Click for Full Transcript

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional, providing practical privacy advice to overwhelmed companies. Hello,

Justin Daniels  0:37  

Justin Daniels here. I am an equity partner at the law firm Baker Donelson as a tech attorney. I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels  0:58  

You make data breaches sound so happy. This episode is brought to you by Red Clover Advisors. You can’t even do your drum roll. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services in digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there is greater trust between companies and consumers. To learn more, and to check out our best selling book Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com. Today, we’re staying local with a really awesome, super amazing privacy professional and longtime privacy friend. So I am excited to welcome Pedro Pavón, who is the Global Director of Monetization, Privacy and Fairness at Meta, and so many amazing other talents. But I can’t wait for Pedro for you to share more as we get started. So Pedro, welcome to the show.

Pedro Pavón  2:04  

Awesome. Well, thank you for having me. I don’t I don’t know how to feel after that introduction, awesome and sensational things, and this is good stuff. But all jokes aside, thanks a lot for having me. I’m a big fan of the podcast. And it’s nice to watch someone else go through the motions of kicking off an episode because it’s usually me on the other side of that. So I really, I really enjoyed listening to you guys make make the magic happen in the background

Jodi Daniels  2:28  

is always fun. So, Justin, you’re going to get us started.

Justin Daniels  2:33  

I’m happy to I just want to point out that this is our last broadcast before Cybersecurity Awareness Month and the one year anniversary of book.

Jodi Daniels  2:41  

It’s true. It’s true. It’s very exciting. It’s also fall, which is the best season on the planet. So it’s a very happy day.

Pedro Pavón  2:48  

Oh man, I walked outside this morning and I was like, thank God. It was just like, not hot at all. But it wasn’t quite cold. I saw a Orange Leaf on a tree. I’m a big fall guy. So I’m excited for the next couple of weeks.

Jodi Daniels  3:01  

There’s a beautiful street we drive down and one of the trees with that gorgeous red hue kind of like the cranberry colored leaves. It’s just looking at the trees. Literally I transform it to happy though.

Pedro Pavón  3:13  

Yeah, same same thing. The only thing I don’t like about fall is pumpkin spice lattes, but we can talk about that on another.

Jodi Daniels  3:19  

I don’t like a pumpkin spice lattes, but I like the pumpkins.

Pedro Pavón  3:22  

Yeah, like pumpkin. Pumpkin Spice Latte is not my swag.

Jodi Daniels  3:25  

All right, no Pumpkin Spice Latte note to sell. No Starbucks cards are important. Very important. Okay. All right, Justin. Thank you,

Justin Daniels  3:33  

Pedro. How did your career evolved to your current role with metta?

Pedro Pavón  3:39  

Um, that’s an interesting question. I’m not sure. You know, when I graduated from law school, I worked for the government, I worked at the Justice Department, which is sort of like a place where people finish their careers, right. And so I sort of started backwards, which has turned out to be really fascinating and led me down, like some interesting paths over the, I guess, 15 years or so now that I’ve been practicing law. But how I ended up in this specific job and sort of like a policy counselor role is I think, kind of, it’s not clear to me how it happened. You know, I was in house at a couple of big tech companies before coming here, very much entrenched in like the legal operations of those companies and making sure that the legal department was adding value accelerating deal velocity, and like, you know, contributing to the success of the company, and then Meta, then Facebook, started recruiting me for like, a policy position and I wasn’t sure exactly what that meant. But as I talked more with the, with the company recruiters and some of the folks on the team that I’m on now, I became sort of really excited about the possibilities of a role like this, which is basically like you most of us in the role that I’m in are lawyers by training, but we play sort of like a hybrid, legal slash policies slash product development role. And what that turns out to be in practice is, I get the freedom, a legal department doesn’t have to sort of just talk about broader frameworks like product fit, market fit, cultural fit. The ethical framing, which you know, legal departments can dabble into, but it’s not an area where they have, they can spend much time because they have to be really focused on like, will this comply with the laws in the jurisdictions in which you’re going to launch, et cetera, et cetera, I’m a little bit freed from that like prescriptive approach and can sort of like take a little bit of a more holistic approach to how I think about product counseling, and my team is the same. And so, you know, we get to sort of float around the most interesting, impactful things that the company is doing, and help converge the signal that we’re hearing externally about our practices and about our intention into like actionable signal for products that are being built. How I landed in a role like this, it’s not clear to answer your question directly, do I love being in a role like this very much. So because I’m sort of able to be much more creative than I wasn’t a legal role insofar as I can dabble and touch on a much broader spectrum of angles around like the products we launch and the features new bill

