053 Vaccine Passports, Facial Recognition and Data Brokers with Rob Shavell and Punit Bhatia – Th…
Hello and welcome to the fit for privacy podcast with Punit Batia. This is the podcast for those who care about their privacy. Here your host Punit Batia has conversations with industry leaders about their perspectives, ideas and opinions relating to privacy, data protection and related matters. Be aware that the views and opinions expressed in this podcast are not legal advice. Let us get started. We all have concerns with facial recognition, vaccine passports and even data brokers. But what should we do? Should we ban all these things? Certainly not. But how do we balance privacy and all these aspects, all these technologies? This and more in conversation with Rob Shavevel who’s the CEO of Albine or Delete Me Company. So here we are with Rob Shavevel. Rob, welcome to the show. Thanks for having me. So Rob, let’s start with a question that is how did you get into privacy because you have an interesting story and you started quite early. So help us understand when you started and how you got into privacy. Yeah, Avine was I think one of the very first uh companies in the technology world uh dedicated 100% to um privacy. That’s not really true because back in decades ago in 2000 during the first internet boom there were a bunch of privacy companies that were trying to do uh interesting things and largely th those failed. Uh and my background is as an investor and an entrepreneur and with my investor hat on uh the privacy market was both interesting because uh not a lot of people were doing it and scary because the entrepreneurs that had tried to do privacy in the past had largely failed and shut down their businesses. And we talked to a lot of them myself and my co-founders when we started the company and our belief was and we started uh the company in 2010 so over a decade ago now. And our belief was all the data this was around the time that Facebook was opening up to everyone. It hadn’t even gone public. Everybody was excited about sharing all their data with everybody else. And we thought, you know, sharing has benefits, but all of this data that’s being tracked about us and that we’re sharing uh uh with our with our consent is going to kind of um get out of control quickly and people will need a way to draw some boundaries around um what they’re sharing and what they’re not sharing. And so we created a bunch of tools to help people do that and to control their data on the web. And it’s been a long journey, but um we we really uh feel like the um the the general um psychology of people out there today has changed since we started the company. And people are recognizing that the data sharing and the data uh tracking on the internet is a really big problem. That’s interesting. Data tracking is a big problem. We’ll come to that. But let’s me ask you a simple question. When you think of GDPR or for that matter maybe CCPA, what’s the one word that comes to your mind? Um, enforcement. Enforcement. That’s an interesting word. And what’s your rational behind it? Thought behind it. Well, it’s hard to it’s hard to come up with one word. And I I chose that because I think there’s largely been a lack of it uh both in the EU and uh in the US under the CCPA. And I think the data I think the DPA is the data privacy uh administrative officers and the people chartered with going after companies that are non-compliant have a tough job. Uh they’re underresourced. Um oftent times uh they can’t show clear harm. Uh and so I think enforcement is lacking and continues to be a problem because a law with no enforcement is not an effective law. That’s true. And when we talk about enforcement, we are in the world of pandemic and we are having these vaccine passports or vaccines and in the name of corona. A lot of data is being you know uh captured and then there are some privacy concerns and then there are concerns is privacy and data protection still being enforced? Are these laws still being enforced? And there are even demonstrations in some countries when people are being asked to provide that passport, provide that identity that they are you know uh vaccinated. Now on one hand it’s a good thing to ask people to be vaccinated because it’s humanitarian as it allows people other people to be safeguarded but on the other hand it’s a breach of freedom or uh putting restrictions on people and asking them unnecessary identity proof at each and every step like going for a restaurant and so on. So what’s your view in context of this vaccine passport? What are the privacy concerns you see or don’t see? Well, I mean, there’s a lot of issues um in in in what we’re talking about with uh with vaccine passports. Um and we could spend, you know, quite a bit of time unpacking them. I would I would simply say the following. Um I believe, and this is, you know, sort of my personal belief, that is every business’s right and every country’s right, every organization’s right to create their own rules about uh vaccination. um that that that seems to be to me to be self-evident. Uh if if I own a um a restaurant and I want people to wear masks or or and or be vaccinated and show proof of it, it’s my restaurant. You don’t have to go there. Um you know, go eat somewhere else. Um so I have no problem with that. I think