Serious Privacy

Privacy Biz and Liz (Liz Denham)

December 01, 2023 Dr. k royal and Paul Breitbarth, Liz Denham Season 443
Privacy Biz and Liz (Liz Denham)
Serious Privacy
More Info
Serious Privacy
Privacy Biz and Liz (Liz Denham)
Dec 01, 2023 Season 443
Dr. k royal and Paul Breitbarth, Liz Denham

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal connect with Liz Denham, who was appointed to the Jersey Data Protection Authority and is also the new Chief Strategist at the Information Accountability Foundation. Liz has quite the extensive career in privacy leadership and discusses developments in the field with Paul. This one also features some information on some friends of K in a band who are touring Europe right now, Stone Senate. Also, remember, registration is open for next year’s Global Privacy Assembly in Jersey.

If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email Rate and Review us!

Proudly sponsored by TrustArc. Learn more about NymityAI at

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Show Notes Transcript

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal connect with Liz Denham, who was appointed to the Jersey Data Protection Authority and is also the new Chief Strategist at the Information Accountability Foundation. Liz has quite the extensive career in privacy leadership and discusses developments in the field with Paul. This one also features some information on some friends of K in a band who are touring Europe right now, Stone Senate. Also, remember, registration is open for next year’s Global Privacy Assembly in Jersey.

If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email Rate and Review us!

Proudly sponsored by TrustArc. Learn more about NymityAI at

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Please note this is largely an automated transcript. For accuracy, please listen to the audio,

[00:00:00] Paul Breitbarth: It feels like forever since K and I have been in the same recording studio, but it's actually only been a couple of weeks. But so much is happening and we've both been traveling and doing tons of different stuff that it's high time to catch up. So today you'll get a brief conversation between K and myself, and then an interview that I recorded with Elizabeth Denham, former Information Commissioner, former Privacy Commissioner of British Columbia.

Currently member of the Jersey Data Protection Authority and also the new Chief Strategist at the Information Accountability Foundation. 

[00:00:36] K: Yes, the lady I introduced myself to in the ladies restroom because I couldn't seem to catch her anywhere else. Not that I was stalking her.

[00:00:44] Paul Breitbarth: you need to find people somewhere. So,

[00:00:47] K: Meet them where they're at, right?

She was in the 

[00:00:50] Paul Breitbarth: So as always, my name is Pal Breitbart.

[00:00:52] K: And I'm K Royal and welcome to Serious Privacy. So Paul, this is an interesting kind of a question. I guess it's more of a yes or no for the unexpected question. Did you go roller skating growing up?

[00:01:06] Paul Breitbarth: Yes, I did. Or Roller skating. Yes, that was very early on and then rollerblading. So

[00:01:14] K: I was going to ask if you were more of a rollerblader. I tried rollerblades once. Stood up at a wall and was like, Oh, I think this is going to work. And I felt my feet. feet going backwards. And I was thinking roller skate. I'll catch myself on my toes. There's no catching on your toes. I broke my elbow.

[00:01:32] Paul Breitbarth: Oh, poor you.

[00:01:33] K: It was a whole body full slam.

Bam. Just like that. So roller skating. Yes. Rollerblading.

[00:01:40] Paul Breitbarth: No. Well no, I did both. I think I was more of the rollerblading. I used that longer. That's probably been three decades since I last did that.

[00:01:51] K: Yes. Mine was teenage years through junior high and high school every Friday and Saturday night at the roller skating rink. And yeah. Interesting. 

[00:02:02] Paul Breitbarth: Absolutely. And happy St. Pancake Day!

[00:02:04] K: Oh, thank you.

[00:02:06] Paul Breitbarth: You probably don't even know that it exists.

[00:02:09] K: Can you read that on my face?

[00:02:10] Paul Breitbarth: yes this is, this is a very Dutch thing. And it


[00:02:14] K: something I need to celebrate with some good food.

[00:02:17] Paul Breitbarth: well, pancakes. Obviously Saint Pancake doesn't really exist. But this is coming from a 80s and 

90s. so, according to this quirky made up tradition there was a bunch of monks with cold hats and one of the monks suggested to the the abbot of the abbey to put a warm pancake on his hat to keep warm.

