Marco talks with Kate Barecchia, Vice President, Deputy General Counsel, and Global Data Privacy Officer at Imperva about the evolving landscape of technology and its impact on our daily lives, both in terms of cybersecurity and data privacy.
Guest: Kate Barecchia, Vice President Deputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/
____________________________
Hosts:
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
Welcome to the Redefining Society podcast's post-event coverage of CES 2024. In this episode, host Marco Ciappelli reflects on the exciting conversations and insights from the world's largest consumer technology event, even though he couldn't attend in person. Fortunately, he had the opportunity to speak with several attendees who shared their experiences of exploring the latest technological advancements at the event.
One of the notable conversations Marco had was with Kate Barecchia, Vice President, Deputy General Counsel, and Global Data Privacy Officer at Imperva. They discussed the evolving landscape of technology and its impact on our daily lives, both in terms of cybersecurity and data privacy.
Kate highlighted the importance of safeguarding our privacy, not just in corporate environments but also as homeowners and individuals using wearable technology. They delved into the challenges and concerns surrounding data privacy regulations, such as the differences between the European Union's GDPR and regulations in other parts of the world, like the United States. They also examined the potential for privacy laws to be driven by market forces and discussed the need for individuals to be more aware of the privacy implications of smart home technology and wearables.
The conversation then shifted to the CES event itself, where Kate presented on the topic of safeguarding one's sanctuary, focusing on hidden privacy risks in our homes. They explored the trade-offs between privacy and convenience, such as the use of home security systems and the sharing of personal data with law enforcement and other third parties. They also touched on the idea of consumers being compensated for their data and the need for clearer default settings and opt-in practices.
The discussion concluded with an exploration of the future of technology, including the potential impact of robotics and AI assistants in our daily lives. Trust emerged as a key factor in embracing new technologies, with the importance of choosing brands and companies aligned with personal values.
Overall, this post-event coverage provides a comprehensive overview of the key insights shared during CES 2024, shedding light on the evolving role of technology and the importance of data privacy in our rapidly changing world.
ENJOY it, share, and subscribe to Redefining Society Podcast.
____________________________
Catch all of our CES 2024 event coverage: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverage
Watch this and other videos on ITSPmagazine's YouTube Channel
CES 2024 Las Vegas playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcuvjsP6zvFyZkL7z2D8WZ
Redefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9
ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
____________________________
Resources
Safeguarding Your Sanctuary: Expectations for Data Privacy in the Smart Home Era: https://www.ces.tech/sessions-events/sho/sho03.aspx
Learn more about CES 2024: https://www.ces.tech/
____________________________
For more CES 2024 Event Coverage visit: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverage
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
CES 2024 Coverage | Safeguarding Your Sanctuary: Expectations for Data Privacy in the Smart Home Era: A Post-Event Coverage of CES 2024 with Kate Barecchia
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Marco Ciappelli: Hello everybody, this is Marco Ciappelli. Welcome back for one of the latest, conversation regarding CES and the coverage that we've done there. Unfortunately, as you know by now, I didn't attend the event in Las Vegas and I was really bummed about it. Because I heard it was really, really good. But I'm lucky [00:01:00] enough to get to talk to some people that were actually there.
They got to walk around to experience all the new technology. And like I said lately, that's where we see the future. It's not just the gadgets anymore. We're actually looking at what the future of the society will look like. And it seems like there is a lot going on. Especially. Artificial intelligence, everything apparently is driven by that.
And this is a conversation that we had in the past as well. And, um, I'm gonna pick, uh, someone's brain again on this, uh, conversation. Kate Barrechia from Imperva. She was there with a panel. And also she take an opportunity to go around and enjoy. So, vicariously, I'm going to get to go to Las Vegas, too.
Uh, enough chatting about me again, this is a post event for CES. And, Kate, welcome to the show.
Kate Barecchia: Thank you so much for having me. I'm really glad to be here.
Marco Ciappelli: We got a chance [00:02:00] to talk in the past, and I think it was a little bit more cyber security oriented. Although, of course, that's where you talk.
Uh, about the most, but this time we're going to maybe apply a little bit more to our daily life, uh, daily life, not just as a company, as a corporate environment, but also as, homeowners and people that, I don't know, wear wearables and, uh, no matter what we're dealing with privacy issues. So in order to introduce who you are to the show, I'll give you a couple of minutes to, to do that.
And, uh, what kind of panel you had there as well, if you don't mind.
