Canva’s mission is to empower the world to design. A major challenge to that mission is responsibly building the AI-powered tools that designers want. This is not just the newest and fanciest generative-AI tools. Single task tools, like background removers and stock media library search require data that represents our user community in order to perform at the level our users expect.

Tracking technologies are evolving faster than most governance models can adapt. Pixels, cookies, APIs, and server-side integrations often behave in ways that diverge from what policies assume and create blind spots in consent, inventories, and operational control. This session examines recurring technical and operational patterns observed in practice, the reasons governance breaks down, and emerging practices that help privacy teams restore visibility and accountability.

Modern vehicles have evolved far beyond transportation—they’re now sophisticated IoT endpoints collecting vast amounts of personal data. We will discuss data security and privacy risks modern cars pose to individuals and companies — from data leakage to 4th amendment exception; device-centric universal opt out mechanisms; car-specific IoT recommendations from the IoT Advisory Board to the US Dept of Commerce; Louisiana’s new law to disable connected app tracking & the “Disconnect by Reset Protocol”; and more.

https://instituteofprivacydesign.org/wp-content/uploads/2025/04/George-Reductive-Security-May-2025-2.mp4 Join our IOPD Privacy Engineering & Technology Education Discussion (PETed) Series! The format of the webinar will be a recorded 10-minute introduction followed by a 40-minute informal discussion and

Claire McKay Bowen is a senior fellow and leads the Data Governance and Privacy practice area at the Urban Institute. Her research primarily focuses on developing technical and policy solutions to safely expand access to confidential data that advances evidence-based policy-making.

Ensuring that privacy is incorporated from the design stage of products (Privacy by Design) is a challenge, especially when teams are pressured to deliver products quickly. This requires privacy engineers to work closely with developers and product teams from the outset.

Join our IOPD Privacy Engineering & Technology Education Discussion (PETed) Series! The format of the webinar will be a recorded 10-minute introduction followed by a 40-minute informal discussion and interaction

In this PETed, Shoshana Rosenberg advocates for the establishment and recognition of digital agency and understanding as a fundamental human right, serving as a reinforcement and guiding principle for the evolving legal frameworks working to keep pace with technological innovation. This right bridges the gaps between requirements around transparency and around mere transparency and the requisite layers of explainability, ensuring AI systems provide meaningful and accessible explanations of their decision-making processes.

In this talk Gerome Miklau will explain how we have successfully used differential privacy to unlock insights from highly sensitive data. This will include examples of practical deployments of the technology at major enterprises: the challenges, solutions, and lessons learned. 

IOPD President R Jason Cronk welcomes you to ask all your burning questions about the Design Process Standard published last year. The need for this standard is a culmination of several factors, and details the components necessary in a design process to incorporate privacy considerations and reduce privacy risks to individuals.

Privacy technologists struggle to efficiently handle large-scale requests for data access and deletion due to challenges in mapping data across systems, avoiding production disruptions, and redacting unrelated information from unstructured data. This requires scalable solutions to ensure regulatory compliance and protect data rights without compromising system performance.

We have been analyzing Android apps for regulatory requirements for eight years. We have analyzed Android apps for COPPA, CCPA, and Health Compliance (HIPAA, HBNR, and FTC Act). In this talk, Primal Wijesekera presents the lessons learned after analyzing thousands of apps, the technical challenges we face while analyzing Android apps, patterns of non-compliance issues we uncovered, and the likely root causes of non-compliance.

This talk is a clarion call for a multi-faceted approach to combating dark patterns, combining legal reform, education, and ethical design principles to safeguard digital citizenship in an increasingly manipulative digital landscape.

Digital contact tracing systems promised to help combat the COVID-19 pandemic; but in doing so introduce privacy risks. Privacy-friendly contact tracing systems enable notification of exposed people without privacy harms. In this webinar Wouter Lueks will talk about his experience designing a large-scale privacy-friendly digital contact tracing system that later led to the system adopted by Google and Apple, and experiences deploying such a privacy-friendly system in the wild.

Assurance cases are gaining traction as a means of certification in Aerospace and other safety and security critical industries. However, these assurance cases can become overwhelming and complicated, even for moderately complex systems. Therefore, there is a compelling requirement to develop new automation that can aid in creating and assessing assurance cases.

Developers are rushing to adopt new AI tools and techniques, and private data for AI systems is shifting out of models and into vector databases. These new databases are immature from a security and privacy perspective, and the attacks against them are numerous and growing by the day. Understanding, controlling, monitoring, and protecting the data in these databases should be a top priority of security and privacy teams.

Do AI systems require a holistic risk-based approach? How can you identify and assess all the different risks? During this session we discuss the problem of risk identification and assessment in AI systems. We will look into the ideas in Europe of introducing a Fundamental Rights Impact Assessment and we will explore some of the available tools with Isabel Barberá.

Join our first webinar in the new IOPD Privacy Engineering & Technology Education Discussion (PETed) Series! The format of the webinar will be a one-hour informal discussion and interaction with members of the IOPD. The goal will be a discussion on how to solve a specific privacy problem or privacy related resource topic and the latest implementation techniques for some of the biggest challenges like synthetic data, zero-knowledge proofs, homomorphic encryption, and translucent databases. The participants will be asked to bring questions related to the topic. Come back the fourth Thursday of every month for a new discussion, new speaker, and new insights on the most cutting-edge privacy challenges!