Jodi Daniels  6:30  

Pedro, you hinted a little bit where, what is out in the news, and privacy and Facebook, when you put all those words together, it’s not always the most favorable. But I know that yourself and a number of other privacy professionals inside the company are working tirelessly on privacy and policy and making sure these requirements are considered. So I’m curious, what do you think those of us on the outside should know about that work?

Pedro Pavón  7:03  

Yeah, I mean, it’s a great question, no doubt that three years ago, when I joined the company, you know, we were just climbing out of a pretty challenging period, you know, Cambridge Analytica had happened before, you know, like the Facebook brand had sort of been associated with, like the invasion of privacy, and whether that’s fair or not, is a different issue. I don’t think it was necessarily fair, but that’s where the company was. I think we’ve made tremendous progress. And, like, I challenged people to find another company investing as much in user privacy in user transparency than Meta is at this time, cause I’m not sure you’ll find one. But like, the, the question is, like, what, what? What insights can I share, where people look from the outside looking in about like what we’re up to? Here’s the thing, when I joined the company, I was very direct, like, I wasn’t going to be a, you know, hood ornament, or, you know, come here and like rubber stamp bad ideas. And that I would leave, if that’s what I saw my role turn into. And I can say without equivocation, that that is not what happened. I am empowered, my team has empowered hundreds of people inside of Meta, maybe 1000s. Like if you broaden the scope enough about all of our data safeguarding efforts are empowered to not just give advice and counsel. But shut down bad ideas, challenge, common thinking when it creates unnecessary risk for our users. Inject creativity and beginner’s mindset around how we talk about what we’re doing so that users have a broader understanding of not a broader a more in depth understanding of the broad relationships that we have with all the people that use our services, and giving people more control. So I came here with the idea that like if Meta gives people more control and more transparency around how we’re using their data, that people can make better choices about what they decide to allow us to do. And what I’ve seen over the three years that I’ve been here, where we’ve launched, a wide scope of control, either like new controls, or or calibrated controls, or improved controls, and dozens and dozens of transparency efforts is exactly that, like users exercising their own capacity to make informed decisions about how they want their relationship with Meta about their data to be as a privacy professional. What more do what more can you ask for, right, a company that’s being receptive to the pressure you’re applying to be more transparent and to give users more control and to still be essentially a successful corporation that generates value for not just its shareholders but like, its employees entities.

Jodi Daniels  9:57  

I remember when you had shared at the beach beginning early on how you were empowered to be able to make those types of influential decisions. And I’m excited to hear that that’s still a big part of your role and that you’re still really happy. So that is very exciting.

