Serious Privacy
The PICCASO award winning Podcast, for those who are interested in the hottest field of human rights and laws on the digital frontier. Whether you are a professional who wants to learn more about privacy and privacy laws, data protection, GDPR or cyber law or someone who just finds this fascinating, we have topics for you from data management to cybersecurity, from social justice to data ethics and AI and digital identity protection. In-depth information on serious privacy topics including interviews with privacy leadership, privacy culture, serious discussions, and more.
This podcast, hosted by Dr. K Royal, Paul Breitbarth and Ralph O'Brien, features open, unscripted discussions with global privacy professionals (those kitchen table or back porch conversations) where you hear the opinions and thoughts of those who are on the front lines working on the newest issues in handling personal data. Real information on your schedule - because the world needs serious privacy.
Follow us on BlueSky (@seriousprivacy.eu) or LinkedIn
Serious Privacy
A week in privacy, but we're really talking US Supreme Court
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Welcome to the Serious Privacy podcast, where Paul Breitbarth, Ralph O'Brien, and Dr. K Royal, discuss a week in privacy. Let's be honest though - it's really the US Supreme Court reent decisions in Slaughter and Chatrie. Tune in for a lievely discussion. Oh - and we're also on YouTube https://www.youtube.com/@seriousprivacypodcast
Chatrie v. United States (25-112): Police officers conducted a Fourth Amendment search when they acquired Okello Chatrie’s location data from Google because an individual has a reasonable expectation of privacy in his cell-phone location information.
Trump v. Slaughter (25-332): The Federal Trade Commission’s for-cause removal provision, 15 U. S. C. §41, is contrary to the separation of powers enshrined in the Constitution.
If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us!
From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
You're listening to the award-winning Serious Privacy Podcast sponsored by Trust Ark. Please welcome your hosts, Paul Breitbart, Ralph O'Brien, and Dr. Kay Royal.
PaulThe Beast is back. We haven't spoken about the privacy shield or the data privacy framework for a long time on this podcast, but it's back. Last week, on June 29th, the US Supreme Court ruled in Trump v. Slaughter that the FTC is no longer an independent agency. And it is time for us to discuss what that means for the world of privacy and data protection. And that in the week where the United States celebrates their 250th birthday as an independent country and as the greatest democracy in the world, in their own words. My name is Pal Breitbart. And my name is Ralph O'Brien.
KAnd I'm Kay Royal, and welcome to Serious Privacy. Unexpected question.
PaulHow do you celebrate the 250th birthday of a country?
KYou stay at home with your dogs who are not scared of fireworks.
RalphYou wrestle on the Lord, apparently.
PaulYou do a bake sale.
KOh, there you go. You go out to the farmers market kind of thing in the little towns and you listen to bands that I'm not going to drag Tim to because they're all country music.
PaulVery good. So your unexpected question.
KBoth of them just nodded their heads straight down. I've said this on the podcast before that one of my husband's favorite jokes is tell me, what type of music do you hate the most? And second, why country?
PaulYou do realize that you're now implying that you have multiple husbands at the same time.
KDid I?
PaulYeah. You said one of my husbands is asking the question.
KWait how I'm gonna hit them with a really good question this time. Okay. If they were a team of superheroes in your cob salad, if they were a team of superheroes in your cob salad, which toppings would be the leader? Your tomato, avocado, cheese, eggs, bacon, or chicken?
RalphThank you for just giving me the ingredients because I didn't actually know what was in a cob salad. I'm missing the corn.
KIs this an American thing? Is a cob salad an American thing?
PaulYeah. Cobb salad is a very American thing.
RalphI always I'll always take bacon as a thing. Yeah, definitely bacon.
KBacon would have to be the leader.
PaulAnd corn would probably be the super villain, I would suggest. No, that's the cheese already. So the cheese is out.
KThe cheese is out. We're done with the cheese.
PaulThe cheese is out.
KAnd we don't know which comes first, the chicken or the eggs.
PaulGiven that it's a salad, I would vote for tomato to be the actual lead, so that at least it's a vegetable that's in the lead and not a protein. Tomato's a fruit, isn't it?
KTomato's a fruit.
PaulOkay, fair enough. Then maybe any other vegetable.
KAny other vegetable. But you're right, because I was thinking when we said bacon would be the leader, I'm thinking, yeah, but bacon is the sexy one. Bacon is the one that everyone wants. So bacon's like the Wonder Woman of the superheroes. You gotta have a Tony Stark. I know I'm mixing up Marvel and whatever, but Justice League and blah blah blah. But you gotta have a boring but smart thing as the leader, so maybe tomato will do that.
