Rie Walle: It  should be in the GDPR, actually, mandatory for the supervisory authorities to have an RSS feed. All of them should have.

[00:26:31] Paul Breitbarth: Yes So that you can also spot if they try to sneak some update in Somewhere in the back of the newsroom because that also happens

[00:26:39] K Royal: Well, yeah, because not, not all reporters and I mean companies as well as individuals will actually notify you when they change a story because of an update. The more reputable ones will, but they don't all. so that's interesting. 

[00:26:55] Paul Breitbarth: when you read something in your RSS feed is do you also archive them to different folders? Or is that the moment that you move your start creating your notes and get them in?   in your note taking in your obsidian

[00:27:09] Rie Walle: Yeah. So it depends on the urgency, I'd say, but usually nowadays, when I do have the DPO hub and I'm accountable on a whole different level compared to before the DPO hub, then if there's something interesting, I have to drop everything in my hands and then just. create, write up that article in the DPO hub.

And also of course on LinkedIn, because I'm, I'm never going to stop doing my free updates on LinkedIn. It's just going to be slightly different formats and of course more substance in the DPO hub, but the RSS feed is. It's,  the most crucial to keep me up to date. Of course I have, I have other readers I use read wise as well.

I,  have Google alerts for some stuff and,  Twitter where it's not,  or sorry X where it's,  where they don't have,  RSS feeds on their websites. So I still have to combine several resources. So there's no one thing to solve them all. 

[00:28:10] Paul Breitbarth: and back in the day when X was still Twitter, it was actually a very useful platform for, for privacy professionals because there was a lot of content and also a lot of debate going on. some of the people I'm, I'm still in touch with and that have become friends in the privacy community in part that is due to,  discussions we've had,   on Twitter.

That you don't see that happening now anymore, and Mastodon is not as advanced yet as Twitter once was, so, 

[00:28:42] Rie Walle: Yeah. 

[00:28:42] Paul Breitbarth: is less,  so we need to rely on LinkedIn for most of that debate.

[00:28:48] Rie Walle: Yeah. And LinkedIn is great for its purpose. And of course I use LinkedIn lots as well. I think what's been frustrating on my part with LinkedIn is that, for example, I sit and read this post and all of the sudden the darn feed reloads and it's gone forever, you know, and you didn't manage to save it. You can't remember who wrote it, or maybe it was just an interesting comment on a post.

And even if you saved it, just finding it again is a nightmare. So it's,  and, and building relationships as well, of course, on LinkedIn,

 is really, really important. But that said, I am very, very conscious about credible sources. And this is something that I'm really, really emphasizing in the DPO hub as well.

You will always get the links to the official sources and I'm very, I always distinguish between what are the facts of the case and what is my opinion. So 

I actually call it the DS point of view,  which can be a pretty grumpy at times, but, I think there's a risk there as well for DPOs because we, we sit there and we scan the feed be of LinkedIn and you read something and you believe it.

So I also want to encourage people to be really conscious about what they read on LinkedIn and always, 

[00:30:07] K Royal: it. 

[00:30:07] Rie Walle: always go to the credible source and read the case for yourself before you rely on it in discussions internally, for example.

[00:30:15] K Royal: But I will say that LinkedIn is really good professionally to be able to know which issues my colleagues  are most absorbed with because there may be five or ten different stories that come out, but they're all talking about one, you know, and it, it quite often is one I go, h I don't like that, but okay, and I move on to the other eight, but now they're all talking about that first one or two.

So it's really good to know what's got most people concerned, but also gives you a flavor around the world. Did something that happened in the U. S. was that Truly globally important are people in Europe and Latin America and Asia talking about it if something happened You know in Brazil is someone in China concerned about that?

 So it also gives me a good flavor of who's uh concerned around it globally, but I picked up on One thing you said about the networking on LinkedIn and I have to throw a plug out that I will be in the UK, the week of February the 24th. So that's on a Saturday. So, the week ahead of that through March 2nd, there is an IAPP intensive in London, I believe on the 29th and 30th.

And so, I believe it's on Thursday. I plan to go hang out wherever the IAPP intensive is in London and just know, squat in the lobby or something with coffee and, and run into people that I only know from LinkedIn, and hopefully be able to meet them in person. But that also does bring me back to the news.

[00:31:43] Paul Breitbarth: and K will bring stickers. 