And then all the angels came out and a golden frying pan apparently appeared and this is a, a very local tradition that started in Rotterdam but has become quite popular in recent years, especially among students who bake pancakes on the 29th of November and put a warm pancake on their head and post pictures on social media.

[00:03:04] K: Oh my goodness. I love it.

[00:03:06] Paul Breitbarth: so yes,

[00:03:07] K: That is awesome. And I was looking up because, and I can share this on another one as well. Some guys I grew up with that are in a band are touring Europe right now. I was going to drop him a note if he was there and say, Hey, by the way, St. Pancake Day, but I think he's in Germany right now. 

[00:03:26] Paul Breitbarth: So then they'll be doing the Christmas markets.

[00:03:29] K: something like 29 days in 29 places in 30 days or something. So no time to do anything. So Wednesday, the 29th, they are in Germany. It looks like for the next three nights, then Austria, then back to Germany, then Spain on December 5th. Staying in Spain for a little while looks like for about six, seven days, and then they're on to France, and Friday, December 15th, they're back in Germany, so they're having a good time, he's posting videos all the time, so I'm gonna drop him a note if he's anywhere near there and say, by the way, St.

Pancake Day they'll probably, they partaking of the local food and enjoying everything. It's like, Hey, we're doing 29 shows in 30 days. We don't have time to breathe.

[00:04:18] Paul Breitbarth: It's basically the traditional American way to see Europe, right? If it's Tuesday, this must be Belgium.

[00:04:24] K: I think so. And it's, and it's fun because they're having a wonderful time. All their shows are sold out. They said the audiences are just phenomenal in Europe. They're always chanting. We want more and giving huge. Applause and everything. And they're just, they said they're just reeling from all the love.

So if you have listeners are there somewhere to check them out, their name is Stone Senate, feel free to go up and tell them, Hey, I'm friends with K that you grew up with in high school and at least three or four of them, there's only five should know who that is. 

[00:04:57] Paul Breitbarth: Well, that's a good sign. So, K, indeed, it's been a while since we were in the recording studio catching up. So, how are you?

[00:05:07] K: I've been sick for a month. Can I share that? I've, I've moved to South Carolina as I think some of y'all know from Arizona. One of the reasons we were in Arizona is because Arizona has a steady barometer, barometric pressure, nice and steady, which is really good for people flu, a cold, back to another bug, to a flu, my grandchildren have pink eye now, I'm living in a little bitty studio apartment, a piece of my daughter's house, but I should show you pictures of the house that's going up.

We actually have the wood framing and the walls and the roof up.

[00:05:37] Paul Breitbarth: So give it a few more weeks and you can move in while they finish the house?

[00:05:42] K: Yeah. But but yeah, so it's, it's been challenging, but you know it's interesting. Someone asked me that the other day, cause I've been with my new job now eight months I'm busy. It's like any privacy job, stressful, I'm not sharing anything about the employer in particular, any privacy job is stressful, and lots of work to do, and I feel like I don't have enough fingers on my hands or hours in my day, and I absolutely love it. 

[00:06:11] Paul Breitbarth: Well, 

that's what we'd like to hear, right? 

[00:06:14] K: Absolutely love it. I am going to be advertising for a privacy council though. So looking at one, I'd love to find one in Canada especially one that speaks French Canadian. I'm, I'm being partial to Quebec there. But it doesn't have to be. So we are looking for a new privacy council.

I'd prefer Europe or North America as we're looking at that. So that ad should go live soon. And so I just absolutely love my company, my team, what we're doing. I can't say enough good things about it. But yes, stressed out and working hard. What about you?

[00:06:48] Paul Breitbarth: weLl, not as stressed out anymore, working hard for sure trying to balance all the, all the work company is doing well, we are in the midst of planning season, as I think almost everybody is, wrapping up all the planning for 2024, looking at everything that the business wants to do, and then hoping to squeeze in Some of my own projects as well

[00:07:10] K: Yeah, try to slide them right in there. Just, they'll never notice. Just a little privacy project

[00:07:14] Paul Breitbarth: well the thing is they may not notice but my time may notice 

[00:07:20] K: I will say there is a difference working for a publicly traded company versus a startup. And I've been with startups for a long

[00:07:26] Paul Breitbarth: Hey, we're a scale up we're not a startup anymore

[00:07:29] K: Right, right. And now I'm with a publicly traded company that's been around for a long time. We're insurance claims handler. So I'm back in mostly the health care realm, but still dealing with all the emerging tech questions that everybody else deals with.