Kate Barecchia: Yeah, thank you. Um, so I am Kate Barakia. I am Vice President, Deputy General Counsel, and Global Data Privacy Officer here at Imperva. And I, I have the great pleasure in my role of expanding privacy rights and putting privacy into action every day.
And at CES, I was honored to be invited to speak about safeguarding your [00:03:00] sanctuary. So on the panel, we discussed some hidden tips and tricks about things in 2024 and beyond that may be happening in your home that might not be front of mind for the average consumer.
Marco Ciappelli: And that's a really good point. We certainly often get attracted by the benefit of having something.
And the excitement of something new that's often often happen with technology and we don't really get many alerts or I don't know ingredient list and what is and what is not in our camera and our lighting in our everything that we put in the house to open our garage and so forth. So I know I had many conversation in the past, but I feel, you know, even a year in this world of technology, it's Uh, it's a long time.
So where are we standing now with that? The consumer is in the position [00:04:00] to expect some more privacy and and control over their identity for what they do online or in the IOT, um, system that they have in their house or is still up to them?
Kate Barecchia: So I, I think in 2024, that still very much depends on where you live and what laws apply to both you and the provider of the services you're receiving.
So for example, if you are a resident of the European Union, regardless of your citizenship status, if you reside in the European Union, you're protected by GDPR. In 2024, GDPR. The Global Data Privacy Regulation, which went into effect in 2018, is still widely considered to be the high watermark for data privacy.
And under GDPR, the default rule is that your data is your data and can't be monetized. If you're outside Europe, the rules [00:05:00] aren't quite the same.
Marco Ciappelli: You're on your own?
Kate Barecchia: In large part, you are, yeah. Not universally, but it's a good, it's a good rule of thumb.
Marco Ciappelli: I know that California has done something about it and individually other states, but I, to be honest, I would have thought that, uh, since GDPR started, there would have been a little bit more trickle down somewhere else.
And any idea why it's really not happening?
Kate Barecchia: It's interesting because philosophically privacy laws can sometimes be looked at as a tool of trade war or trade tactic. And it's unclear to me why the economic costs associated with privacy differentials and privacy laws isn't as apparent to some as it is to others.
Are, maybe there are hidden market forces that I simply don't appreciate. Maybe it's [00:06:00] inherent objection to government regulation in the United States. It, it is very unclear to me. Because you can very much look at compliance with GDPR or any other privacy regulation as a tax. Like the cost of doing business in a jurisdiction,
Marco Ciappelli: and you almost have to have different kind of marketing technique and maybe even branding for a company where maybe in the US, you don't have to push on the privacy as much as you have to do in Europe, even just to sell your product to the consumer.
So it's, I think that's very accurate. Yeah, it sounds, it sounds like that. Let's get a little bit more on the specific maybe of The panel that you had, what, what point in particular did you cover? Some Areas that were more interesting for you for the conversation
Kate Barecchia: yeah, so I, I think one of the areas where our panel had the greatest, um, schism [00:07:00] might be too strong of a word, but differences in opinion related to the use of home security systems.
Um, one of my co panelists represent them. Thank you. Represented a home security company and he raised some very valid points, one of which was that, you know, you try, you trade a little bit of privacy for both convenience and actionable security. So if a company knows when you normally open your door or close your door or can tell you that all your windows are closed, they know more about you.
They know when you normally go to bed, they can build a profile on that because you're turning your lights out and they're tracking that. In exchange for that, if something's anomalous, you might be able to get a faster response from the security company if all the lights are thrown on suddenly at 1 a.
m. or a door becomes ajar outside of its habitual pattern. [00:08:00] But there is a trade.
Marco Ciappelli: There is always a trade. So one thing that I often end up having conversation about is that we give away. A lot of our personal information, uh, even if it's most of the time not disclosed, it's obfuscated, stealthy, sure, , but always still able to re aggregate in a way or in another, if somebody really wants to do that.
And we don't get to choose or to be compensated by that. So some people suggest. A trading. Okay, one can be more security and safety, as you just mentioned. The other one, well, you want to use my information. Do I get a discount? Do I get paid for my data? Uh, did you guys touch on that?
Kate Barecchia: We did, um, in particular Um, some vendors are offering opt in services where if you'll let them model your [00:09:00] data, they'll give you a discount and they use those models ostensibly to improve their products and services for other users, also to manage staffing on their side.
