By @SimonCocking. Great interview with Aurelie Pols. Top data security thought leader, digital data, governance and privacy. Professor at IE Business School, Board member

What is your background briefly?

Economics, statistics and econometrics; start-up founder & seller in digital analytics; European mother: Dutch nationality, French mother tongue, currently living in Spain. My husband is 3/4 Spanish

How did you end up doing what you do now?

Working with data all my life, I got worried around 2006 about how far the pendulum could swing hence the interest in Privacy. The initial spark came from Rob Lowe in the West Wing,

but I was busy with the earn-out of my initial start-up. Privacy came later with Mind Your Privacy in Spain, a country who’s legislation is closest to the upcoming General Data Protection Regulation (GDPR), EU Privacy legislation to be enforced by May 2018. I will always be grateful to those Spanish lawyers who showed me the way.

1 min pitch for what you do / what’s a typical day like? (How do you integrate all your different interests)

I drive my kids to school, grab some fruit and coffee and start working on the emails that came in during the night while listening in on the EU side chatter. My work covers different time zones, excluding Africa while being based in Madrid, Spain. I spend time writing, reading and talking on the phone, in multiple languages. I usually take a break to pick up my kids and play with them before hopping on the West Coast calls. My limit is usually midnight. Travels mainly take place in the spring and fall for conferences, think tank invites, etc. either to attend or participate in. This fall, Geneva, Brussels, Sidney & Melbourne are on the agenda, for now.

What is data ethics?

Ethical data uses to avoid erosion of human dignity where each actor of the data ecosystem takes on responsibility for her collection, use and treatment of the data. In these times of evolving (not only Privacy) legislation, this means going beyond the concept of compliance and thinking about data in terms of risk for your company but also your partners and in the end their customers as well. It’s a chain of responsibility that needs to be defined and maintained as the current transposition of the GDPR – concepts like the Right to Deletion or Data Portability – are not common practice in our fast evolving technological world. it’s actually amusing to see powerful technological actors throw their hands up in the air screaming Privacy is impossible while apparently self driving cars are not.

Data ethics goes beyond compliance and risk in the sense that it allows for surfacing also of harm where, once issues bubble up, they should be addressed by all actors involved. Think Pokemon Go and the harm, even if statistically insignificant, being done to certain individuals, whether their are playing the game or just external spectators.

Who takes on responsibility to assure social well-being, encapsulating everybody, is not eroded by some happy few?

This is where suddenly a lot more cooperation as well as discussions will be required between actors within the data ecosystem, including legislators but also consumer associations and hopefully industry organizations to define guidelines, protecting individuals from data induced harm.

Last but not least, data ethics will require us to solve 2 main conundrums, once we agree we all have a part to play in social data driven well being:

1. which mechanisms can be put in place to surface and deal with harm? Ethics boards come to mind, escalation procedures for data science teams on top of some of ethical pleges like oaths required by the medical profession;

2. who in the end decides? who in the end is the ultimate decision maker? is that legitimacy recognized?

Think for example about how such decision making has been taking place at Wikipedia, compared to Encyclopedia Britannica. And what the consequences might be for our society today.

Data security

Congrats on being ranked on the Onalytica Top Data Security influencers list – where did it all go right?

Honored, flattered and surprised.

I’ve learned tons over the past months thanks to the smart folks at Krux on data security, ranging from certifications like SOC2 to hashing and now discussing stuff like differential privacy. While I keep an eye on what associations like OWASP or ISACA talk about, I wouldn’t really call myself an expert on data security. If anything, I’d prefer to be labeled privacy engineer for the time being, even though it doesn’t totally coincide either. What is it about people who think outside of the box or even consider there is no box that don’t fit inside a box, hey?

What trends are you excited / concerned about in relation to the work you do at the moment?

Data traceability and accountability to keep trace of data transfers within companies and between systems but also beyond. Consent management but also purpose management should become part of this meta data manipulation as these 2 concepts remain the corner stone of Privacy legislation. I like the idea of block chains and ledgers but not totally convinced this could represent the holly grail it is depicted to be. Re-identification issues, supporting metrics and measurements to create alerts or best practices for data manipulation is something I think we should pay close attention to. Stuff like k-anonymity, I’ve heard about l-diversity recently are possible paths forward even if not the holy grail either. So a lot of challenges to tackle 😉
In the mean time, my Nokia phone is about to break down and my only choice is between an iPhone and an Android driven OS, which makes me feel extremely uncomfortable. I also teach my kids to lie on the Internet by fear of data abuses. Any parent can understand that this signals a serious issue!

What advice would you give to companies and individuals in terms of managing their data securely?

Data minimization is a basic privacy principle.And let’s be honest: a lot of companies are literally drowning in data while hopefully at the same time being more agile in collecting and using this raw material. The pieces of legislation that have moved the fastest on a global level are those related to data breaches. And recognizing harm beyond financial harm has also gained traction, even in courts in the US. Start seeing data also potentially as toxic waste and not only this magical growth pill should allow companies to find hopefully a workable balance.

Que tal la vida en Espana? Que cosas interesante pasa alla? (How’s life in Spain?)

Quality of life in Spain is more than wonderful, from where I sit aka 20 minutes from the airport. My kids speak Spanish, English and Chinese while I speak French with my husband. Spain allows me to have help in the house to balance my life between private and professional life, something I couldn’t afford in Belgium for eg. where I sold the start-up built with my husband.

I rarely work in Spain as such yet, on top of the many super qualified lawyers when it comes to Privacy, it’s the humane side of society that strikes me. Spain is where I learned to sit on a bench and take the time to live without feeling guilty, something my Dutch sisters do not understand 😉

And the food, I’m sorry but the raw materials of the food!!!!

Who do you follow for your inspiration and insights?

I surround myself with people smarter than me and am grateful to anyone who makes me think, question, advance, hopefully evolve. If you’re looking for anyone famous, Madeleine Albright comes to mind as I have immense respect for that lady. I’m not the type of Ghandi follower even though I grew up with quite some French philosophy, yoga and macrobiotics in the Netherlands. Neelie Kroes is also someone I grew up with so I tend to follow closely what she’s up to.

My mother-in-law, some aunts, existing and former colleagues: I always reply to email, it’s a rule of thumb. If someone bothered to take time to write to me, I will reply if it can be constructive. And I prefer to walk away from too much conflict, life’s too short. In my data privacy work, I focus on creating consensus between the parties involved, not hone in on legislative differences between continents. This mainly because due to scalability and metrics comparisons, making too many exceptions would be shooting yourself in the foot.

We can be online 24/7, how do you manage your work life balance?

I don’t believe in work life balance. I think work is part of your life and I’ve been lucky enough to be an independent contractor for over a decade. So I choose the time spent while often getting swept away by some idea until deep in the night.

The problem today is that I can’t stay up all night to work or party as my kids wake up at dawn. I’ve moved calls with SFO to end of the week to avoid lack of sleep issues.
It’s continuous tweaking I suppose and as long as you can define what you need and the other side understands, it creates healthy environments for all involved.

Anything else we should have asked you / you’d like to add?

Data Protection Officers and where to place them in Europe following Brexit. Ireland has an interesting card to play here. And a tough balance to manage between keep the technology business and enforcing Privacy Rights. It will be interesting to watch, I wish all the best to Helen Dixon!


If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking

Pin It on Pinterest

Share This