RalphWe could add a cold salad to the series privacy cookbook as well. Oh yeah.
KThere we go. There we go.
RalphAnd then one without cheese or with optional cheese.
KOne without cheese or optional cheese. And apparently on a cob salad, there's no corn. Just wanted you to know that. There's no corn cob.
PaulSpeaking about supervillains, does Chief Justice Roberts maybe qualify to some extent?
KAs a supervillain?
PaulMm-hmm.
KWell depends on what side of the presidential debate you're on, right?
PaulThe side of democracy.
KSo the other decision on the birthright citizenship, the majority came down on the side of the Constitution to uphold birthright citizenship. So I can't say he's a complete supervillain. I can't say he's a complete superhero. Upholding, however, the president's ability to fire appointed members of an agency. I'm trying to think what's the right word. Is it is not the agency, is not the oversight committee.
PaulIt's an independent agency.
RalphIt is, yes. Is it an independent agency? This is the question. So for those people that haven't seen the story, I think it's worth going into a bit of background here. We've got a case in the US, Trump versus Slaughter, that was basically about the independence of the FTC. Is the FT is it constitutional for the FTC to be an independent organization? And the court has ruled, basically, no, that the FTC should be answerable to the president, in this case President Trump, and therefore is not an independent authority. Then we have to look at the other side of the pond, as we say, where the EU has this requirement, of course, to have independent authorities in order to ensure that then people get a fair shout when it comes to the way they're dealing with things like international transfers and data right. And so when we add the fact that we no longer have an independent authority after Trump versus Slaughter, their questions being asked once again about international transfers and the validity of the EU-US data transfer framework. And people like Matt Trems have been very quick here in putting in letters to the European Commission to say, let's get rid of this then. Let's let's let's very quickly move to strike down the data privacy framework, because there's no longer an independent authority who is going to be in place, which would then invalidate the whole thing.
PaulYour thoughts, Paul. My thoughts are supported, I should confess, by a LinkedIn post from Gabriela Zantfeer, who, of course, has always has read the opinion multiple times and given her very diligent analysis. I'm not scared to admit that I'm heavily relying on her findings as well. But one of the things that Chief Justice John Roberts, who writes for the majority of the Supreme Court, this was a 63 ruling, he writes that the president must have the assistance of officers that he can trust. Although it is up to the Senate to decide whether to confirm those with whom the president would prefer to work, neither Congress nor the courts may settle him with those with whom he cannot work. Subordinates who exercise the president's power are subject to removal by him. Then, and only then can they remain accountable to the president and the president to the people. This in itself already is an interesting statement because Rebecca Slaughter, the FTC commissioner who was now fired, was nominated by a certain President Donald J. Trump as the 45th president of the United States. So let's not forget that he was the one actually also requesting that she serves at the pres at the pleasure of the president. But it becomes relevant, this whole discussion about whether or not commissioners of the Federal Trade Commission can be fired or not, indeed, as Ralph mentioned, because the FTC is one of the oversight bodies that is appointed under the EU US data privacy framework. The other oversight body already has an issue, that is the Privacy and Civil Liberties Oversight Board, which does not have a quorum since they only have one out of five members appointed, with only one out of the outstanding four seats nominated before the Senate already for two years or a year with no progress being made. So the Federal Trade Commission now also has issues with their independence, and especially, and this is what Gabriella already writes, the European Commission notes in the adequacy decision that is the data privacy framework that in order to ensure an adequate level of data protection is guaranteed in practice, an independent supervisory authority tasked with powers to monitor and enforce compliance with the data protection rules should be in place. The Federal Trade Commission is an independent authority composed of five commissioners who are appointed by the presidents with the advice and consent of the Senate. Senators are appointed for a seven-year term, may only be removed by the president for inefficiency, neglect of duty, or malfeasance in office. Those are the three criteria that the European Commission accepts for removal of an FTC commissioner while retaining a level of independence required for adequacy. And that is the part that is now broken.