Whether you're in an entrenched company or a startup, you're dealing with everybody wants to use AI.

[00:07:49] Paul Breitbarth: Yeah,

[00:07:50] K: Everybody wants to 

hang on to too much data for too long. 

[00:07:53] Paul Breitbarth: so yeah, that's that's part of the, the, the ongoing discussions going well. I've just been to Jersey

Last week for a single day, unfortunately only. But we had a, a good meeting of the data protection authority plans for the global privacy assembly next year are advancing really

[00:08:13] K: Yes, I need, I need to register for that yet. And by the way, not only do we need to register for the Global Privacy Assembly, which I am taking a note right now. For GPA, and that's when,

[00:08:29] Paul Breitbarth: GPAJersey. com. The final week of October 2024.

[00:08:34] K: last, so I can bring costumes

[00:08:37] Paul Breitbarth: Yes, because the 

conference ends on the 1st of November, so Halloween will be included in the conference week. 

[00:08:45] K: Oh, that would be awesome. That would be really nice to be able to do so. And I saw an interesting job that popped up on LinkedIn the other day that I've shared to some friends. CERN. It's looking for data protection consultants. I think they're going to have a council, like a data protection authority council.

So I think they're looking for three or four. So it's not a full time gig for anyone, I don't think, but they did say they want someone with international experience. I'm going, I got international 


[00:09:14] Paul Breitbarth: always try. 

[00:09:15] K: CERN would consider me? 

Probably not. 


[00:09:18] Paul Breitbarth: try it.

[00:09:19] K: interesting jobs, right? 

[00:09:21] Paul Breitbarth: and this is, this is, similar to what I would be doing at the, the data protection board of, of the European patent organization. There are others similar to that, and those are interesting roles and it's a nice way to get started in data protection supervision.

to get some hands on experience. So that's that's a good one. Obviously the podcast is, is continuing. And then this Friday, the first of December, we'll have the first cohort of Master's students graduating at Maastricht University. So that also makes me really proud.

really looking forward to to see everybody get their diploma this Friday.

[00:10:01] K: Oh, that's going to be awesome. I'll look for the photos on that one. Cause I think I know a person or two in there.

[00:10:06] Paul Breitbarth: Yeah, you should. You should. 

so That's Yeah, so it's, it's a bit of everything these weeks. but.

[00:10:14] K: And privacy going bonkers too.

[00:10:16] Paul Breitbarth: Oh yeah, I mean, keeping track of that, that's for next week. I mean, it's impossible to keep track of everything, so we'll need a bit of time to 

catch up on that. But for today, we have another interview. I mean, that's 

the advantage of traveling so much.

I bring the recorder and just sit down with somebody, and this time I was lucky enough that Liz Denham graced me with some time after our meeting in Jersey to talk about her career.

[00:10:44] K: Well, let's dive into that because I'm eager to hear it, too.

[00:10:47] Paul Breitbarth: Elizabeth Danni, thank you very much for joining me today. 

[00:10:51] Elizabeth Denham: delighted 

[00:10:52] Paul Breitbarth: to join you, Paul. We've known each other for I think a decade by now working together on many privacy issues. But let's start with the very basic question. How did you end up in privacy and data protection?

[00:11:05] Elizabeth Denham: Well, I was, when I was in university, I didn't say when I grow up, I want to be a privacy regulator. That really, that, that wasn't in my career plans, but I, I was a professional archivist. I worked in information management, information governance back in the 1990s. And in Canada, the development of privacy laws, standalone health, information laws were spreading across the country.

And so it was natural for me to find that bridge into privacy work, data protection work, from archives and information management. So it was a new field. I think I was at the right place at the right time. And, you know, archivists, they are the handmaidens of history. And they... So be true. They actually are, were making ethical decisions about the use of data and information before we had the laws on the books.

