As part of the Top DPOs 2022 project, we’ve interviewed top privacy experts in the tech industry to unveil and share their practices with the community. Read how Logitech’s Global Head of Privacy ensures that Logitech’s products and services comply with data privacy laws and regulations worldwide while contributing to the company’s success.
From implementing up-to-date privacy practices across the organization to handling a high number of data subject requests, a DPO has to overcome many challenges to succeed.
Emerald de Leeuw, Global Head of Privacy at Logitech, is a Data Protection and Data Ethics expert, award-winning entrepreneur, lawyer, and lecturer. Emerald was named one of the Top 100 European Female Founders to watch by Forbes as a former European Young Innovator of the Year. Emerald is a passionate advocate for data privacy rights, and her work has helped make Logitech a leader in this area. She has also given a TEDx talk on the importance of privacy and the need to protect our personal data.
What inspired you to pursue a career in privacy?
<hl>I was incredibly lucky to have been handed the 2012 Draft of GDPR as a master thesis subject during my LL.M in E-Law and IP way back in 2012.<hl> As I spent nine months studying the Regulation and writing about it, I knew it would have a tremendous impact on organizations around the world due to its territorial scope and sweeping obligations. Writing the thesis taught me a lot about the harmful effect of some data processing, something we now call Surveillance Capitalism.
It has always been very important to me for my career to align with my values, so working in the privacy industry made sense to me. I was also very much enamored with becoming an entrepreneur as opposed to being a solicitor, and I had an idea, so I figured, "If not now, when?".
It started with a privacy-tech & consultancy company, then I did a stint of consulting with one of the big four, and now I'm in-house at Logitech. It has been a varied and exciting journey to date.
What do you think is the most important thing for tech companies to keep in mind when it comes to data privacy?
Do it because it's the right thing to do.
<hl>You do not have to be a privacy expert to know that if it doesn't feel or sound right, it probably isn't right.<hl>
Wow. I totally agree. In terms of privacy and data protection, what is Logitech's greatest strength?
I am most proud that Logitech is always on a mission to do what is right. It once again comes down to values for me. Ideally, you work at a place where the company's values align with your own. My experience has been that Logitech is a company that cares about people and works hard towards a fairer and more equitable world. This very much aligns with what many privacy laws aim to accomplish and what I personally want to achieve.
What are Logitech's methods for dealing with incoming data privacy requests (DSR, DSAR, etc.)?
On our website, you will find various ways by which they can be submitted. Some come directly to the privacy team, and some are processed by our customer support team. <hl>The key, as with anything, is to have great processes and to ensure the relevant people follow them.<hl> This means providing training, writing the process down, and monitoring whether your process works overtime.
What do you think is the biggest challenge for creating and implementing data privacy programs in tech companies?
It is a rapidly changing, fragmented legal landscape globally. It is not easy to keep up with it all, a lot is happening all over the world. It will always be challenging to roll out global programs at scale, but this is not unique to privacy.
Speaking of rolling out global privacy programs, what do you think are the most effective ways to raise awareness of data privacy issues among employees?
<hl>Everyone is a human first. Privacy is about us all and the key is to ensure everyone understands this.<hl> Our data is in the hands of companies everywhere, we all want those companies to treat us fairly and to comply with the law in respect of the data we trust them with.
Once everyone understands that the data they work with belongs to real people, just like us, who trust us, it is easier to make the connection, and it is not about "checking a box."
It is now about doing the right thing, which is much easier and less boring than a compliance task.
You often talk about data ethics and the importance of having ethical technology. Would you say that certain AI technologies (such as artificially generated content and facial recognition) harm consumers and their rights? In what way?
I don't think AI technologies de facto harm consumers and their rights, it all depends on how the systems are designed, for what purpose they are being used and how the models have been trained, and other questions we should always ask. Another important consideration is whether those who are subject to these technologies have a choice in the matter and the consequences of these systems making decisions without human intervention. Lastly, we also need to ask: Does this actual system work? Does it negatively affect certain groups? The last thing the world needs is more inequality.
These systems require even more due diligence than "regular" technology that involves the processing of personal data. This is one of the reasons we are now seeing an increase in regulatory proposals aimed at ensuring these technologies don't harm humans. Notably, the draft European AI Act bans certain uses of AI. Personally, I think this is a good development. To my earlier point on the skills needed, the world has to ask more questions now when conducting the due diligence, so the industry needs people with different skill sets to be effective.
From the point of view of a professional who has managed privacy both in-house and as an entrepreneur, what are the key differences between the two?
It is different on many levels. When I was an entrepreneur, I used to joke that I was the CEO: Chief Everything Officer. This was true; I did everything from the privacy assessments for clients, to raising funds, marketing, PR, accounting, product roadmaps, etc. You have a lot of autonomy as an entrepreneur, but it can also be quite a lonely journey. I was a sole founder, so the buck truly stopped with me. It was a lot of pressure for someone who had just graduated college. That being said, I would do it again in a heartbeat, and I don't think I would be in the amazing role I have today if I had chosen a more traditional path. I learned so much from my journey as an entrepreneur, and many of those skills have been useful since I moved in-house.
Being in-house comes with an amazing team, fantastic culture, and lots of variety. Logitech is a multi-brand, multi-category company with so many different products and exciting projects, it is fast-paced and fun. I can be more focused on privacy, and I am pleased I don't have financial projections as part of my core tasks anymore (haha)! <hl>Part of me feels like I am still an entrepreneur, just in-house building our privacy program as opposed to a company.<hl>
Can you provide tips for starting a career as a privacy professional? What are the skills required to make an impact?
Some may say you need to be a lawyer, but I never believed this and I think those days are long behind us with many new legislative proposals that are adjacent to data protection laws (AI Act, Data Act, Digital Markets Act, etc.).
Personally, I believe in interdisciplinary teams so you can ensure smooth communications with the different stakeholders across the business. However, I do think you need to understand the law and believe that privacy matters. If one of those is missing, it is hard to work in a compliance function while maintaining happiness and fulfillment. Depending on what role you are seeking, you will need different skills. A privacy counsel will have to be a great negotiator and policy writer and must have taken the bar exam, while a privacy manager may need great people skills, attention to detail, and the ability to translate complex legal terms into language everyone can understand.
Project management is another critical skill that is often overlooked, it is critical to have this skill on your team if you want to be successful in rolling out global projects.
Let's end with a personal note. Do you regularly delete digital accounts or apps that you are not using anymore?
I try, but I certainly don't do this as often as I should!
Read more about our Top DPOs 2022 project here.