This session seeks to clear up some of the confusion, provide actionable insights, and provoke discussion across that linguistic divide. This structured activity will lead lawyers and programmers to understand privacy compliance from the ground up — how policies actually get implemented in reality, not just theory.

We will begin this session with an overview of how privacy policies are implemented in companies. We will then as a group look at real-world privacy policies and break into groups to discuss our interpretation of the legal ramifications of the text in an example jurisdiction as well as some of the technical (implementation) choices that are consistent with their text and some of their possible operational consequences.

We are a technology lawyer and a technologist with compliance expertise. While we are both also academics, we will approach this session from the perspective of our years of practical experience working within and for companies, from early-stage startups to established global conglomerates. As we have seen firsthand, laws and regulations often do not account for the actual realities of implementing policies in the complex techno-social systems within organizations. This session will hopefully illuminate some of those gaps between the law and reality.