Pedro Pavón  10:14  

Yeah, and it’s really easy to empower somebody like me who’s been around a long time and, you know, has a little bit of a public facing image, they’ll be like, Alright, cool, go, go do the things. But I can tell you, the most junior person on my team has essentially equal ability to impact and to create change. And an emblem of this heirloom of this artifact is like yesterday, I was in a meeting with some of the top decision makers in the company about a very sticky data processing question that we were noodling about for weeks. And, like the opinions of some very junior people that brought a lot of creativity and ingenuity into the decision making prevailed. I’ve been at a lot of places, I’ve been at law firms, I’ve been in government, I’ve been in other giant corporations, there isn’t a lot of room in these sort of corporate serious or government serious spaces. For like new ideas to emerge. This is what happens as companies get big, like things like processes calcify, and like new ideas sort of sit on the margins. And every once in a while one sneaks in. What I have found here is that the exact opposite is true. Like there is almost a dedicated channel to make sure that like new perspectives, new ideas, new ways of looking at things are emerging constantly. Now, that creates some challenges for privacy person, because product people have a lot of, you know, at the very moments where they think, Hey, I got this great use case. And it turns out to be a nightmare. But from the perspective of us, generating new ideas around compliance and around transparency and around control, it allows it gives us a big microphone, and a big hammer. And a hammer maybe is not the right word, but a big pencil to like, create really interesting new ways to solve complex privacy problems. So, you know, I’m not here to like, give all the say Meta’s doing all the right things. And it’s perfect. We’ve got a lot of work to do, still and continuously. And as we launch new interesting things, especially around the metaverse and AI, new challenges will emerge. But what I’m hopeful of is whether I’m here or not, forever, that the company will retain its core DNA of like, just allowing good ideas to flourish and be watered.

Justin Daniels  12:29  

That makes sense. Well, speaking of new announcements, let’s talk a little bit about the big news announcement on Meta’s new AI Chatbot. Yeah, what what can you share about that? And how is privacy considered in the new rollout given these really cool meetings that you’re in where everyone is putting their input into this new technology?

Pedro Pavón  12:50  

Yeah, well, first of all, I mean, Meta’s, maybe a little bit a little bit less vocal about our work on the AI front, historically. But I would argue that we’ve been at the forefront of this work for a very long time, like I’m an ads guy, if you look at our ad stack and our automated ads delivery stack, like we’ve been in the AI space for a very long time. So like, in that regard, I think we were well suited for this moment where it’s like the proliferation of generative AI is sort of like exploding, right? And yesterday, Mark announced at Meta Connect all of these new chatbots and all of these cool, interesting AI generative AI enhanced features. If you want to learn more about the specifics of the products, I invite you to just search for Meta Connect and watch the Keynote because it was really good. My favorite launch, to be honest, is the I forget what it’s called. I feel bad, I think is that even, I don’t remember what the actual Gen agent is. But I think it’s emu anyway, where it’s basically a text messaging sticker generating bot, like, I’m obsessed with the idea that I could come up with a cool idea and create a whatsapp sticker and post it in a chat thread. Because I almost exclusively speak in gifts and stickers at this point in my chat thread. So like that is like my favorite, most excited of all the cool shit we launched. That’s my favorite, because I know I’m going to use that most but I’m also excited about the Raven stories and powered by AI and all the cool things that Mark talked about. So go watch that. I think a lot of cool shit is in the pipeline and people will be really excited. Your question about privacy is when your question about privacy is when I will field, though. Like what role did privacy and and data protection play in like the creation and now the launch of all of these products. And if you watch that Keynote, Mark made it a point to take a moment and address like the guardrails work and the sort of like philosophy around data protection and privacy that we are implementing as we launch all of this AI, all these cool AI technologies. The biggest one is like building safeguards. Then by design like privacy safeguards, and by design transparency by design, and when the product launch, people will see, just like the level of granularity, in plain English or in plain language about like how the AI systems are using your data to work. And I think people will be pleased with our approach there because I I’m really proud of the work we’ve done. I think the other couple things that are worth mentioning is, is like the work we’re doing collaboratively with, like governments and other companies and AI experts that don’t work at Meta, So think civil society, think, you know, like our users, like in the context of children like parents, right, and parent advocacy groups and privacy experts and privacy advocates, and to establish the appropriate guardrails and to create systems of vigilance, right processes of vigilance so that as we launch, and deploy, and scale all of this cool stuff, we can make iterative changes when we either a identify new threats or challenges or be realized that something we’re doing okay, we could do better, and we should fix it. And I think the guidance all the way from Mark is that that should be the approach. He also mentioned yesterday, that we’re being very, I don’t remember his exact words, I’ll paraphrase to paraphrase here, but sort of like intentional and deliberate and sort of moving carefully and slowly in all of our launching. And I think part of that is to try to go to market with what is products that have gone through robust vetting robust red teaming, and robust analysis, not just or whether they work cool and will derive deliver value to our users but like, whether they will be as transparent and as privacy protective as we want as we hope they will be so that people will use them and feel safe having them on their devices.