So I think, I think it's, it's a good background. So for 

[00:12:06] Paul Breitbarth: you, it was really the positive choice. I want to move into data protection right now and it was not somebody saying, Oh yeah, we need somebody. Oh, you. You just 

[00:12:15] Elizabeth Denham: do it. You missed the staff meeting, so guess what, you're the new Chief Privacy Officer. No, that, that wasn't me I thought it was fascinating, and my first job in data and data protection was really archiving and saving the records of a hundred year old hospital.

Wow. That the city of Calgary was going to implode. And so, it was really about looking at all those patient records and deciding which ones were going to be preserved, how they were going to be accessed, and there was a new health privacy law. In that province. So it was, it was natural. And then, from then consulting work when Pippita The federal government, the Canadian government's private sector law came in to play.

I had my own consulting practice for a few years. 

[00:12:58] Paul Breitbarth: And from there you ended up with the Canadian Data Protection 

[00:13:01] Elizabeth Denham: Authorities? Yes, from then I worked as a Director of Investigation and Enforcement for the Alberta Privacy Commissioner's Office. That was... Before I, I left Alberta and, and went to work with my personal hero Jennifer Stoddard.

She was privacy commissioner of Canada. I know 

[00:13:21] Paul Breitbarth: you remember her well. We've had her on the podcast before talking about the Canadian draft legislation. Yeah, she's, 

[00:13:27] Elizabeth Denham: she's amazing. So she took me under her wing and I became her assistant commissioner at the federal level. And from there I applied and became the Information and Privacy Commissioner for the province of British Columbia, which was my home province.

So I was really pleased to, to go back there. So 

[00:13:45] Paul Breitbarth: you've been around Canada quite a bit as well. Are there many differences in, in the legislation between the provinces and the federal level? 

[00:13:53] Elizabeth Denham: There are, and some provinces don't have private sector privacy laws, others do. So, for my job in British Columbia, for example, I had the full gamut of private sector privacy as well as public sector privacy and access to information.

That's a lot. So that was that was a lot, that was in a small office, 40 staff. And from, from that that experience, somebody suggested it would be a good thing for me to apply to be the... ICO, the Information Commissioner of the UK. And I said, wait a minute, I'm Canadian. And 

[00:14:26] Paul Breitbarth: move again halfway across the world to, not just halfway across the country, but literally halfway across the world.

[00:14:32] Elizabeth Denham: Across the pond, across the pond. So that was my, I think, ultimate Adventure 2016. I took up the role as Information Commissioner. Hundreds of staff in that, in the office 13 pieces of legislation. And Brexit Britain. Yes. And bringing in an EU statute at a time when, when the 40 year old, 40 year divorce was going through between the UK and the EU.

And, and, you know, my experience on the EDPB was was bittersweet. I 

[00:15:05] Paul Breitbarth: can imagine. So when you, when you moved to Britain to become the information commissioner as a Canadian, did that impact the perception of you? Some, I mean, I can imagine some people saying, why don't we have somebody in the UK who can take up this role?

You came from Canada to do it. Now we have John Edwards who came from New Zealand to do it. I 

[00:15:28] Elizabeth Denham: think the UK is pretty comfortable with Commonwealth cousins. Okay. And a Canadian was head of the, he was the governor of the Bank of England, Mark Kearney, at the time, the head of the Royal Mail, was a wonderful Canadian, Moira Green.

And so there was a bit of a, a clique of Canadians doing public sector jobs. I think Canada's known for strong, a very strong public sector. And we're not Americans. That's 

[00:16:00] Paul Breitbarth: a big difference, that's for sure. 

[00:16:02] Elizabeth Denham: People have asked me that, well, if you, if you were American, and I, I just think, you know, it's interesting because in the years that I lived in, in the UK reading lots of sociological studies and watching the business culture, and I think Brits have a love hate relationship with the U.

S. They're, they're absolutely I'm addicted to the music and the, and the shows and the media, but I think somehow suspicious of the ambition of Americans. So maybe a Canadian is a little bit more 

[00:16:32] Paul Breitbarth: comfortable. Yeah, I'm pretty sure that's true. And again, how do you look at the differences between your work in British Columbia and at the Canadian federal level and then in the UK suddenly being confronted with GDPR just apart from the whole Brexit discussion, but.