So, for example, let's say you might be a homeowner in Las Vegas CES was and let's say It the security company is able to model your data and the data of 100 other homeowners and across neighborhoods, across sections of the city and the home security company starts noticing a trend line. Gosh, at 435 PM, we're seeing a statistically higher number of alarms.
Right? The company can then take action to make sure they have more staff on call to answer those alarms. They might be speaking with the police to say, Hey, we're noticing a trend line here. Do you guys want to adjust your patrolling? Things like that. Right? And that, that can be done for a discount or not for a discount.
You [00:10:00] know, different companies take different approaches. In Europe that's actually not considered free consent, unless they offer you a pay for model that's just equal without taking your data.
Marco Ciappelli: Interesting. Interesting. So, do you think that We will reach a point where all the user will be kind of treated as equal in term of the value that we give to our privacy or there is always some kind of default difference between the cultures that maybe we have in Europe
versus the US?
Kate Barecchia: I think there will always be a default difference.
Marco Ciappelli: Is that driven by the market?
Kate Barecchia: Partly driven by the market and partly driven by history. Where you see the most strict privacy laws are countries in which the gravest of privacy violations occurred in the past. And so we're fortunate here in the [00:11:00] United States that we have not had wide scale privacy invasions of the nature we've seen in other jurisdictions.
And that largely drives That, that lack of local history informs current, many of America's current values on privacy because there's no visible harm in most cases.
Marco Ciappelli: Right. Let's go into maybe something that you discussed on the panel and based on your experience, what are the biggest privacy concern that A user of home smart home technology should be concerned about nowadays.
Kate Barecchia: I might break that into two if it's okay, because I think there's a pretty big privacy concern. And then separately, there are some pretty big lurking security concerns. So on privacy, I think it's often hard for a [00:12:00] consumer to truly understand the default settings. So, for example, if you have a camera doorbell and you don't change some of the settings, some manufacturers by default, some providers of these cameras, automatically share your camera footage with law enforcement and other third parties.
You have to opt out instead of opting in. So, that's a great example of where people might not always be aware of where their data is going, because you might think, gosh, unless I opted into something, it's probably just staying with me. And on the security front, many devices include Wi Fi passwords and other cryptographic elements or other keys needed to interact with your home router and Wi Fi components and the other devices in your home.
It, let's say you have a smart light bulb that goes on and off. You know, it's just a light bulb, right? The LED goes out after a while. [00:13:00] You throw it out. Well, a lot of that data is still left in the light bulb. The light bulb goes into the trash. You sort of, you know, would you throw out your house key? No, but you've sort of thrown out a key.
Marco Ciappelli: It's interesting. And I, and I think right now, a lot of people that especially follow the Redefining Society podcast instead of the cybersecurity one with, or they may be a little bit more aware of this. They're probably like, wait a minute. What did you just say?
My data is in my trash, but somebody can just pick it up.
Like if it was a letter with all my social security, IRS and all that kind of stuff.
Kate Barecchia: That's right.
Marco Ciappelli: Yeah.
Kate Barecchia: I had to take a deep breath, you know, because that's, that's a hard one, right? Because am I sitting here smashing with a hammer every microchip that's ever been in my house? Can I really trust the electronics recycling provider that I've called?[00:14:00]
You know, you never know.
Marco Ciappelli: And that's the thing of trust. Like, how do you choose? And I think we can, we can pivot into the regulatory system here. You know, if we leave it to the market. I feel like it's often going to be an you're opt in by default, not opt out. And then it's up to you to change the setting.
That goes with the smart TV, you made already the example of the camera. And I feel like it's everything. I mean, even a smart phone, if you start looking at the setting, you realize that, Oh, I had that on for, I don't know, a few months and I didn't know. And so do we have some opportunity on your opinion from a regulatory perspective to improve this kind of again, following what the GDPR is doing and the European community or what can we do at a federal level here?[00:15:00]
Kate Barecchia: Yeah, I think there's great opportunity, whether we'll have the political will. Um, and whether the populace has interest in driving transformation at the federal level, I think is, is an open question, right? Because I think if you ask, you know, your audience here is interested in privacy, presumably, right?
They've self selected into this conversation, but I'm not so sure that the majority of Americans. Are interested in privacy, and that's understandable. It's often considered a complicated topic of low risk, right? And so I think something will have to change in the political environment for there to be transformation at the.
Marco Ciappelli: So when something is implemented, like in California, for example, we mentioned it before, you don't [00:16:00] think the public opinion is going to react somehow and say, hey, if they did it there, maybe there is a reason why not, why not looking a little bit more into this and still create that public opinion pressure to legislator, maybe in other states to do the same thing.
