This week on Serious Privacy, Paul Breitbarth and K Royal speak with Sjoera Nas. Sjoera is a long time privacy professional and privacy activist. She became involved with digital rights in the late 1990s and early 2000s, while working for the Dutch internet service provider XS4all, and later for civil rights group Bits of Freedom. But Sjoera is probably best known for her work at the Dutch Data Protection Authority, where she took the lead within the so-called Internet Team, leading investigations into anything that was happening online, from cookies and trackers, to interactive television, search engines, and picking long fights with ICANN on their WhoIs register and telco’s on data retention.
Since four years, Sjoera is a consultant for Privacy Company, still based out of the Netherlands, but doing work with global impact. Together with her team, she writes extensive data protection impact assessments on a range of cloud services, like Office365, Google Workspace and Microsoft Sharepoint and OneDrive. Her customer: the Dutch government and higher education system, which surely helps when it comes to negotiating risk mitigation measures.
During this episode, we talk at length about conducting technical deep dive DPIAs, that everyone can benefit from, and negotiating risk mitigating measures with Big Tech. But we also cover international transfers (remember those?) and Google Analytics alternatives.
As always, please feel free to share your thoughts with us - therewill be a year end show on the best episodes. Get your vote counted! Follow us on LinkedIn as Serious Privacy and on Twitter @podcastprivacy @EuroPaulB and @HeartofPrivacy.
The blog posts linked below contain the summaries of each of the DPIAs referred to during the podcast. Via the blog, you will also find the full DPIA document, including annexes, to read. Even though they are lengthy, we highly recommend reading and using them if your company uses any of these products.