the the issue becomes when they uh ask for and track the data about your visit, your vaccine status in a database that um we all know is probably less secure than uh you know the the top uh standards that are out there in the technology world. And uh I think that is very concerning because all of a sudden because of the pandemic we’re creating potentially tens of thousands of new databases that combine our personal information with health information and these are being managed stored by let’s just say less than professional security teams developers and so on and so I think there’s a big concern about the proliferation of uh health data vaccine passport data tied to our identities in all kinds of places where it would never have been if we weren’t in a pandemic. And and that’s why I think um a low tech approach is better. Hey, show me a a a a vaccine um card that’s hard to counterfeit. Show me your ID, but I don’t need to track that anywhere. I need to I don’t need to put it in a digital database in my restaurant or in my sports arena. Stop the database. We don’t need it. You know, like you can check people at the door and that d and and check them again if they return. We don’t need to build a million databases just to make uh us safe during the pandemic. That’s interesting. That’s quite a balanced perspective. So what you’re saying is it’s okay to ask people the identity validate their safe or covid passport passport protected but do not store that data do not track their data just use it for authentication. So that’s a very balanced perspective and then if that is not a threat or that is certainly a threat if you track and store it in database what is the biggest threat that you see in America’s context or American context because is there a large privacy threat you see because some people say we need to have a law like GDPR and some say no we will go statewise or we don’t even need a CCPA so how do you see the American landscape and what privacy threats do you Oh, well, I think we need we need some kind of baseline legislation nationally that gives consumers more rights because I mean we see it every day. uh the these companies operated by uh American um founders and CEOs uh are abusing uh people’s data in ways that you know I I think almost all voters almost all citizens would agree is inappropriate without um people’s consent and they’re they’re they’re just disrespectful to flout um their their you know the fact that you know back to our previous conversation, they they they don’t care because there’s no enforcement. Um there’s no teeth to uh the laws behind uh privacy rights. So I think um I think of some kind of simple federal privacy law that is designed to give it’s similar to the you know similar in some some ways to the GDPR and the CCPA. They all borrow from the same structural principles. um it would be good to have in the United States u because consumers need more rights over their data and I think that is becoming evident across the world not just in the US because following the GDPR we’ve now seen laws passed uh in in Brazil uh obviously in California and even in China for God’s sake who is a country that you know doesn’t care about um personal information and surveillance has passed a law in the last year about what kind of personal information uh companies in China uh can store and track and how it should be secured. Uh probably more from a national um uh defense uh uh perspective than a human humanitarian democ democratic perspective. But nonetheless, there are laws uh being being enacted all over the world that recognize that that um there’s no equilibrium anymore that that that that the data uh tracking and and storage of people’s uh citizens information is out of control. Makes sense. So you are advocating a more nationalwide nationwide approach and a federal approach. So that’s understandable. And another thing we hear a lot in the US is when you talk about the use and the abuse of data is around brokers and some people go to the extent saying the brokers or data brokers specifically are a even bigger threat than anything else we have in the American economy. Do you have a perspective on that? Yeah, I think that’s hyperbole. I mean the data brokers and we deal with the data brokers every minute of every day. uh our customers that sign up for our delete me service at you know it are are basically signing up for us to remove them from you know dozens and dozens and dozens of data brokers and you know our service goes out and searches and detects where their personal information is is uh on these databases at these data brokers and uh it and and it opts people out uh and and we and we uh give you a very clear report that shows Hey, exactly where what personal information what did these data brokers have on you? Did they have your mother’s maiden name? Did they have your date of birth? Did they have your children’s names? Did they have the net worth of your house? Uh these data brokers have uh thousands of data points of information on us because there’s so much data out there. So I think that is a big problem. Uh we’ve seen our delete me service, you know, double every year because people are recognizing it’s a big problem. However, to go and say that the data brokers are the biggest threat, you know, to the American economy, I think is uh is