[00:16:50] Elizabeth Denham: Massive differences. So what we have in common, I think, is, is both in the UK and Canada, we, we speak English. We had the queen and now the king on our money, but that's where the similarities end. So I, you know, I was really, I had to study the business culture. I had to try to understand the business and the, and the, the government culture, which is very different.

Also I think. British people are very suspicious of what we think of as commercial surveillance, but they're pretty comfortable when it comes to police and intelligence services surveillance. Maybe it's a James Bond thing, but I found that quite different than North America. 

[00:17:35] Paul Breitbarth: Yeah, I mean if you walk through London, the volume of CCTV cameras is unimaginable.

You can't count them anymore. 

[00:17:42] Elizabeth Denham: No, and I, and I think, I mean, who knows the history going back to the 1970s with the, the troubles and, and terrorism, I think had something to do with that. But the other thing is that the Brits really do not like marketing texts and email and phone. And so that was part of the role of the ICO was really, you know, the electronic communications.

Regulation, and that was a lot of my job, actually, nuisance texts and nuisance calls. 

[00:18:16] Paul Breitbarth: I recall a lot of press releases from your time on those issues, and also a lot of 

[00:18:20] Elizabeth Denham: fines. And a lot of fines on those issues, and that continues today. So I see John Edwards has multiple, multiple fines already this year on that.

Direct marketing. So, you know, I think that was interesting but yes, the laws are different. I mean, I was drawn to the U. K. because there were strong enforcement powers in the law, whereas most Canadian laws are really built on an ombudsman model without the, the strong enforcement. penalties. And I see Canadian law is changing now, but in my time, I was attracted to the power of having, you know, a big stick and really pushing compliance.

So that was it was certainly a step up. And when I left the ICO at the end of my term in 2021, I think we had tripled the size of the office in terms of staff, but more importantly, we builthinlingsuniversity. edu. A lot of capacity in the office by hiring technologists and engineers and economists and people that were seconded from the big four or the private sector to really think through the work of a modern regulator.

And that's, I think what I'm most proud 

[00:19:35] Paul Breitbarth: of. And do you think that Canada now will follow suit in that more European tradition of not just having the carrot, but also the big stick with. Bill C 27, looking like it may get to the finish line? 

[00:19:48] Elizabeth Denham: It looks like it will get to the finish line, and there will be stronger enforcement powers for the federal commissioner.

I think at the provincial level, you see some order making powers, but you still don't see a lot of. Finding administrative monetary penalties and other types of redress. So I think Canada is still behind. I would say, you know, it's, it's 10 years, 15 years behind where the EU is. But the interesting thing about Canadians is I think they're seen as, they have European sensibilities for sure, but they also have US ambition and, and.

Innovation. So it's, it's, it's an interesting place to be from. I can imagine. I'm spending a lot of time working with U. S. firms and in the U. S. That's fascinating for me, too. 

[00:20:36] Paul Breitbarth: So, yeah, what does your agenda look like today? You retired from the ICO in but you're still very much involved in the world of data protection.

[00:20:45] Elizabeth Denham: How could I leave it now? How could I leave it now? I mean, I could actually take up knitting and hang out with my grandkids, and that would be interesting, but there's so much policy work yet to do, Paul. Absolutely. And so I took a few months off after the ICO and moved back to Canada, and I'm, I'm working part time.

for Baker McKenzie as an international advisor, mostly to data governance issues, and I'm just taking up a new role, which I'm really proud of as the chief strategist for the Information Accountability Foundation that you're very familiar with. 

[00:21:17] Paul Breitbarth: I am. We had Marty on the show. We had Marty Abrams. We had.

Barb Lawler on the show as well. Marty is taking up what is called an emeritus position within the IF, which he founded. I mean, he already stepped back when Barb took over the presidency, and now he's stepping back even further. Those are pretty big shoes to fill, but also a big shadow hanging over all the work that you 

[00:21:43] Elizabeth Denham: do, probably.

Oh, yes, absolutely. I mean, all I can say is that I'll just bring some more style to the shoes, but I think it's really hard to follow Martin. It's very, I mean, he, he's a brilliant man for decades. He's done such good policy thinking. But I think the time is, is, is right now for the IAF to be truly international.