Kate Barecchia: Yeah, so. We are seeing, so from memory, California came into effect roughly 2020. That's my recollection, and maybe some things were phased in over 2021. It's been a minute since I've looked at the timing. But so let's say, ballpark three to four years, California has been in effect. If we look since then, roughly somewhere, I'd ballpark it at 10 to 15 states offhand have entered their own privacy laws.
They're all very different. from California. Some of them have aspects that are more closely tailored to GDPR, but most of them are [00:17:00] picking what I would call the lower hanging fruit and not addressing the thornier issues of where businesses tend to monetize data on the consumer data aggregation front and elsewhere.
Marco Ciappelli: Interesting. So until that day that we can have something A little bit more regulated when it comes to the IOT and the smart homes and even wearable, I guess that's another really interesting topic eventually to touch because having a watch that monitor pretty much everywhere you go, everything you do, your heartbeat, your health, that's another interesting thing, but, um, what can the regular user that may not be that much interested in privacy, but When here that the light bulb may know a lot more than what you think, or I had not too long ago a conversation about the report from, um, from the Mozilla [00:18:00] organization in terms of what the cars know about you.
Cars know a lot. That was some scary episode right there. You want to see a black mirror episode, you should listen to that one. So what can we do? You know, like, I don't know if you go in a rental car, but this is even your own car, like you plug it in, you connect to whatever system in the car and then where does those data go when you unplug your phone or when you don't have that car anymore?
Is that going to be like the light bulb? Or way worse than that, probably?
Kate Barecchia: Yeah, so that is a great question. I don't feel like I have a full comprehension of all of the data fields that that car is taking from my phone. I did, uh, it's funny because my husband and I, he's in IT also, um, he and I had this conversation this summer.
We rented, um, a large car to fit our family and we drove up to Cape Cod with our two [00:19:00] dogs and three kids. And that's a much longer drive and bigger drive than our ordinary car could handle. So we rented, you know, a ginormous vehicle and it. Uh, the vehicle only had maybe I want to say less than 2000 miles on it, so it's a very new vehicle.
We, we were happy with it and we, we delayed for probably a couple hours allowing the car to sync because we wanted to think about it and we noticed that other users had left their sync data behind. So the first thing I did was I did them a solid and deleted their profiles because they don't belong in the car.
And then, um, at We did ultimately sync because the conveniences of having the sync for that long a drive outweighed the privacy risk in my mind, and we did delete our profiles from the car. And hopefully, that deleted the remnants of the data. Now, could it be residing on a chip in another [00:20:00] section somewhere?
It could, of course, but you know, it is that balance between convenience and ultimate security. I can live, I can dig myself a bunker in the back of my yard and be as secure as possible, but then I can't live my life. And so you're always constantly every day making a trade off between what, what limits you're willing to put.
on your privacy and your convenience.
Marco Ciappelli: Yeah, I agree with you. And that's especially come true with health, for example. Like if, if you're using a wearable that is benefiting your health, you need to weight the risk of compromise and versus the benefit of an improved health output for yourself. So, but I think that there are still few, maybe.
Checklist point that somebody could go over when you get a new [00:21:00] camera or I can see you did You know the car at least think about it and and see If there is some settings that may be not necessary and you still get the benefit out of that
Kate Barecchia: Yeah. And, um, you know, so I, I can give you another example, right?
I used to do, um, one of those insurance discount programs where I got 10 percent off my insurance if they could track my driving style. I stopped doing that when they stopped changing when they, um, updated their app to say it needed to track my location all the time, even when I'm not using the app. And I was like, well, tell me why you would need that.
You don't. It's poor privacy and poor coding. You don't need to know if I'm walking around the mall. You don't need to know anything except what's relevant to our contract.
Marco Ciappelli: Unless you're going to give me a discount of whatever store I'm about to walk in. [00:22:00] Which could match the discount you're getting on the car.
And so, okay, maybe I'm okay with that. Right. Talking about walking around, I want to take the last few minutes with this, uh, Kind of recap for CES by getting a couple of opinion from you on how you, what did you see around, uh, I know we, we know CES and maybe, the listener may not understand, but it, this thing is huge.
It's the biggest technology, consumer technology event in the world. And, uh, I guess you need to pick your own bottles. You're going to go to the Eureka where you see the startup, or you're going to go to see the space technology. And I mean, there is technology for everything. Where did you decide to go?