a bridge too far. Makes sense. Makes perfect sense. And another thing when we talk about trends is we talk a lot about facial recognition saying it’s going too far, it’s being invasive and it’s almost a state surveillance that is happening uh through facial uh recognition. How do you see that? Should that tech or should that technology be banned? Should there be some regulation? Should there be some restrictions? Yeah. Well, I’m glad you asked. As as as uh you’ve noted, I try to as an entrepreneur, I try to have a balanced approach to, you know, to many things. I see multiple sides of of a lot of issues. Uh in terms of facial recognition, I kind of come out um um le less balanced. Uh I think it should be banned. Um and I think it should be part that ban should be part of the federal privacy legislation. Um I don’t think you know all data collection and all tracking or anything like that should be banned by the way but I think that uh facial recognition is a special uh is a special case where um there’s just no way to once the cat is out of the bag and all these databases are allowed to you know recognize us wherever we go in whatever context without our consent automatically and as the algorithms and the AI get better and uh I just think uh the very notion of of privacy uh uh basically goes away. So I I think it’s a non-starter. That’s very interesting because you support the trend or that data brokers can have their own business in a legitimate way. You support that for data uh privacy passports in context of vaccine that’s okay to ask but you are suggesting that facial recognition as a technology should not be promoted should not be uh advocated and rather be banned that’s interesting to note and in America one of the things we hear is or we know for a fact is there tend to be a lot of lawsuits and the number of lawsuits especially in context of biometric recognition is increasing. Is that true? And are there any regulations to protect our privacy in case of biometric situations? I mean there there there are a few um state state laws. I think Illinois was the first one to pass a biometric law. I don’t think there’s been much progress on the state uh you know on the state level in terms of specific biometric laws. I think at the very local level, you know, when Google was promoting Google Glass, um and now um uh Facebook’s come out with with glasses too and and and so on. Um uh I think that you’ve seen, you know, back back to the level of vaccine dashboards, I think you’ve seen restaurants and cities ban, you know, ban these kind of uh glasses that can surreptitiously identify you and surveil you and and so on out in public. Uh but I don’t think there’s been much progress on the legislative side. Again, you know, it would be easier for businesses and easier for consumers and easier for government um enforcement authorities to have a simple national law that applied equally um and was balanced enough to allow uh you know um some economic uh uh activity around data brokers and tracking and targeting and and so on. But it really needs to be done with consent. And that’s the problem right now is that a lot of the the data marketplaces that are out there that use our data have no real mechanism for the consumer that that is part of that data set to raise their hand and say, you know what, I don’t want you I don’t want to be part of it. Don’t take me out. Don’t sell it. Don’t use it algorithmically. Uh there isn’t that mechanism. and and I think it’s plain and if you put that to a vote uh across the country uh in the next election I think you’d see more than 80% of people on both sides of the the blue states and the red states raise their hands say you know that’s a good idea. So, I I think there’s overwhelming support for, you know, what seems to be like a self-evident, you know, ethical concept, which is if you’re using my data in ways that I don’t know, I don’t have control over and I don’t understand, I need to be able to say you yes or no to that. So, you’re advocating transparency in there. I’m advocating for consumers to have control. Um, and you know, right now when we when Delete Me goes to a data broker and asks for uh consumers uh PII to be opted out, sometimes they do it and sometimes they acknowledge the request and comply with it and sometimes they don’t. Sometimes they just ignore it. Uh, you know, it’s it it’s it it’s not um, you know, it’s it’s just not the right way to do business. So, help us understand. You mentioned delete me. What does delete me do and how does it help uh individuals protect their privacy? Yeah, it’s very simple. Um, you sign up on our website which is joined me.com. You fill in a bunch of fields which are uh similar to any form you know you’d fill in. You give you give us the information that you want us to to find that might be out there about you. So, different email addresses, past uh past residence addresses, your current address, uh you know, age, uh phone numbers that can be used for, you know, scams and roocalls, all this kind of stuff. And then our um our business process automation uh system goes out and does a sweeping search against all these data brokers uh and on Google and so on and it goes and and and finds and matches all of that uh PII that personally identifiable information to uh to what’s out there what’s exposed