Jodi Daniels  16:50  

I have a question. Do you have a question for ask my question? I

Justin Daniels  16:53  

Just thought it was funny.

Pedro Pavón  16:54  

Wait until you see the Snoop Dogg Gen AI bot like. There’s a lot of cool stuff man I I’ve been able to like dog food which is I don’t that’s like Meta internal jargon for like beta test some of this stuff. And the bots are pretty cool. They like i At first I was like, I don’t know if this is going to be my swag. I don’t want to talk to these computers. But like, once you get involved and like sort of like play in the lanes in which each bot operates some are fitness bots. Some are like gaming bots, some are efficiency possible, whatever. Once you start playing in the lanes, you start seeing the value immediately. Right and like anyway, I’ve had a lot of fun playing.

Jodi Daniels  17:37  

You still have the funny look on your face.

Justin Daniels  17:38  

No. I was thinking when Pedro was talking about using emojis and whatnot to convey his thoughts. It’s almost like we’re going back to hieroglyphics from

Pedro Pavón  17:54  

Yeah, I really think there’s an element to that I, I see the chat thread of like my little mentees and my little nieces and nephews and I call them nieces and nephews, even though they aren’t. They’re like biological nieces and nephews, but I see the way they communicate. And man, there’s not a lot of words in there. A lot of acronyms and a lot of imagery. I think it’s pretty cool.

Jodi Daniels  18:18  

A picture is a thousand words.

Justin Daniels  18:19  

Well, that’s what I was gonna say, Pedro, I know, when I have to do presentations on complicated technology topics. I’m really trying to find visuals because as lawyers using so many words, most people learn a lot better when you can put a visual. I mean, Jody, I know you do that a lot, too.

Jodi Daniels  18:35  

We do. We talk all the time about trying to make it simple. Last words, less words, more pictures, more visuals, because we do I think your comparison is very interesting.

Pedro Pavón  18:47  

You know, what’s fascinating about what we’re talking about here is how does all of this translate to like, privacy transparency, and what we see some companies doing like Meta, Google, and others, is move to visual representations of their privacy practices, right? Like, whether that be through like animation, or through videos with real people, whatever. But sort of like a last pros and more dynamic way of communicating, I think, is the direction of travel. What’s interesting for me is like a privacy wanking nerd, is when we look at jurisdictions like Europe, and a few others where like, you know, Europe obviously has GDPR and seems like pretty prescriptive concepts around obtaining consent or filing a legitimate interest objection, right. Like, are we really going to stick to like blocking banners and like 50,000 Page privacy policies as our like end state? Is that really a healthy and state to talk about privacy with users? Or is there room to think more creatively about for example, obtaining consent via a dynamic conversation with a generative AI chatbot right like Why is that not in play? You know? I mean, maybe it is. And maybe people are already thinking about this. And if not, they should, because I can imagine an outcome. And this is just me spitballing. This is not like reflective of any product ideas or any Meta stuff, just me spitballing here, I could imagine a future 10 years from now or even sooner, where like I am on app, you know, whatever app I’m on, and like, instead of, please read the privacy policy and do this and do that. It’s like, do you want to read our policies? Or do you want to talk to our chat agent about your choices, right? And then have a conversation where it’s like, hey, like, if you let us do this, do you do this? And I can probe that and get more information, and it can cite the policy to me? And I can say, well, what if I don’t want to do this? And it says, well, your setting should probably look like that, to me, just that moment, it’s probably it’s definitely faster than sitting down to read a passive passively read a long fucking thing you don’t understand and B, what’s really cool about it, is that like, I can make all these settings, have whatever experience and this agent can come back to me in 30 days and say, Hey, here’s what we did a month ago, like, are you happy? Here’s what you’re missing based on the choices you made. Or here’s how your situation could be different if you made these other choices. Like there’s just this amazing opportunity right now to leverage all this cool technology that everyone’s fear mongering around for such great purposes, including a more transparent, more like control, focused like privacy decision making experience for users that like, Well, I hope we’ll put a lot of energy and attention. And when I say we, I mean everyone collectively, like the privacy world, to like, leveraging these technologies, instead of just trying to figure out how to make rules for them, because I think we should do that too. But like using them is going to give us a lot of interesting opportunities. I think.