KYeah, it's not the only part that's broke, but it's one more nail in the coffin, right? But no, it's been long held here in the United States that agencies they may most of them are set up under the executive branch. However, they carry responsibilities of all three branches. And when I was doing my PhD in public affairs, one of the things that is kind of recognized by people who talk about these things is agencies are almost a fourth branch of government. Most of them are considered independent agencies. They're the ones that are the 15 cabinet heads, but the rest of them are considered independent agencies, typically, other than the ones that fall directly under Congress. But they are set up to be independent. So they have aspects of the executive, they have aspects of Congress, they pass the regulations, they enforce the regulations, they have acts of judicial where they have their own internal courts and hearings and ability to do that. So they carry the powers of the other three branches within the United States, yet they are not recognized as a branch of government themselves. They are subordinate to one of the other branches, typically executive, sometimes congressional. But they are set up to be independent. And so the logic that the president needs to surround himself with advisors he can trust. Not sure that the independent commission of the FTC was ever set up as advisors to the president.
PaulI agree. Plus, if you are in power, isn't it even more important than to have people surrounding you can trust that you have people surrounding you who are able to speak truth to power?
KNot only that, but you want to surround yourself at least with a few that disagree with you because you have to understand you're not always right.
PaulExcept for Donald Trump, of course.
RalphThis is certainly an issue. There needs to be checks and balances, right? That's why we say there's an executive, a legislature, a judiciary, and as Kay was saying, these independent authorities almost form the fourth branch. So to bring them under the control of the executive does shift the balance of power somewhat.
KAnd they're not as independent as Article III judges, right? That can be that are appointed for life. They cannot be removed from office like the whim of any politician, doesn't matter what level of politician it is. They keep their office unless, of course, there is actual forecast to remove them. But in large part, they cannot be threatened by any type of political power because they are independent and they hold it for life. These agencies not necessarily hold it for life, but they are supposed to be independent. And they're not supposed to be able to be threatened by any type of political whim, right? They have to be able to do an independent job. And the FTC was set up deliberately to be balanced. We've already been worried the past year or so about the balance being disrupted.
PaulWith balance, you mean that there are both Democrats and Republicans on the committee. And if it's a Republican president, it's three against two. And if it's a dem a Democratic president, it's three against two the other way around.
KYep, exactly. So there is some level of balance there. And we we didn't have that anyway. I did not foresee this as the outcome of the Supreme Court case. I did not. I would I did not have this on my bingo card because this is a long-standing precedent. But as we've already seen from the Supreme Court, they had no problem throwing out long-standing precedents of things that we in law rely on as established provisions. However, like the other cases that have been overturned that we have relied on, maybe Congress should have made it a law. Maybe once it was overturned and not relied on, maybe Congress should have made it a law if it was that big of an injustice. And so if it is that big of an injustice here, maybe Congress should make it a law.
RalphI think that's interesting because you've then got what was happened with the PCLOB and the Data Protection Review Court as well. These had already had their internal balance, let's say, disrupted by the removal of the democratic voices. So there was an argument, of course, that regardless whether the FTC has an independent authority, the balance had already shifted anyway, perhaps. That's the the there was already a broken system when it comes to the EU-US data transfer. And I should say, from my perspective, by extension, the UK extension and the Swiss extension to that.
KYeah, there's already a balance broken, right? Because we know the US does not have in place what it needs to have in place to be considered equivalent.
PaulNo, they do not. And we will see what will happen here. There are a few options. First of all, the European Commission, for any adequacy decision, is always allowed to repeal it.
KYeah.
PaulSo that is an option that they that they could do. And that is also what you see the activists now calling for, that the European Commission will bring forward their review and find this together with the PCLOB as sufficient reason to say, for at the very least, we will suspend the data privacy framework for the time being until such time that independence is restored, or that they will just withdraw the whole adequacy decision. Likelihood that they will do that, in my view, is fairly low because of the economic consequences that will have. I would agree.
RalphActually, without any disrespect to the European Commission, I think in the past we've seen them not bury their head in the sand exactly, but certainly take a we're not going to do anything unless forced to do so by the courts of justice when it comes to data transfers.
PaulI don't completely agree with you on that, because we have seen that they have suspended the negotiations on adequacy with Mexico following the change of statute of the Mexican Data Protection Authority. So there they thought the change of statute and the lose of the loss of independence of the Mexican INAI was actually sufficient to not proceed with adequacy. So it might be a bit of a double standard here. It is a double standard.
RalphI would definitely agree with that. Because of the economic power of the US, we see a very different thing happening.
PaulYeah. So I don't think it's likely that they will suspend or repeal the DPF immediately. However, next year, in 2027, the regular joint review of the data privacy framework is up.
KYeah.