uh and what’s being sold by a lot of these data brokers to anyone who will buy uh political uh committees, insurance, businesses, employers for background checks. Who knows who’s buying the data broker data? They certainly won’t tell you. Um but it is for sale. And so we uh we find it and we remove it. And as part of the subscription service, we go back every 3 months in the standard service and we go recheck those data brokers to make sure that that information is off. And if it’s back on there, if they’ve bought it from a new place that you might have mobile app that you might have signed up for that sold it behind your back or something like that, we go and redo the request and keep it off. So it is a service designed for this day and age where you you have to be constantly vigilant and you have to you know go after you know what is now over a hundred different you know major data brokers in the US that are exposing people’s information and selling it and you have to stay on top of it and frankly most people don’t have the time and energy to do that. I mean, they’re not, you know, it’s not, you know, we’re too busy uh to take care of this ourselves. So, Delete Me is designed to kind of do that for you. Uh and and and we do it all year long. And one of my favorite things about the service is, you know, you really don’t have to think once you sign up. You know, we send we email you a PDF report. And unlike identity theft insurance which is constantly sending you alerts which may or may not be false, you know, you know, you never really know whether it’s working. Um, we send you a PDF report every three months and the and the report shows you exactly where your phone number and your your family’s names and other things were uh were exposed uh on which data brokers and then we show you where uh we removed it. So it’s very simple. So basically if I tell you this is my name and this is my email and find me which companies have my email. Of course I can ask my address, my credit card and all those details but whatever data I give to you on a subscription basis you will go out hunt for it come back to me this is exist and I can pick and choose this one delete this one keep because of course to some companies I want to keep the data like for example my bank. Yeah. So, we wouldn’t go look at your bank because we’d assume you want your bank and and other places where you’ve created accounts uh to have your data. uh we we focus on a list of uh say a 100 plus data brokers and okay um we will automatically we don’t even ask we’ll automatically just remove that information because we don’t see any value in those uh uh marketing and you know companies having uh your data without your consent. uh in other cases where your data uh is listed on Google um for example if you’re an alumni of a of a school or something like that we will not and if you if you want it removed you can submit a custom request to us and then we will investigate so that’s how okay that’s interesting so it’s very systematic but it’s quite scary in that case that there are data brokers existing who are having access to our data data and are selling it and now we need to go pay a subscription fee to get our data removed because it’s creating a threat. Yeah, it’s crazy, right? Um we if if there was re, you know, real privacy in this country, delete me as a service wouldn’t exist because you wouldn’t need to use it. Um, and you know, I think we’re we’re also cognizant that um it’s not really in many cases fair quote unquote to have to pay for this. Um, doesn’t seem fair. Doesn’t seem fair to me. Uh, and so in in those instances, uh, you know, we have two, you know, where where where it’s a real burden for for people, but they care, you know, very much about it. There’s two sort of things that that that we do. One is on our website, right on the main menu, not hard to find, uh, join.com, there’s a DIY guide, do-it-yourself guide, and we actually publish and update every one of over 100 different data brokers processes to opt your information out. And you can, and it’s step by step, it’s clear. It gives you all the shortcuts. Uh, and so you can go do this yourself. uh we we’re not hiding uh you know any anything here and and we would we encourage people uh if they have if they’re curious about it or if they have the time on their hands to do it um to do it yourself. You don’t have to pay us. It’s all free. All the information is there. Um and then in in certain instances also we’ll we’ll um we’ll accept proono requests. So if somebody has a very stressful situation, we deal with all kinds of situations. There are all kinds of reasons people don’t want their data exposed on Google and exposed in these and for sale in these data brokers. They range from very scary situations uh harassment uh and and so on to um to to a life change, a divorce or uh a a child uh you know going to to college and wanting to clean up you know stuff that came out of social media. And there’s and employees at organizations who are in a controversial uh kind of employment context or in the public, you know, even, you know, there was a something that came in the other day. you know, airline uh stewards and stewardesses are sometimes, you know, people find their, you know, get angry at them because pandemic flying is now a a controversial thing