Jodi Daniels  21:44  

I like those a lot. And I add the first step of just making a visual representation of a privacy notice, I’ve been talking about that for a really long time. And I firmly believe it’s going to take the big players like yourself, to get to really make those work, and then have them start trickling down to other people. But anytime you think about a health app, or a site where you’re really giving sensitive information, no one wants to read the long policy this morning, I had to check my daughter into something. And one of those little check in systems, it’s not even their privacy policy. It’s their practice about how they’re going to use the information I just gave them for health advertisements, and the way it is written. Everyone thinks it’s the HIPAA notice, and they’re just going to hit accept. And now you just gave all your health information to this company to use for advertising. And instead had it actually been visuals, right? Here’s the cute little icons. And the explanation would make a lot of sense, or the video of an executive explaining, here’s what we do with your data. There was a cool new AI app that I had heard about. And I thought this is interesting. We’re gonna go check it out. When I went to the site, I was very impressed. Because in the copy of the here’s why we’re a cool company. It said right at the top, here’s what we do with your data. Because that’s the burning question that everyone had I give you data you do what it answered that concern in objection, which is privacy related right at the beginning. And then their privacy notice also was pretty easy to understand. So I think the use of video and visuals and icons and short, and then the people who really want the deep policy can go and find that. And I like this idea of hatred that you’re talking about, of using the technology to make it more of a conversation because that’s what really people have, they want to know if I give this to you, you will do what with it, and make it be a dialogue instead of a I have to find it in your policy.

Pedro Pavón  23:37  

Same page. And I’m excited, I think the opportunities are pretty endless. And like, I want to be clear, that like generative AI presents a lot of privacy challenges that we’re going to have to spend a lot of time thinking through as a as an industry and as a as professionals about like exactly what the right guard rails balances and what the right frameworks are for these technologies to be used. At, we can walk and chew gum, though, like at the same time, we got to see the potential benefits here for our own work, and start figuring out how to leverage it. And I agree like companies like mine and others are probably going to be at the forefront of that. What I like about things like llama, and some of the generative AI models that are out there for people to use for free. Is that, like this development is not only in the realm of the big players, right? Like, I think startups should their like privacy startups didn’t really start thinking about like this as a business model, because I just, I think that it’s a greenfield I think it’s a greenfield for from a privacy perspective to offer more tools for people to understand what’s going on with their data, but also think it’s like a economic and sort of like, capitalist greenfield. Like there’s just a whole sector here that I think is going to get built around generative AI and come clients, whether that’s privacy or something else, it doesn’t really matter. But we’ll see. I can’t wait until the day I don’t have to sit through annually 5000 presentations about whatever, right like employee well being and like, you know, unfair practices or whatever. And instead, like, I have a teacher who’s like constantly checking on me and saying, like, Hey, have you thought about unfair practices this week, here are the top three things I want you to think about. Right? And like, we can sort of get rid of this, like, I got to get punished once a year, just through a bunch of training, right, versus like, I just have an ongoing dialogue with an agent, that’s just like, keeping me prime, I think that’s a better outcome for everybody, for me company for the, for my attention, and my boredom. So like, there’s, there’s many things that can be done here. And I’m excited for it. Like, imagine a teacher in a classroom with an AI assistant, that is like curating. A teacher can’t curate her lesson, or for every student, right. But with the assistance of an agent on the kids iPad, that is helping them like, you know, sort of like, double clicking in the way that that student can receive the information more deeply from the teacher, based on like, tailored understanding of what that student’s needs aren’t met, this is the future. So like, Let’s build this stuff. And I, you know, like, the reality of virtual reality, and augmented reality stuff is plays a big component here, but I think AI is gonna be at the center of it all.

