Can Safety Do What Privacy Hasn't?
The role of product safety in the digital age
We regulate how companies handle data. But we don't regulate what digital products actually do. Lisa LeVasseur has spent years building the case, and the tools, for treating digital products with the same safety rigor we apply to cars, food, and medicine. Her research shows it historically takes about 50 years from a new product category reaching mass adoption to product safety regulation. We're 43 years in.
Register for this webinar
Fill out the form below to reserve your spot.
Already registered?
Enter your email to sign in and access the webinar.
The Future of Privacy
The Future of Privacy is the theme of a webinar series developed in collaboration with Eyd and Personverndagene. We will air approximately one webinar per month until Personverndagene kicks off in mid-September 2026.
Agenda for this webinar
GDPR regulates corporate behavior: how companies collect, store, and share data. But it doesn't regulate product behavior: what the app, the connected device, or the platform actually does once it's in someone's hands. That distinction matters. Because after nearly a decade of GDPR, digital products still ship with dozens of third-party components their own developers can't fully account for, still transmit data to destinations no one audited, and still operate with no independent safety testing, no ingredient labels, and no way for a consumer, a DPO, or a procurement officer to know what's happening under the hood.
This isn't a gap that more privacy regulation will close. It's a product safety problem. And it has a history. LeVasseur traces how the tobacco industry in 1953 created a playbook to resist product safety accountability, sow doubt in independent research, guard corporate secrecy, deflect blame onto the user. That playbook was adopted by the automobile industry, and now by digital product industries. "Notice and consent" is the digital version of "the driver should have been more careful."
The EU is further ahead than the US, having recognized digital products as products in the General Product Safety Regulation (2023) and extended liability to software in the Product Liability Directive (2024). But the infrastructure for independent measurement barely exists.
In this conversation we will explore:
- Why the distinction between regulating corporate behavior and product behavior is necessary and why it changes everything
- The 50-year product safety lag, and what has historically closed it
- How the tobacco industry's 1953 playbook lives on in big tech's approach to accountability
- The various product safety actions available for manufacturers, consumers, and governments
- What independent safety testing for digital products would look like, and why ISL is already building it
- Where the EU's product safety framework is ahead, and where it still falls short
- Why empirical measurement, not more rules, is the missing piece
Guest
Lisa LeVasseur
Founder & Executive Director, Internet Safety Labs
Lisa LeVasseur is the founder and Executive Director of Internet Safety Labs (ISL), a nonprofit building the world's first independent product safety testing infrastructure for digital products. ISL's App Microscope provides safety labels for web and mobile apps based on observed product behavior, not developer claims. LeVasseur was a 2024–25 Technology & Human Rights Fellow at the Carr-Ryan Center for Human Rights at Harvard Kennedy School, where she authored "A Product Safety Playbook for the Digital Age." Her research traces the historical patterns of product safety resistance across industries, from tobacco to automobiles to digital products, and makes the case that empirical measurement is the foundation for accountability.
Host
Vibeke Specht
Co-Founder of Peak Privacy
CIPP/E certified privacy professional and author of "From GDPR Confusion to Privacy First Marketing".