top of page
  • Team

The Data Drop Panel for May 2022

Host Erik Rind and special guests take a deep dive into the noteworthy, concerning, and downright fascinating stories featured in recent episodes of the Data Drop News podcast.


Pro tip: you can listen to The Data Drop Panel on your phone by subscribing to our podcast.

About The Data Drop


The Data Drop podcast is a production of the Data Collaboration Alliance, a nonprofit dedicated to advancing meaningful data ownership and global Collaborative Intelligence.


Join The Data Collaboration Community


The Data Collaboration Community is a data-centric community where professionals, nonprofits, and researchers join forces to collaborate on datasets, dashboards, and open tools in support of important causes. Learn more.

 

Full Transcript


Erik Rind: I folks, I'm Erik Rind CEO of ImagineBC and a member of the Data Collaboration Alliance. Welcome to the Data Drop Panel where each month we gathered some leading data and privacy professionals to hear about the new story that stood out for them over the past month or so. In the fast-paced world of data privacy.

It's always interesting to hear what's raising the eyebrows and curling the fists of practitioners. I should note that all the stories that we'll feature have been included in our podcasts, which delivers a five-minute privacy news Roundup. Every other week. This month, the data drop panel will have three guests.

Jeff Jockisch CEO, PrivacyPlan, Priya Keshav, CEO of Meru Data, and Sameer Ahirrao CEO of Ardent Privacy. Welcome, everybody.


Priya Keshav: Thank you. Happy to be here.


Sameer Ahirrao: Thank you for having us, Erik. Look forward to the conversation. Yeah.


Erik Rind: All right, let's get kicked off. Jeff. You're first here.

So the topic is your online activity and location is being exposed 747 times a day for. I'm actually a little surprised it's that small?


Jeff Jockisch: Yeah. Well, that's an interesting case the Irish civil liberties organization I think that's run by Johnny Ryan filed a lawsuit. And this is against the the IB in Europe.

And it's really, this is a case that's about real-time bidding. And so they've done a lot of research and one aspect of that research is really sort of understanding, you know, how our personal information is shared in the real-time bidding process. And when you really break that down and you look at Americans for instance all that, all that ad tech really means that that Americans' information is, is given out to over 4,000 companies.


And our information is shared roughly 750 times a day. Right. And this is you know, personal information, personal data, as well as location. Which is, you know, in their opinion and in a lot of the people's opinion, a data breach, right. That's on a massive scale every single day. And that's just a scary thing right now, you know, the ad tech folks and Google and whoever else is sort of involved in this would probably tell you that this is in the information that.

Can't be attributed to an ADU individual person, right? That is de-identified. And, that is technically true. But when you have a large set of information about people, right, 20, 30, 50, a hundred pieces of personal data, even if it's de-identified It can be pretty easily re-identified. I mean, I think that's pretty much a well-known fact.


So if I was to take that information about you, Erik and take it to another data broker, they could probably pretty easily figure out that it's you?


Erik Rind: Yeah, that's interesting. Jeff, when I started my company, At the early onset, I actually hired hip sows, the market research company to actually do a study on that, which is how much data can you collect before they can find your needle in that haystack.

And I was surprised how small the step was that, right? That, Hey, if you have this, this piece data, this piece of data, I can figure out who you are. That really surprised me.


Priya Keshav: A little bit of credit to the adtech industry died. So when they started working, their intention was not the full person information, but the definition of personal information has changed. Right. And obviously, just the sheer volume of what they collect makes it. So obviously they're not collecting name and email address and physical address.