Justin Daniels  26:17  

So, AI and many new privacy laws are keeping privacy pros such as the two of you and companies busy. So, Pedro, based on your long experience, what advice would you give them to make a successful program?

Pedro Pavón  26:30  

Yeah, I mean, look, there’s a lot of ways to build a privacy program. I think, when you’re building something from scratch at this stage of like, the privacy industry, which is, you know, maybe teenage stage or young adult, I don’t know, where we’re not a fully mature, this isn’t privacy is not tax, right? Like it’s, but it’s heading in that direction, where we’re gonna have like established norms and all the things. I think like, the biggest tip is not like a operational one of like, do these five things and go see my checklist. It’s more like, and I talked about this a lot, which is, if you’re building a privacy program, you’re either have a really experienced expert, or someone who a company just tossed into this, because they don’t have anybody else to do it, and you’re it. That’s generally the circumstance, right? It’s one of those two, there are obviously other edge cases, but those are the ones you see the most common. The threat if you’re a super established expert, is the thing about experts is that like, the possibilities for them are very few because you’re an expert, you spent your whole career narrowing things down to what makes sense. And so your reflexes, this is what I know, this is what I’m being asked to do. I’m going to do what I know. That’s bad. I think that is a piece of how you should approach building a privacy program, which is leveraging your knowledge and know-how and experience but also injecting in like, beginner’s mindset, which is cool, I’m the expert, and I have a inclination of how this should go. And I have a reflexive framework for how to build a privacy program. What am I missing? What are the new kids thinking about? What is the thing over the hill that I’m not seeing? Injecting beginners mindset into building a privacy framework, when you’re an expert is really important. Moving to an actual beginner, beginner’s mind is what you have by default. And so that can be really scary. And you can instead just go try to copy what you see out there, instead of come up with something on your own. I don’t think that’s the right action either. I think the best thing to do if you’re a beginner getting started, is to allow your ideas to flourish. First, and then vet your approach against what’s established and figure out like where you’ve gone too radical, or where you’ve missed something important. But inject in your new and fresh ideas. This is how we were going to keep the privacy profession like flourishing and flowering with all sorts of new and interesting ways to solve existing problems and new problems, which is experts not getting bogged down and getting tunnel vision with this is how you do things. And then beginners, not being afraid to try the new things that emerge in their mind because they don’t want to rock the boat or whatever, rock the boat, like let’s rock the boat on both sides. And if we do enough rocking, that’s gonna make people feel a little bit uncomfortable. But out of that discomfort is where all these great new ideas and new ways to solve problems and creativity comes out of so that’s my, that’s my answer.

Jodi Daniels  29:26  

I call those newer people anointed, they’ve been anointed their role as they organization, like you can’t work today,

Pedro Pavón  29:33  

and you were like a securities lawyer and they’re like, hey, we need to stand up for the privacy program. You’re right, go for it. You know, that’s a scary day at work. But if you look at it as a tremendous opportunity to be creative and do something new, and not just learn the way other people do things and copy but like try to bring in your own unique perspective, which is clearly something other than privacy into how we think through difficult problem. You’re actually adding a lot of value to the profession and I think people should be encouraged to do that. Ever conform. Anytime I see conformity I get really nervous. Now compliance, people are gonna listen to this and freak out. Don’t do that.