PaulAnd there it's unavoidable that they will need to address these issues as well. The lack of quorum at the PCLOB, the lack of independence now at the Federal Trade Commission. So these two topics will need to come up and will need to be addressed at the joint review. There are data protection authorities participating in that as well. So even if the Commission doesn't bring it up, I do expect that the data protection authorities will. And if it is not included anything, any conclusion or even any discussion of these points in the joint review, there will also be outcry from the European Parliament.
RalphYeah, I agree. Looking close to home here in the UK, actually, one of the things I was concerned about with the Data Use and Access Act and the ICO here stopping being a single individual and becoming a Commission as such, perhaps under new leadership, I was concerned that the new legislative focus and their new mission would bring them more under the auspices of the government and therefore not be an independent authority in the way that the European ones are, for example. So I think there are some interesting parallels here for me closer at home to keep an eye on this. Because could the ICO be considered an independent authority if it's if it's subject to government legislation that then changes its mission to say do things like promote innovation and promote competition rather than protect fundamental rights?
KYeah.
PaulI think yeah, I think that remains to be seen. And then the the third thing that could happen at the European level is court challenges. We know that there is an ongoing challenge before the Court of Justice of the European Union in the Latom case, which in first instance, of course, was lost by the complainant, because the court considered he did have insufficient standing for this court for this case to be heard. That is a potential outcome, of course, of the appeal as well. There are other cases making their way through the motions, but that will take a long time before anything will end up before the Court of Justice of the European Union. A ruling may even only be had by the time this president leaves office again.
RalphYeah, I would agree. The courts are powerful, Shrem's one, Shrem's two, and yeah, I was almost surprised Latom actually did not, or went the way it did, because of the lack of standing of Philippe Latom. Interesting, there's a little bit of addition there in that this week we've also had Microsoft throw in. Microsoft released a statement a couple of days ago. John Palmer, their chief legal officer, and Carrie Benn, their chief privacy officer, have put out a statement saying Microsoft are committed to customers' right to privacy, blah, blah, blah, blah. However, we want to defend the EU-US privacy framework and have formally intervened before the case of the Court of Justice of the European Union. Because even though they want to protect privacy, which is what the statement says, they also want to be able to do business on both sides of the Atlantic.
KThat's one of the big drivers for it, right?
RalphYeah. So Microsoft say there's a critical bridge promoting stability, beneficial transatlantic ties, economic growth, prosperity, and they want to uphold strong safeguards where they think Latom would dismantle it. So they have filed as an intervener to file legal briefs in support because they want to uphold the framework, because they want to do business. So it's interesting that Latom may not have standing, but Microsoft does.
PaulI don't know what to say here. It's j it's wait and see for the appeal to see where it goes. It's not all bad news these weeks when it comes to the data privacy framework. Because we also have the positive of FISA 702 expiring on the 12th of June. And there is no agreement in Congress, not in the House, not in the Senate, for any further extension of the Foreign Intelligence Surveillance Act, all the programs that Edward Snowden revealed back in 2013. So the statutory the statute has lapsed because this is one of those laws that has a horizon provision, meaning that it auto-expires unless it is actively renewed by an Act of Parliament. That has not happened because Senate and House just couldn't agree on what the reauthorization should look like. The administration wanted a clean reauthorization without any additional reforms, a bipartisan coalition pushed for stricter safeguards, and in the end, nothing was adopted. And that means in practice that FISA is set to expire. The legislation has already elapsed, but the Foreign Intelligence Surveillance Court created under Section 702 in March had already renewed most of the court orders that would allow for certain programs to run. And that means that those will expire in March of 2027. If no new FISA law or FISA renewal is adopted by US Congress by then, that also means that all the activities under the Foreign Intelligence Surveillance Court's auspices should come to an end. I say should, because we never know what's going to happen. But that is at least the intention of the legislation, that as soon as the law expires and also the court approvals expire, that the surveillance should come to an end.
RalphWhat are your thoughts on this case? This is your backyard. Do you think there'll be some sort of last minute pulling it out of the fire, or do you just think that people just won't be able to agree?
KI don't think people will be able to agree, but that doesn't discount that something might happen at the last second to push it through because they can disagree and push it through at the same time and decide to argue about it later.
RalphLet's just do it and argue about it later.
