Privacy In Action: Debbie Reynolds, Global Data Privacy Expert
Privacy in Action is a series of interviews with privacy-minded Startpage users from diverse backgrounds. The goal of the series is to explore different perspectives on privacy, how privacy takes action in their lives, and provide recommendations for people with similar backgrounds.
Debbie Reynolds, “The Data Diva,” is a world-renowned technologist, thought-leader, and advisor to multinational corporations for handling global data privacy, cyber data breach response, and complex cross-functional data-driven projects. Ms. Reynolds is an internationally published author, highly sought speaker, and top media presence about global data privacy, data protection, and legal technology issues. She has also been an adjunct professor at Georgetown University and Cleveland Marshall College of Law.
Interview with Debbie Reynolds:
Startpage: Fill in the blank: Privacy is _____.
Debbie: Privacy should be a fundamental human right all over the world.
Startpage: One a scale of 1 to 10, how private are you? How private do you think the general public is?
Debbie: On a scale of 1 to 10, I am about an eight on privacy. I am the founder and CEO of a data privacy advisory company, so I must have a professional presence on the internet, and I am active on LinkedIn, but otherwise, in my personal life, I am very private.
Startpage: Why are data privacy and private search important to you? In your line of work? In your personal life?
Debbie: We should be able to live our lives without having every search we do, every book we buy, or every step we take be cataloged, or sold without our permission or knowledge. In business, I am a huge fan of data minimization. I highly recommend this as a first step for companies serious about implementing a responsible data privacy program to collect only the data they need. In my personal life, I am very selective about the services I use on the internet, and I even read the long privacy policies. I want to be informed about my data. However, companies need to be more transparent with individuals, and individuals must become more informed about what they agree to when they sign up for services on the internet or do searches using search engines.
Startpage: What measures do you take to protect your personal data online and offline?
Debbie: Some measures I take to protect my privacy online include using a separate email address to sign up for newsletters are coupons in stores, so this information is never comingled with my personal accounts. I also use privacy browsers and search engines exclusively for certain types of work and personal searches. Offline, I try to keep things simple by not divulging my personal information in public places, and generally, I have a “need to know’ stance about the information I share while in public.
Startpage: How do you envision data privacy in the future? 1 year, 10 years, lifetime?
Debbie: In the next year for data privacy, unfortunately, I envision more harm to individuals due to companies gathering too much information that is later misused, abused, or leaked. The Covid-19 pandemic has created the type of panic and fear that hackers love, so these breaches will continue to rise, for a time. I hope in the next year, we will have more serious movement toward developing U.S. federal data privacy legislation. I hope within the next ten years, we will have made privacy the norm, not the exception to the rule, and the best practices we dream up today will be the reality, as long as we keep a better pace with emerging technologies that use our data. In our lifetime, if we do things right now to draw a line in the sand about what is private and what is not private, generations to come will have better transparency and control of their data.
Startpage: For companies new to privacy, what would you recommend as the first steps to protecting their data?
Debbie: Companies new to privacy and want to know their next steps should discover what data they have about individuals, then get rid of data they do not need. Some companies horde data, which can be a high-risk act that costs them in terms of upkeep, and privacy fines if the data is misused or eventually breached.
Startpage: What are the most common privacy questions individuals ask you? Companies?
Debbie: The most common questions I get from individuals relate to what apps are listening to their conversations on their phones. When I speak at an event and mention how Google, for example, listens for you to ask questions on mobile devices, I have a line of people with phones in hand asking questions!
The most common questions I get from businesses related to the highest risks to data privacy violations they need to address right now. There are many layers to a data privacy program, but the hottest issues get most of the attention. Developing a comprehensive plan is best, so companies do not fail to address only the highest risk items at the moment. For example, legacy data is on the low-risk list for many companies, but if they have a data breach, suddenly the legacy data graduates to high risk because companies may not know the data or risks that legacy information can present.
Startpage: What advice would you give to companies and employees interested in increasing their privacy protection efforts? What privacy trends are you seeing companies adopt?
Debbie: The trends I see in companies are a focus on things like policies and procedures and not enough action on changing how companies operate day to day. Most data privacy fines, to date, have been because of operations of the company, not the words or promises made by companies. For trends, I am thrilled to see companies embracing data minimization and privacy by design. These elements will help companies now and in the future, better comply with data privacy laws.
Startpage: Do you see a difference in how the U.S., EU, Asia, and the rest of the world when it comes to data privacy protection?
Debbie: The differences I see in data between the U.S., EU, Asia, and the rest of the world is a spectrum about who benefits from data privacy laws. The most beneficial data privacy laws to individuals are in locations where privacy is considered a fundamental human right, which includes the E.U., EEA, UK, Canada. The most beneficial laws to consumers are where privacy is regarded as a consumer right (not a human right), which includes most U.S., South Korea, etc. The most beneficial laws to governments are in locations where privacy is considered a government right (not a human right), which includes countries like China, Russia, North Korea, etc. Many other countries can be a combination of some or all three of these different ways to look at privacy rights. With countries taking the lead from the GDPR in Europe, I hope to see countries that have yet to enact data privacy regulations, look at them as a fundamental human right.
Startpage: If implemented, how will biometrics and facial recognition affect privacy rights?
Debbie: Due to the lack of transparency in Facial Recognition systems, the harm to individuals will be enormous. If one person is harmed because of false Facial recognition data, this is one person too many. Facial Recognition is ten times less accurate on people of color than on people with lighter skin. Using facial recognition technology as the “decider” in high stakes situations like its use by law enforcement is detrimental to people of color. Also, these systems are being sold and implemented before any substantial privacy regulation has been enacted about its use.
The most robust law about Facial Recognition is the Biometric Information Privacy Act (BIPA) law in Illinois. Laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) also have references to biometric data as a human right to data privacy. However, most laws see privacy as a consumer right, not as a fundamental human right. All humans, not just consumers, should have the right to know how their images are being used and by whom.
Startpage: What are your favorite privacy tools?
- Search Engine: I love Startpage. I also like DuckDuckGo as an alternative.
- Browser: I love Brave for Privacy Browsing.
- Email: This is tough. Does anyone love email? I use both Office 365 and Gmail the most.
- Messaging: For business use, I like Slack for messaging. For personal use, I like the native apple messenger.
- VPN: VPNs can be tricky. I like Proton VPN for privacy lovers.
We’d like to thank Debbie for taking the time to answer these questions. If you are interested in participating in the Privacy in Action or would like to nominate someone to be interviewed by us, reach out to us at email@example.com.
The views expressed in this Q&A are those of the interviewee and do not necessarily reflect those of Startpage.