Jodi Daniels  30:08  

Now, at the same time, whether you’re experienced or new, you might be trying to discuss some type of big business challenge and or the business is trying to present their really an idea. You recognize the privacy challenges, and they’re sometimes competing. What have you found to be successful to be able to work through those types of scenarios?

Pedro Pavón  30:31  

Yeah, look, privacy and other interests have lots of trade offs. One of my favorite ones to juxtaposes data security, right? Like people, often particularly novices, like bundle privacy and information security, data protection has the same thing. But they can be attention very much so right. So like, just imagine, like employee surveillance, to protect trade secrets, I gotta invade, quote, unquote, an employee’s privacy to some extent, get in their business to see if they’re stealing my trade secrets. So like, there’s a tension there between that employees privacy, and the company protecting its sensitive data. And so like that, that’s one example. There’s 1000, right. And so, recognizing that the tension exists and frequently shows up in decision making is important. Now, that doesn’t mean like that. Like trying to balance those trade offs is impossible. What I think is the wrong reflex, is to take what I call, like, I say, tongue in cheek, privacy Taliban, but like, privacy, absolutist points of views, which is privacy is a supreme issue here, and everything else is subordinate to it. No, I don’t think so. Like it might be in your mind. And you might be a passionate privacy professional. But like, you have to look at it through the lens of your client, or the company you work for, or the or the stakeholders you represent, which often the trade offs are important to them, too, right? Like, there is no concept in which people, human beings, I don’t know, anybody who puts privacy absolutely over everything in their life, I don’t know a single person that way, not one, right. Like, if you have a window in your house, in your bathroom, if you have one window in your bathroom, or in your basement, you have decided that letting some sun in is worth it at the expense of you absolutely locking the world out from looking inside your house, you have made a privacy trade off, okay? This is a fact, right? If you don’t wear a disguise when you go out into the world, then you have decided that you’re going to allow people to see that you’re at Walmart, in exchange for the value of being at Walmart. So we all make privacy trade offs every day. How to approach that at work, is less tricky than it feels, I think, which is acknowledge, hey, this is the privacy perspective, right? This is the privacy panacea of this situation. I would like to engage or let’s engage in a discussion about what the trade offs would be to getting to this outcome. And the the challenges revealed themselves, well, we can execute that or that cost too much money, or our cut that destroys the product or whatever, whatever those trade offs are. And then once we’ve identified what their trade offs are, for the privacy, like ideal scenario, start working back from there, and provide optionality to what’s acceptable, like what becomes like the minimum baseline? What are the options in between the ideal privacy outcome and the minimum baseline which you need to comply with laws or rules? What is that, like a scape escapes look alike. And let’s try to land somewhere in there, where like we’re balancing their trade offs in the best way possible for the unique circumstances of that business, which might mean that other interests take more precedent and privacy. And that has to be okay. Sometimes, it can’t be okay at the expense of violating laws. But it can be okay, in the sense of you don’t get the exact privacy outcome you wanted, you get a different one. But then you’re optimizing for something else, like, for example, delivering a tremendous benefit to the user of a feature, or an economic benefit to the company, or an economic benefit to the user, which is the price is lower or whatever, there are millions of things that could sort of like balance out an absolute privacy approach. And so I think just volunteering in your own mind, the fact that there’s going to be trade offs and immediately working with other stakeholders to identify what those are and then trying to balance them in the decision making process is in my opinion, the way to do privacy Kraftwerk.

Jodi Daniels  34:16  

I like that privacy Kraftwerk. I may borrow that.

Pedro Pavón  34:25  

We should all become wizards, man.

Jodi Daniels  34:29  

I’ve seen wizards.