KExactly, right? Just put it in place, we'll argue about it later. We see that happen a lot, unfortunately. So yeah. I don't know, y'all. I'm a little discouraged by the US at this point. I'm sorry. I really am. I know another good thing happened with us talking about the Supreme Court cases this week. So the one on I don't know how to pronounce it, Chatry, that the law enforcement geofencing is considered a violation of privacy. So So even when it's held with a third party, in this case Google, and to let you know what this means is a reversal. We can't ask to get a warrant to ask for something on this particular person. But what we can do is we can ask Google for every person that was within these three towers at this time. Can you give me a list of everyone that was there? It's the same thing as bank robberies, and these are our cameras on the street, and these are all the cars that were parked around the bank for the past 48 hours, track them down, right? So is that what this is going to go into? Is you can't do that either. Right? Is being geo-fenced by your phone location drastically different than being geo-fenced by your car location?
RalphYeah. We there were conversations in America around geofencing around reproductive health facilities as well, right?
KYep. And there had to be laws put in place to say, yeah, no, can't do that. Because that was the same thing they were doing. Because we have the third party doctrine where you don't have to have a warrant to go to information held by a third party, because if you gave your information away to a third party, you have no expectation of privacy in it. Which is a little flawed when you consider our technological world, but you can't really have a choice about whether or not to give your data away by using a mobile phone if it's considered pretty much default to always have a mobile phone. You're forced to give away your data, right? In order to participate in the consumerism, you could always choose not to. But it's the same thing. If you want internet, you choose to give away your data. So I'm not really sure the third party doctrine is completely defensible on that, on those grounds, but that's where it comes from, right? And I don't know, do y'all have things like the third party doctrine overseas?
PaulNo, that's a very American thing.
KSo for there we go. For all of our fans, those that don't understand, in the United States, there's this thing called the third party doctrine. Again, what I just said, if you give your data to a third party, then the law enforcement doesn't have to have a warrant to get it from that third party because you wouldn't have given it away if you wanted to keep it private. That mattered when the third parties weren't like what we have nowadays, that everything is in the cloud, right? Your mobile phones, your internet, your everything. So quite often law enforcement government will go to these third parties, Facebook, social media, Google, Microsoft, all of these. And you can go to their websites and look for their third-party reports. Their request reports. There's usually thousands and thousands of them that come out. They're running it usually at least six months behind because you got to finish the six months and then let there be time. But they'll tell you how many requests they got in. There's a little bit of detail over the kind of information they're looking for and then the number of requests that they granted.
PaulWe get requests like that. We get requests like that from law enforcement authorities, also to platforms like the one that I am working for. Those requests can be made, but there is still an expectation of privacy. So it can only be done under a specific order or under specific legal provisions, then law enforcement or other judicial authorities can request information to be provided by any organization.
KThey may have that data.
PaulIf they have that data, but that doesn't mean that there isn't an expectation of privacy or an expectation of data protection. GDPR still applies. There needs to be an appropriate legal basis in order to be able to order the data to be handed over.
RalphYeah, it's interesting. It's something that's just happened under our Data Use and Access Act, in that so law enforcement, by the way, law enforcement in my country certainly, they can request that you give them the information. And data protection law have got exemptions that allows you to do it. You can you are okay to give the data to law enforcement and use it for that secondary purpose for the detection, prevention, and investigation of crime. However, it doesn't require you to. So if they actually want the data, you can say then you don't want to give it to them. You can actually say come back with a court order. Yeah? Come back with a warrant. So you can actually say come back with a court order, and then we're required to give you the data. So data protection law will allow you to if you want to cooperate with the law enforcement, but won't require you to. And as a reminder for those people in Europe as well, law enforcement actually, the investigation prevention of crime doesn't fall under the GDPR at all. Generally speaking, it falls under the Law Enforcement Directive and is exempt from the GDPR. If if you are a law enforcement authority, of course.
KAnd to be clear, these large American companies don't grant all requests. I'm looking at the Microsoft report, their principles. These reports include separate sections for requests based on law enforcement, national security, and civil authorities, and that they follow the same response principles for responding to all government requests. They review every legal demand to ensure it's valid and applies with the laws. A subpoena or its local equivalent is required to request non-content data, and a warrant or its equivalent is required for content data. Microsoft discloses customer data only when legally compelled to do. They do not provide any government with direct or unfettered access to customer data, and they do not provide any government with encryption keys or the ability to break encryption. So all of them will typically post some sort of principles, what they follow to do it. And so total number of law enforcement requests for the second half of 2025, I don't think this is cumulative, is 27,412.
RalphYeah.
K61.3 were non-content disclosures, 20.6 were rejected, 12.9, there was no data find, and 5.1% content disclosures were made.
