SPOKES Privacy Conference Fall 2021

Watch sessions on-demand directly from this page.

Day 1 Sessions – Tuesday, December 7

Welcome to Spokes + Keynote

Justin Antonipillai is joined by Bruno Gencarelli, head of the International data flows and protection unit for the European Commission to discuss cross border data flows.


Third-Party Risk is Everywhere: Brainstorming Solutions to Supplier Management

Session Sponsored by: BBB National Programs

Privacy vendor management is evolving. With the proliferation of SaaS solutions and global data flows, proper vendor management now requires a nimble, risk-based, multi-layered approach that incorporates independent indicators of quality and trust. Based on their experience working with a diverse group of companies, this panel will discuss the real-world challenges and solutions for achieving supplier management at scale.


Privacy in the Metaverse: What You Need to Know Today

Facebook’s decision to rebrand as Meta should serve as a wake-up call for privacy officers: the metaverse isn’t coming, it’s already here. As technology teams invest in immersive digital experiences such as VR / AR, privacy officers need to consider the implications of these new technologies and develop frameworks that can adapt. Learn from leading VCs and  privacy experts about the metaverse and the privacy challenges that these technologies are already posing to companies today.


Privacy Operations in Practice

Learn from privacy operations leaders the strategies and tactics you need to know to operationalize your program.


Vaccine Requirements, Biometrics, and the Challenge of Managing Employee Healthcare Data

Vaccination requirements present a novel and urgent challenge for privacy officers today. However, the current crisis might be a harbinger for a not-too-distant future in which CPOs are forced to reckon with the widespread use of employee health data, from vaccination records to biometrics, in their organization.

Learn from seasoned healthcare privacy officers about how to say yes — and when to say no — to the use of employee health information in your organization.


Digital Advertising and the Global Privacy Patchwork

Hear privacy law experts from the U.S., Europe and Australia discuss the different policy choices being made in each jurisdiction concerning their privacy laws and the impact on the digital advertising industry.


Explaining AI: How To Implement “Explainability” in Emerging Global AI/ML Regulations

This panel will focus on the emerging principle of “explainability” in regulations that deal with AI and automated decision-making technologies. Panelists will discuss how to implement “explainability” in practice, as it is a common transparency requirement under both AI self-regulatory frameworks and prescriptive proposals like the EU AI Act, and a particularly challenging task for many privacy and compliance personnel. This panel will, for privacy professionals in the space, explore best practices for determining content to be included in AI disclosures, where such AI-specific disclosures should be made, and strategies for how to describe complex technologies in accordance with transparency and intelligibility requirements.


Day 2 Sessions – Wednesday, December 8

What Behavioral Economics Can Teach Privacy Officers

Any CPO knows that the hardest part about privacy isn’t the law – it’s the people. Developers, marketers and even executives ignore privacy considerations until an emergency strikes: a deal is lost, a fine is levied or a PR crisis emerges. For decades, the field of behavioral economics has studied why people ignore risk — and what organizations can do to get people to take the small steps necessary to avoid threats in the future.

We talk with Michael Hallsworth, PhD, Managing Director (Americas) for BIT, one of the leading applied behavioral insights firms, about using behavioral economics to influence culture and change behavior (and yes, even create better assessments along the way.)


Practical Steps to Implementing Privacy Engineering

Privacy is becoming integral in the design of products and systems. Learn methodologies, tools and techniques to ensure that your company integrates privacy into its design process.


Redefining the Marketer’s Relationship with Data in the Privacy Age

Marketers have spent the past two decades building digital marketing engines fueled by broad and relatively unrestricted collection and processing of personal data. However, privacy regulation, motivated by broader consumer concerns, has forced marketing organizations to rethink their relationship with data and re-approach the way they measure, track and target consumers.

We talk about the broader cultural shift in marketing and what leading marketers are doing today to rebuild their data-driven marketing organizations in the age of privacy.


Scaling Data Rights

Laws like CCPA create a new class of data rights, but they’re hard for consumers to use. In summer 2021, the Digital Lab at Consumer Reports began work on a “Data Rights Protocol” (DRP) that seeks to standardize the technical interchange of data rights requests.

Data Rights Protocol (DRP) is a draft specification that encodes a set of standardized request/response data flows for exercising Personal Data Rights provided under laws like the California Consumer Privacy Act. This protocol allows for the exchange of data rights requests between consumers, authorized agents, privacy compliance tech companies, and covered businesses and makes the evocation of these rights more consistent and efficient.


Privacy Assurance: Establishing a Second Line of Defense to Sustain Compliance

Session Sponsored by: Grant Thorton

With the increase in privacy regulations worldwide, organizations are looking to formalize privacy as a function. Privacy compliance cannot be sustained as simply a paper exercise; it requires multi-stakeholder support through both informed guidance and business-led execution. Designing a privacy assurance program will allow organizations to create a second line of defense for privacy, with the business operating against controls put into place to sustain compliance.

Our experience in the privacy industry has taught us that building a proactive privacy assurance program is a strategic and achievable approach to sustaining privacy compliance.


Knowledge Creation and Data Protection: How an Enterprise Data Strategy Enables Both

The process of “knowledge creation” has been called “thinking with data,” and the process of “knowledge application” has been called “acting with data.” Understanding the difference between knowledge creation and knowledge discovery and the purposes for which they are being undertaken is critical to understanding how they should be governed as part of an enterprise data strategy. Learn about how ensuring the responsible and ethical development of new data-driven products and services is part of that strategy, along with the evolving global regulatory environment causes friction.


Closing Remarks and Predictions for 2022

Justin Antonipillai, CEO and Founder of WireWheel, delivers final thoughts and shares privacy predictions for 2022 with a panel of privacy experts and surprise guests.