Privacy Policies, by Lawyers, for Lawyers. What about Everyone Else?

Note: Presentation times are in Pacific Standard Time (PST).

Thursday, January 26, 2023 - 9:00 am10:00 am

Moderator: Hannah Poteat
Panelists: Holly Hogan, Automattic; Miju Han, Google; Emily Jones, Simmons & Simmons; Gabriela Zanfir-Fortuna, Future of Privacy Forum


We still need privacy policies even if nobody reads them, but they fall short as effective communication and education tools. What else can organizations do to ensure customers and users are adequately informed about data use and data rights? Time for privacy to show creative flex.

Hannah Poteat[node:field-speakers-institution]

Hannah Poteat did data protection before data protection was cool. For 25 years, first with a long career in information security and then as an attorney, Hannah has built a career predicated on the idea that mere compliance with security and data protection requirements is the bare minimum: we can always innovate. Most recently, as Senior Manager and Lead Privacy Counsel at Twilio, Hannah led the Privacy Risk team and advised on the nexus of international, domestic, and sectoral privacy and telecommunications laws. This entailed advising on all matters of global privacy law enterprise-wide, including harmonizing Twilio’s binding corporate rules with GDPR, CPRA, LGPD, APPI, and other global privacy frameworks; developing company-wide global privacy policies, procedures, and strategy; guiding incident response and maintaining breach response policy; and coordinating employee privacy during a global pandemic. Prior to Twilio, Hannah built the privacy program at GitHub, moving GitHub from the downfall of Safe Harbor to the advent of GDPR. She is currently taking a break before taking on a new adventure in building privacy programs. When not arguing over what a “sale” is, Hannah is probably driving a Jeep off-road over very large rocks. Hannah is CIPP/US certified and someday will get around to that CIPP/E. Probably.

Holly Hogan, Automattic

Holly is the General Counsel of Automattic Inc. where she leads the legal team in helping Automattic/ make the web open and accessible, one website at a time. She navigates novel legal issues for a global internet company as it has grown in revenue, size, and impact. Holly has expertise in designing legal and business solutions that empower teams to scale globally, make good decisions, and get the job done; building and leading teams in and out of the legal department; and un-complicating international laws with legal strategies that keep operations running smoothly. Prior to Automattic, Holly was a partner at K&L Gates LLP and represented companies as a litigator in a diverse range of cases—from patent and contract disputes to First Amendment cases. She started her career as a prosecutor. Holly is a graduate of Harvard Law School, and has a B.A. in Politics (magna cum laude) from the University of San Francisco.

Miju Han, Google

When transitioning from data scientist to product manager, Miju spent a long time thinking about how to leverage data in products. That led to the beginnings of GitHub Advanced Security, which has helped developers and security teams patch over ten million vulnerabilities to date. She then helped HackerOne realize its vulnerability intelligence product suite before moving over to Twitter after the teenager bitcoin hack to start its privacy and security product practice. Miju is currently focused on privacy full-time at Google, where she is responsible for how Google Ads uses data.

Emily Jones, Simmons & Simmons LLP

Emily is a partner at international law firm Simmons & Simmons and leads the firm’s recently launched US office in San Francisco. The new office does not practice US law and Emily is an English-qualified attorney who has worked in Silicon Valley for over five years advising fast-growth technology, fintech, and healthcare companies on data privacy, cyber security, and technology laws as they grow their businesses globally. Emily has been advising on data privacy and security issues for over 16 years and works with companies launching new products and services especially involving emerging technologies. Her experience includes carrying out GDPR compliance health checks, responding to regulatory investigations, data security incidents, and data subject requests and negotiating with customers and vendors. She also helps clients to find commercial solutions to address evolving international data transfer issues. She is CIPP/E certified and regularly speaks at conferences on data privacy and security matters.

Gabriela Zanfir-Fortuna, Future of Privacy Forum

Dr. Gabriela Zanfir-Fortuna is Vice President for Global Privacy for the Washington DC-based Future of Privacy Forum, where she leads the work on Global privacy and data protection developments, coordinating FPF's offices in Brussels, Tel Aviv and Singapore. She is also an Associated Researcher for the LSTS Center of Vrije Universiteit Brussel. Gabriela is a member of the Reference Panel of the Global Privacy Assembly and was a member of the Executive Committee of ACM's Fairness, Accountability and Transparency (FaccT) Conference. She has experience in working for the European Data Protection Supervisor in Brussels, dealing with enforcement, litigation and policy matters, and contributed to the work of the Article 29 Working Party. She holds a PhD in law with a thesis on the rights of the data subject from the perspective of their adjudication in civil law, and an LLM in Human Rights. She published a comprehensive volume on the rights of the data subjects in 2015 (Protectia datelor personale. Drepturile persoanei vizate", C.H. Beck, Bucharest, 2015), and is one of the co-authors of "GDPR: A commentary", Oxford University Press, 2020.
@conference {285637,
author = {Hannah Poteat and Holly Hogan and Miju Han and Emily Jones and Gabriela Zanfir-Fortuna},
title = {Privacy Policies, by Lawyers, for Lawyers. What about Everyone Else? },
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jan

Presentation Video