RalphThat's quite telling actually.
KOh yeah. The larger ones do that as well. And so d don't get me wrong, third-party doctrine doesn't mean everything is wide open to everything, but companies have had to determine what their requirements are. I was going to go look and see if it was different for things like Facebook and LinkedIn, right?
RalphI've got some couple of other things before we wrap up today, just some quick ones. I saw some news in Australia, they're looking to double the maximum penalty for platforms in breach of the social media ban. That ties into our episode we did a couple of weeks ago with Faye, which I've got some beautiful feedback on, by the way. Lots of people reached out to me and said how lovely it was.
KIt was excellent. It was excellent. She was so well spoken.
RalphSo I do think it'd be great to get one of our Australian friends, someone like Alex or Annalisa Moans, on the podcast. Paul, I think you said you wanted to talk about the Canadian potential changes as well.
PaulYep, there are two new legislative proposals from Canada, so we'll try to get some of our Canadian friends back on to talk us through that.
RalphAnd I had one little interesting story, which actually led to be getting into a little bit of an argument online, because a man must be right on the internet, apparently. But we had a little bit of a story here, and it was the first one I've seen in the UK about the meta Ray-Ban glasses. It was an basically, I'm going to call him an ex-celebrity, a guy called Michael Barrymore, who was a TV presenter in the 90s who fell into disgrace, is that the right word? Because of a deaf in his swimming pool, basically. But he has been very active on TikTok, apparently, filming people in the workplace on his smart glasses. Now it's really interesting because the BBC had had commissioned the story and said he's in breach of data protection law. And John Baines, commentator here, had come and said, no, I don't think he is, because he's using the artistic and journalistic exemption. I don't think the BBC should have said that he was in breach of data protection law. That's up for the regulators and the courts to decide. So I don't think the BBC should have outright said that. But I do think it's interesting exploring the limitations of things like journalism and artistic exemptions for things like filming people in the workplace on smart glasses and posting it on TikTok.
PaulYeah, I'm not sure that that would qualify as journalism, to be honest. It does remind me of a story I read about in the Belgian newspapers earlier this week. There is this TV presenter who prides himself about the number and the type of women that he's slept with. And he's very vocal about that in his broadcasts and in his shows, and I think in podcasts and whatever. And apparently he has now written a summer quiz book, so with quizzes that you can do on the beach when you're on vacation, but all about him talking about an ego. And one of the quizzes is that he has included the initials of 70 women, including the city that they live in, as one of the quizzes. And those women are supposedly women that he slept with.
KOh God.
PaulThis is a book that's gone for sale today, and Belgian privacy experts are actually outraged, like saying this is a violation of data protection law, also a violation of the privacy of these women. This is not something you can do. The editor says, Oh, we had no idea that there could be a privacy aspect to this. But hearing Ralph, they could probably make an argument that this is a journalistic or aesthetistic exception, even though I find it disgusting and disgraceful to do something like that. But that could probably be a defensible line in court. Wow, that's a really interesting conversation. Saddamy, you're silent. Okay, you're never silent.
KNever silent? Does a look of disgust on my face mean anything?
RalphOh, we share that one. Yeah. It's a really interesting legal argument. I personally think you just can't claim anything as arm and journalism, but does the law and my my my argument with John is I said who has the artistic merit? And John quite rightly perhaps set back and said, Does the law say merit? Does the law say the art has got to be good art?
PaulThat's the continuous discussion about the National Endowment of the Arts.
KYeah, in in most locations, the law is the law.
RalphYeah. Yeah, but unfortunately, data protection being principle-based and the fact that everyone's got different degrees of openness. And you are I always say when we do a DPIA, you may think it's necessary, adequate, appropriate, justified, necessary, all of those words. And you might do that assessment, but will the data subject make the same assessment?
PaulAnd to bring it back to where we started, the law is the law unless the court says that the law isn't a law.
KThe law, yeah, and overturns a hundred years of the law being the law. But yeah, if people really cared about the law being the law, they would make it a law.
PaulSo on that note, we'll wrap up another episode of Sirius Privacy. Thank you for listening this week and see you in the next week or hear you in the next week. Bye now.
KBye ya.
PaulGoodbye.
TimNow that was serious privacy. Please subscribe on your favorite podcast app and leave us a review. You can find us on LinkedIn, Instagram, and Blue Sky at Sirius Privacy. Feel free to drop us a question or a comment. We'd love to hear from you.