Justin Daniels  34:32  

So Pedro when you are out talking to people at a cocktail party in Midtown Atlanta. What is your best privacy tip?

Pedro Pavón  34:41  

I don’t talk about privacy when I’m having cocktails and Oh, but if I’m at a bar and I’m gonna give a privacy tip it’s probably keep your eyes on your credit card when you hand it to the bartender because this is Atlanta and credit card fraud is everywhere. It’s the big bunny

Justin Daniels  34:56  

Funny you say that, Pedro, because the business email compromised wire fraud capital of the United States is…

Pedro Pavón  35:04  

It’s here, right? Yeah, I’m not surprised. I’m not surprised. So yeah, I think like, I know you’re asking me a more serious question. And I’m being a little facetious here, but like, I’m not actually kidding. Keep your eye on your credit card, keep your eye on your wallet. Keep your eye on your phone when you’re out at the cocktail parties, and you’re doing 90% of privacy work, protecting yourself.

Jodi Daniels  35:24  

almost all types are accepted. Now, when you’re not doing privacy work, and being privacy wizards. What do you like to do for fun?

Pedro Pavón  35:32  

I ride motorcycles quite a bit, I have a couple and I’ve last year I rode my motorcycle across the country. And it was incredible. And I wrote it alone. I didn’t take any highways. And I wrote a Triumph Street scrambler, which is not really the best bike to ride across the country. I just wanted to do it the old way. And that was a lot of fun. I’ve been riding bikes since I was a kid and, and I enjoy it very much. So I love a good road trip I have I love a good motorcycle road trip. And I spend a lot of energy planning for those activities. And people. A lot of people ask me, Well, are you in a motorcycle group? Are you in a motorcycle gang? Like, how do you do? And no, I’m a solo rider. Man, I like for me, like the solitude of motorcycling is why I do it to get away from all of this. To get away from like family and friends and the pressures of like, you know, being a career professional or whatever, and just get on that bike. And what’s beautiful about being on the bike is you can’t check your phone, you can’t take the zoom, you can’t send the message, you’re just on it. And so and if you’re not paying attention to what you’re doing, you’re gonna die. So you pay attention. And so I’m not thinking about the memo. I’m not thinking about my manager who told me I messed something up,. I’m thinking about what that car doing. Had the light turned yellow. Look at that tree. Look at the lines on the road. They’re the wrong, whatever. And like, to me, that’s like therapy.

Jodi Daniels  37:02  

I wish you very successful and fun trips, hopefully this fall looking at some beautiful trees. Now you are a wealth of all kinds of amazing information. And if people want to follow and learn more, where should we send them?

Pedro Pavón  37:17  

That’s a great question. So I’m pretty active on LinkedIn. And I’m easy to find, if you just type my name in Pedro Pavón. You’ll find me I usually am the first person to pop up. And so I do a lot of sharing there. I’m on Threads, and I’m pretty active there too. So you can find me there by just typing in my name, same thing. And then I have my own podcast that I host with my great friend Andy Dale. And we’re approaching 100 episodes. It’s called The Data Protection Breakfast Club. And you can find that on you know, all the things Spotify, Apple, whatever. And yeah, that’s how you can track me down.

Jodi Daniels  37:53  

Awesome. Well, we’re so excited that you came here today to share a little about your privacy craft work. That really is, I think, my favorite phrase of the entire day.

Pedro Pavón  38:03  

Well, I thank you guys very much for having me. I know we’ve been planning this for a long time. And I know I’m like ditzy about calendars. But I really enjoy listening to the podcasts. I’ve watched you Jodi, like, like, build an amazing business pretty quickly. And you yourself are quite a pillar in our community. And so I’m really honored that you both invited me here today to hang out with you. Thank you.

Jodi Daniels  38:28  

That’s very kind. So we’re excited that you’re here and very lucky you are with us in the Atlanta space. Thank you.

Outro  38:40  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.