But this shortsighted approach is counterproductive to scaling

Image for post
Image for post

We’ve seen the story before: social media app enjoys meteoric rise unfailingly followed by a slew of privacy and security failures. Clubhouse is no different: it rolled out its app to a global user base with little regard for privacy, if any. In a nutshell: Clubhouse collected people’s personal information even before they engaged with the app. It made doubtful claims that it anonymizes the personal information uploaded to its servers. It engaged in dark patterns to get users to give access to their contacts and their Twitter information. …


Image for post
Image for post

Clubhouse, the new audio-based social media app where users enter rooms to talk about anything they could possibly want, is gaining lots of attention. Part of its popularity comes from it being pegged as the next social media giant. Beyond the hype, its epic product privacy failures are what warrants scrutiny.

While social media platforms are notorious for their privacy failures, Clubhouse committed its own set at a time when consumer privacy sentiment is increasingly in favor of privacy. What’s more, big tech brands like Apple have been publicly championing privacy, recognizing that privacy has value beyond compliance. Research also…


Image for post
Image for post
Photo by Louis Velazquez on Unsplash.

Earlier this month, a bipartisan group of US Senate and House lawmakers introduced the Promoting Digital Privacy Technologies Act (S.224). Senators Cortez Masto and Fischer introduced the bill to the Senate, while Representatives Stevens and Gonzales introduced it to the House floor. It has been referred to the Senate Committee on Commerce, Science, and Transportation.

S.224 has serious implications on privacy innovation. As such, I’ve taken the time to review it, break it down, and provide recommendations on how to improve it.

What S.224 Says

S.224 is a bill about privacy enhancing technologies (PETs). …


As I teach my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester, certain privacy and technology terms and concepts come up. I previously wrote about the course here, here, and here.

One of my course goals is to introduce my students to common nomenclature intersecting privacy and technology, a step to bridging the legal-technical gap in this cross-functional space.

Thus, we’ve created this glossary, which we will be periodically updating throughout the semester.

Anonymization. Anonymization is the process of rendering data anonymous in such a way that the data subject is not or no…


Last week in my Privacy & Technology course at Santa Clara Law’s leading privacy program, we tackled privacy engineering. As some of you may know, I am teaching my experiential Privacy & Technology course this semester. I previously wrote about it here and here.

Given last week’s privacy engineering focus, who better to have as a guest lecturer than Michelle Finneran-Dennedy (Mdennedy), whose book, The Privacy Engineer’s Manifesto, is one of the texts we’re reading for class (along with Prof. Woodrow Hartzog’s Privacy’s Blueprint: The Battle to Control the Design of New Technologies). For folks who don’t know Michelle, she’s…


Image for post
Image for post

This year, I had a Data Privacy Day “first”: I celebrated it with a group of aspiring privacy practitioners in technology, my Privacy & Technology course students. As some of you may know, I am teaching my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester. I previously wrote about it here. We meet twice a week, and it turns out that our sixth class meeting fell on Data Privacy Day.

Quick background: Data Privacy Day commemorates Convention 108, which was signed on January 28, 1981 and is the first legally binding international treaty dealing…


A Santa Clara Law experiential privacy course that will prepare law students for privacy practice in tech

Image for post
Image for post

This week, I begin teaching (remotely given the pandemic) my Privacy & Technology course at Santa Clara Law’s leading privacy law program. This course has been eight months and hundreds of hours in the making, so I am very much excited and just ready to begin working with the students.

Course Objectives

My main objective in creating the course is to prepare students as privacy professionals in the tech sector. In addition, I want to introduce them to the nascent privacy tech landscape, which is near and dear to my heart. More practically, I want them to be able to identify and…


Image for post
Image for post

As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 7. Other episode notes are available in the Privacy & Technology publication.

Episode Description

I sat down with Carnegie Mellon University’s CyLab Security and Privacy Institute Director…


On PRAs, PIAs, DPIAs, TIAs, …

Image for post
Image for post

Privacy concerns have become increasingly top-of-mind for many stakeholders today. This is true not just for privacy advocates and privacy practitioners, but also for consumers, business customers, regulators, and the mainstream media.

As a long-time privacy practitioner, I can’t count the number of times I’ve heard a startup CEO, a product or business leader, an engineer, or an app developer admit, after suffering a privacy incident, that they simply failed to account for privacy in building their product, project, app, initiative, or system.

Privacy reviews solve for this lack of privacy foresight. They force…


by Emily Ashley & Lourdes M. Turrecha

Tomorrow, Apple releases one of its more controversial iOS14 features: privacy labels.

At a time when new technology tools seem to get creepier in their overcollection and misuse of user personal information, Apple’s privacy position is striking.

For years, Apple has been public about its privacy position, which reflected in its branding and advertising, in the Apple v. FBI case, in its business model, and in its actual product releases.

iOS14, for example, includes an onslaught of privacy and security features that provide unprecedented transparency into what app startups and third parties are…

lourdes.turrecha

Founder & CEO @PIX_LLC @PrivacyTechRise | Privacy & Cybersecurity Strategist & Board Advisor| Reformed Silicon Valley Lawyer | @LourdesTurrecha

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store