That's one of my goals. But to, and to focus on data governance. Beyond data protection, because I think we all know it's about digital and data governance and that's going to be my focus. Starting with AI governance, of course, but beyond that, the IEF needs to look around the corner and see what's coming next.

That is a fascinating challenge for me. 

[00:22:30] Paul Breitbarth: Is that also what differentiates the IAF from other industry groups like CIPL and the Future of Privacy Forum? 

[00:22:38] Elizabeth Denham: I think the IAF are the thinkers. I think we are, we're truly a policy think tank. We're not an advocacy group. We're not a lobbying group. We are not for profit.

So I think our, our background, our focus has been on convening and the kind of accountability that Marty sponsored 2012 and you were part of that Paul. And I, you know, I, I think that was the first time an organization really convened deep discussions between regulators, companies and policy makers.

And I think more of that is what we need. 

[00:23:21] Paul Breitbarth: So when you talk about making the IAF more. international, more global. does that also mean branching out into the non Western jurisdictions and see what impact data protection has there? 

[00:23:34] Elizabeth Denham: Absolutely. I was recently in the Middle East, and I don't know if you've been there, Paul, but I mean, recently in the Middle East and Dubai and talking to policymakers, government, companies, there's something happening there.

It's vibrant. Vibrant, people are walking with a swagger. I think there's something there. And so, yes, the Middle East definitely the Asia Pacific, which is an area of the world I'm very comfortable with. And Africa, I mean, there's a lot of, there's a lot going on in Africa too. So I really think I'd like to see the IAF go, go more global and that'll be one of the, one of the priorities.

That's going to 

[00:24:14] Paul Breitbarth: be really interesting because the one thing I did note I've come a long way when it comes to accountability and I've said it on the show before as well. When I was still with the Dutch DPA, I thought accountability might be a scapegoat for companies to just say, Oh no, we're doing everything that we should and then hide behind it while not doing the actual work.

Such a cynic. I know I may have been trained in that way. But, after having worked, especially having worked with Terry McQuay at NMDI on all the accountability projects I've also come to see the value of it. When you look now at the new generation of data protection laws, where, whether it is the law, In Kenya or the law in, in India that's now entering into force or the one in China and also the GDPR, they are all accountability driven.

It's all about also the responsibility for organizations to be able to demonstrate compliance on an ongoing basis. 

[00:25:11] Elizabeth Denham: Accountability is back in style. It is. And it's actually embedded in a lot of new laws. So if you look at the California law, you look at the Colorado law, there are deep accountability requirements for companies to stand ready to demonstrate that they are compliant.

And so not a tick box exercise, but accountability needs life. And I think that's what we're going to see with the data governance requirements around AI. So it is all about accountability and sound governance and being able to demonstrate that your controls work. 

[00:25:51] Paul Breitbarth: And that's all. and it's fairly easy for a large organization to accomplish, especially a large organization that has the resources to have people in place to do that and to purchase software and, and Get everything done, but all these obligations are very hard on smaller companies with fewer resources.

How do you look at that? 

[00:26:16] Elizabeth Denham: So the scalability is, has always been an issue. But I think even if you look at the new legislation, the EU AI Act, where there's accountability and requirements in the whole supply chain of companies. And I think that will help. I also think that the larger companies, in terms of the business they do with smaller companies, have a duty and an obligation, as do various professions like accountants and financers.

I think there's a requirement to help small businesses. And there's been a real focus, I think, in data protection authorities around helping small businesses get it right. And so I, I see it, it's not, it's not going to be a panacea, especially when you think about startups. Where there's sort of one person bands, very difficult for them.

With lack of awareness 

[00:27:09] Paul Breitbarth: as well. 

[00:27:10] Elizabeth Denham: Yeah, we have a long way to go. But I'm more hopeful than I've ever been that we're moving towards a time of embracing the kind of ethical and legal controls that we need around our data, which is the most important asset of the 21st century. What 

[00:27:29] Paul Breitbarth: is the main challenge that you see for data protection professionals for the next five years?