[00:31:45] K Royal: yes, I, oh, Ooh, yes, I will bring stickers. I know where they are. I have them to bring.   but to touch on news this week. So, any hot events happening around you, Rie, before we bring it to a close,

[00:32:01] Rie Walle: Hmm. 

[00:32:02] K Royal: I've got one that Taylor Swift really wants this college student who tracks her plane to stop tracking her plane. Now, Taylor Swift, you fan or foe? She is impactful on so many different levels, especially the deep fake videos that yes, we should have been paying attention to them legally before now, but now she's brought big attention to it.

And we've often said you're not going to see meaningful law to you. See it hit the politician somewhere where it hurts and someone like Taylor Swift is somewhere where it hurts Um, but she's also demanding this college kid stop tracking her plane, which I think is good But also in Utah, this was an interesting one that came up Paul I remember talking about Utah and their age verification for kids on social media and everything.

There's litigation around it a judge has blocked enforcement of the law. This is not in Utah. This is Ohio so a judge is blocking the, the Ohio law limiting the kids use of social media during litigation where there's a legal challenge on it. We didn't see that in Utah when we talked about it so much, but in Ohio, they are arguing about it.

so, I think that was interesting.  that came up and I know there's been some other things that came up. Anything notable on you, Paul?

[00:33:18] Paul Breitbarth: Well, yes, you already alleged to it at the start of the podcast, the Irish DPC has two new commissioners. because this week, Helen Dixon, ends her term. and the new chair of the Irish DPC will be Dr. Des Hogan, a former Assistant Chief State Solicitor in the Office of the Chief State Solicitor since 2015.so he has more of an enforcement background, and he is also a previous member of the Australian Human Rights and Equal Opportunity Commission. So that's an interesting background.  and also Dale Sunderland, who was already a deputy commissioner, has now been elevated to the commissioner level.

He's been around since 2016, is doing great work at the DPC. So, I think that's good news.

[00:34:06] K Royal: very nice. 

[00:34:08] Paul Breitbarth: But before we wrap up, I do have one final question to, to, to Rie.  because how do you deal with all the languages? I don't expect that you speak every single language from around the world. 

And somehow, I also don't think, Yeah, And I also don't think that you would be using Google tools for that. 

[00:34:25] Rie Walle: Well, I'm trying to learn both Spanish and German at the moment, but, I do, I do rely heavily on,  in browser translation. I use DeepL. I am forced still to use the free version because they still not offering the service. in Norway, which is such a shame. But then I also have to shout out to all of my amazing peers, because whenever I'm stuck on something, I have people in every single country that helped me with the translation.

So, I can reach out to anybody. And they are just amazing. And also, lots of the people that I've met.  through volunteering for nyob GDPR Hub as well. I've been volunteering there for over three and a half years and there are some awesome people that doing great work as well. 

[00:35:14] K Royal: Paula and I found out when assessing People's Republic of China's new law, when it came active, how very helpful it is to have colleagues who actually speak the language to be able to interpret the context behind the words, not the pure translation of the words. It was critical. 

[00:35:32] Paul Breitbarth: Absolutely. So Rie, thank you very much for joining us.  for those of you who want to join the DPO Hub, 

[00:35:41] K Royal: Please do. Where should they go? 

[00:35:42] Rie Walle: DPOHub.eu. 

[00:35:45] K Royal: There you go. Very good. You can register there. This is a paid service, but you get value for money. 

[00:35:51] Paul Breitbarth: so, take a look,  for questions. You can always reach out to Ria. And in any case, it's very valuable also to follow her free updates on LinkedIn, giving a lot of insights. 

And also join the debate below the post because that for me sometimes is even more valuable than the post itself 

[00:36:09] Rie Walle: Yeah, 

[00:36:09] K Royal: And I will say, please do also mention you heard it on Sirius Privacy. You will get absolutely no discount for it. 

[00:36:20] Rie Walle: Oh, 

[00:36:21] Paul Breitbarth: Yes, the promo code is serious Privacy and 

[00:36:25] Rie Walle: thank you so much for having me. 

[00:36:27] Paul Breitbarth: and on that note we'll wrap up this episode of serious privacy If you like the episodes join the conversation on here you go again LinkedIn. You'll find us as serious privacy Find k on social media as @heartofprivacy and myself as @EuroPaulB Until next week, goodbye.

[00:36:45] Rie Walle: Bye