and there’s all kinds of issues with people and masks and people are finding flight attendants, you know, names and and and and info on these data bookers then, you know, sending them harassing uh emails and stuff. So, you know, there’s just a million different um um situations that we see where people are taking advantage of the fact that your personal information is exposed on Google, easy to find, and you can buy the whole profile for as little as 99 cents. That’s interesting. So, you can do it yourself or you can get a subscription to do it for you. That’s interesting. And uh now, let’s get to a quick segment wherein it’s some trick questions. There’s no right and wrong answer. Both answers are right, but uh trying to have some fun. So, if you have $5,000 and you’re you are the CEO and you need to invest either in privacy or in security, where would you invest those 5,000? Huh? I’d invest it in crypto. [Laughter] Okay, that’s interesting. as as as an investor. And there’s there’s actually plenty of security interesting security companies in crypto uh whose primary goal is either to ensure against uh hackers and loss or to um look at the smart contracts uh they’re called smart contracts. is the code that enforces um the blockchain um uh uh contracts that that make sure that everything is fair and equal when there’s uh assets being moved from one place to another on a on a blockchain. So I think those those companies are, you know, more new, they’re higher risk, but I’m as an investor, you know, I’m a risk I’m a risky I’m an entrepreneur and I’m a risky investor. So I like uh things with a lot of upside. That’s interesting. I saw a lot of balanced perspective and now it’s a risk-taking appetite as well. So that’s an interesting combination for an entrepreneur to have. Now, if uh you were to choose between time and wisdom, one of the two, what would you choose? And I know that’s a little bit away from our standard topic, privacy or security. I mean, aren’t they the same? Hopefully, they’re the same. Not for everybody. Um, I would say I would uh I would choose wisdom. I’m always trying to get smarter and I’m always realizing how uh much more I have to learn even uh as as a very very middle-aged entrepreneur at this point. That’s interesting. Yeah, that’s as I said, there’s no right or wrong answer. It’s just a perspective. So now it was good to have you and if somebody wants to contact you, somebody says, “I want to talk to Rob. What is the best possible way they can reach out to you?” Sure. Um, you know, available by email, robine.com. Um, happy to take questions. And by the way, you know, our our uh team handles all kinds of privacy questions. uh you know we have a great uh team of of of privacy uh advisors and support and uh we have 10 you know over 10 years of experience doing this. So there’s it’s unlikely that there’s a question that we haven’t already answered. So feel free to get in touch with with me with our team um uh very very happy to to help out where we can. Sure. So it was a pleasure to have you. Thank you so much, Rob, for your time and your wisdom. Thanks for having me. Thanks, Rob. Fit for Privacy helps you to create a culture of privacy and manage risks by creating, defining, and implementing a privacy strategy that includes delivering scenario-based training for your staff. We also help those who are looking to get certified in CIPPE, CIPM and CIP through ondemand courses that help you prepare and practice for certification exam. Want to know more? Visit www.fitforprivacy.com. That’s www.fitthe4privacy.com. Thanks for listening. If you liked the show, feel free to share it with a friend and write a review. If you have already done so, thank you so much. And if you did not like the show, don’t bother and forget about it. Take care and stay safe. Until next time, goodbye. If you have questions or suggestions, feel free to drop an email at [email protected]. That’s hello at fit t the number four privacy.com.
In this episode of the FIT4PRIVACY Podcast, Punit is joined by Rob Shavell for a conversation about privacy threats and solutions of different current implementations of each country that impact the people’s privacy that are being abused. What legislation should be on where and what way it could protect people’s data.
KEY CONVERSATION POINTS
• GDPR IN ONE WORD “ENFORCEMENT”
• Vaccine Passport Privacy
• Data Brokers As The Largest Privacy Threat
• Facial Recognition Tech Should Be Banned
• Biometric Lawsuits increasing
ABOUT THE GUEST
Rob Shavell is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).
ABOUT THE HOST
Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals.
Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How To Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.
As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.
RESOURCES
Websites: www.fit4privacy.com (http://www.fit4privacy.com/) , www.punitbhatia.com (http://www.punitbhatia.com/)
Take advantage of our Free GDPR training: https://www.fit4privacy.com/course/free
CONNECT
Instagram https://www.instagram.com/punit.world/
Facebook https://www.facebook.com/PunitBhatiaSpeaker/
LinkedIn https://www.linkedin.com/showcase/fit4privacy-podcast
Podcast http://hyperurl.co/fit4privacy
YouTube http://youtube.com/fit4privacy
Email hello@fit4privacy.com (mailto:hello@fit4privacy.com)