[00:27:35] Elizabeth Denham: It's only more upscaling. So I do think that, I mean, there's been a lot of discussion in the last year about whether data protection professionals are equipped to take on responsibilities like ethical AI, responsible AI. And I think the answer is we have a lot of the tools. That can come across, that can be used for new tech.

What we do, what we do need to do though, is we need to look beyond our borders of data protection because, because the concerns are much broader than that. So that means we need technical awareness, we need to be business savvy, to, to really Do this work and be the trusted leaders of ethical tech. So upskilling would be my number one.

[00:28:27] Paul Breitbarth: Very good. And then maybe to, to wrap up, if you look back at a couple of decades working in data protection and privacy, what are you most proud of? 

[00:28:38] Elizabeth Denham: survival in Brexit Britain. No, I, I'm most proud of the work that my team did in the ICO around the development of the age appropriate design code, the children's code, because that was hard work.

I still have the scars on my back. on shopping that code around, but I think because it's a privacy engineering code, first of its kind, that's now being initiated in other jurisdictions around the world. That's the work that I'm most proud of and I think a generation from now will look back and you.

be astonished that there was ever a time we didn't have these kind of protections for our kids online. So I think the age appropriate design code will live on. 

[00:29:24] Paul Breitbarth: Let's hope so, because indeed it's, it's still strange that kids can do anything online without There being basic protections in place without companies realizing that they should or maliciously deciding that they, that they wouldn't put those in place, and that's unimaginable.

I mean, just like cars need to be safe by default, also our online environment needs to be safe by default. 

[00:29:51] Elizabeth Denham: I couldn't, I couldn't agree with you more. I, I do see changes in some of the big companies, and I see policy makers around the world that agree on one thing, and that is that the internet needs to be safer for kids.

They just don't all agree on how that should be 

[00:30:06] Paul Breitbarth: done. No. Well, when you, when you look at, parental consent, for example, how do you ask parental consent in an online environment where the kids are probably more tech savvy than their parents or grandparents? 

[00:30:17] Elizabeth Denham: This is why I think the responsibility needs to reside with the, the companies themselves and to allow kids the kind of agency they need when they get to be 15, 16, 17.

They don't want to have their parents surveying them. So it's... 

[00:30:32] Paul Breitbarth: Is it still 15, 16 or is it... 

[00:30:36] Elizabeth Denham: So it's around the world, depending on the law in the various nation states, but also what kind of service you're talking about, social media, search, games, et cetera, 

[00:30:47] Paul Breitbarth: et cetera. Try keeping an 11 year old from TikTok nowadays.

That's not going to 

[00:30:51] Elizabeth Denham: work very well, is it? 

[00:30:53] Paul Breitbarth: No, I mean, our laws all say 13, but it's just not going to work. Same with Instagram. 

[00:30:59] Elizabeth Denham: Yeah, I also think the, the tech market, the kind of solutions for age estimation and age assurance are getting, getting better. And I see technical standards like the IEEE on age assurance.

So I think we are, we're going to see a mature market and it takes the law to actually create the maturation in the market. Absolutely. 

[00:31:20] Paul Breitbarth: Lisanne, thank you so much for joining me. I'm sure we'll hear a lot more from you in 2024 when the IAF starts issuing new things. And maybe also from some of your other roles but that's for next year.

[00:31:32] Elizabeth Denham: Thank you very much. Thanks for having me, Paul.

[00:31:34] K: And there you have it. Fabulous. Reach out to Liz Denham. Tell her hi. Tell her you heard her on our podcast. I sure she'll love it. Stalk her in the bathroom. She's cool.

[00:31:44] Paul Breitbarth: Well, maybe not stalk her into the bathroom all the time. That might become awkward at some point.

[00:31:51] K: Probably very awkward. with that, wrap us up, Paul.

[00:31:55] Paul Breitbarth: Yes, with that, we'll wrap up another episode of Serious Privacy. Join the conversation on LinkedIn. You'll find us under Serious Privacy. You will find K on social media as @HeartofPrivacy. Myself as @europaulb. And if you want, do like us in your favorite podcast app. Leave a review. All of that is more than welcome to make the podcast even better found.

And for now, we'll leave you. Until next week, goodbye.

[00:32:22] K: Bye, y'all.