And, uh, did you see something that were like, okay, this is a game changer. I am kind of a. Really enjoying this coming into our society or something. They're like, I really didn't think this was going to come and I was hoping it [00:23:00] didn't.
Kate Barecchia: Yeah, so you're right. It is really enormous. I actually walked from my hotel.
To the Las Vegas Convention Center, and I was staying down at the far end of the strip. And so it took me, for perspective, it was about a 45 minute walk. Now, maybe I walk like a glacier, but it was, it was a long walk. And I had the opportunity to pass, they had separate exhibits at the Venetian, which I visited on another day, because that's where my panel was.
So I did go, the Venetian had more, um, things focused on the home. And then, um, I was in the Las Vegas Convention Center first, and I saw, um, I think health was there, but I could be mixing it up, but I did see that, uh, whether it was in one building or the other, I saw home, health, um, some of the startups and Automotive.
And then, [00:24:00] um, I would say assorted, whether they were, um, droids, you know, the flying droids and, um, uh, drones, yes. And also underwater drones, um, were, were some of, and also robots, you know, the self driving robots that. Go around.
Marco Ciappelli: That's really cool. So somebody's been telling me throughout this whole conversation that their prediction while it was the Year of Generative Artificial Intelligence in the past year with a, with a debut, the crazy debut of CHAT GPT, they're saying that the next one is going to be about robotics.
Like the biggest change will probably come from that. I can't even think about the privacy issue that we will have with. Eventually, robotics that will kind of help us clean the house or who knows what they will do and any, any thought on that? Just [00:25:00] putting your futuristic hat on
Kate Barecchia: I think it's going to be not so different than the security system conversation. Right? Does, does the vacuum cleaner really need to call home 700 times a day because it bumped into my bed frame? Right? We have those concerns now with the robots. If you were to check how many times they called home and what they communicated back to their mother ship.
Um, mine also died. So I'm sad about that, but maybe It did. It has no
Marco Ciappelli: power. It's not still sending some signal.
Kate Barecchia: Maybe, maybe like a long lost signal into outer space. Come, it's dirty here. Um, but I, I think, I think it's just going to be an evolution of the conversation that we've been having, whether it's with your phone, right?
Or, or a robot. It's the same, some very similar data, same [00:26:00] concerns. Just a different species.
Marco Ciappelli: Different species. There we are in is an alien species. And it comes down again to what you said before, which is the convenience because I always bring this example of if you have a personal assistant, human species, personal assistant, and you want to really be of help, you need to share it.
You need to share your taste. You need to share your habit. You need to share your schedule and you need to share many things and then it can be effective. So it kind of applies to that. I mean, if you want the AI assistant or the robotics assistant to be very useful, there is that. Line that you kind of need to trust.
And so I think it goes into trust. I already said that. But, uh, as long as I know that those data that I share and those information, they stay in a container doesn't bleed [00:27:00] somewhere else where I don't want to. Then I think that's how we're going to get the benefits. I don't know. Do you agree that maybe the bottle is is into the in the trust field?
with the company you work with.
Kate Barecchia: I agree. It is about trust, and I think that some major brands have recognized that that's where the future battle will lie, and they recognized it many years ago. Some companies have taken it all the way to the Supreme Court. They will not intercede if their customer has put a privacy setting on.
Other companies feel different philosophically. And so we, we as consumers can choose to purchase from companies whose values better align with ours. Whichever side you're on.
Marco Ciappelli: And then the market can really make the difference. Well, a lot to think about. Uh, Kate, I really appreciate your time. It's always great to talk to you and to our friends at the [00:28:00] Imperva team as well.
And, uh, um, I think the next big event that we will Again, we'll probably be RSA conference. I don't know if with you personally, but I'm sure with the, with the team and, uh, it, that the conversation is a little bit different, but I think where, when you talk about technology, you're talking about cyber security nowadays. And that includes privacy. It includes, um, identity and a lot of other interesting things that maybe we're too lazy or we don't want to worry about it as a consumer, but I would say definitely to all the listeners, maybe you want to look at the setting every time you get some new blinking light and funny noise gadget that you really like and you really want to have in your house.
So, Kate, again, thank you so much. Uh, for being part of this and everybody else stay tuned for more coverage, actually, uh, post CS coming up to you and then, uh, our next coverage, which will be RSA conference [00:29:00] 2024. Thank you again. Thank you. Bye. Everybody.