Masters of Privacy

The business purposes of digital data collection are not so obvious to all, and things will get even more complicated in an internet dominated by AI agents. We will today revisit the history of Digital Analytics and its evolution from Marketing-centric Analytics to Product Analytics and, eventually, Customer Experience Management (CXM). From there we will address the origins and current state of the composable MarTech stack and the activation, personalization, or demand generation possibilities it unlocks, with a new generation of Customer Data Platforms and Data Warehouses at its core.We do this with the best possible guest. Adam Greco is one of the leaders of the data industry. As one of Omniture’s earliest customers and employees and a data consultant, he has helped thousands of organizations improve their digital properties through data. Adam has blogged extensively about data and authored the preeminent book on Adobe Analytics. He has held strategic roles at Salesforce, Amplitude, and several other leading organizations, having also served as a board member of several data technology providers and winning several awards from the Digital Analytics Association. Adam is a product evangelist at Hightouch, where he helps leading organizations strategize around using data to accelerate growth.References:* Adam Greco at Hightouch* Adam Greco on LinkedIn* Tejas Manohar: Data activation and composable CDPs in a privacy-first world (Masters of Privacy, January 2024)* What is Customer Experience Management? (Harvard Business Review, April 2025)* A deeper look at AI crawlers: breaking down traffic by purpose and industry (Cloudflare, August 2025)* Learning more about Digital Analytics: Marketing Analytics Summit (Santa Barbara, April 2026). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Anu H. Bradford is a Finnish-American author, law professor, and expert in international trade law. In 2014, she was named the Henry L. Moses Distinguished Professor of Law and International Organization at the Columbia Law School. She is the author of “Digital Empires: The Global Battle to Regulate Technology” and “The Brussels Effect: How the European Union Rules the World”.Anu Bradford attended Harvard Law School on a Fulbright Scholarship, graduating with another Master of Laws degree from Harvard in 2002. After time in Brussels with the law firm of Cleary Gottlieb Steen & Hamilton, working on EU competition law, she returned to the US, joining the faculty at the University of Chicago as an assistant professor of law. She later joined Columbia Law School as a professor of law and an expert in international trade law. She has been named a Young Global Leader by the World Economic Forum and in 2024, she was awarded the Stein Rokkan Prize for Comparative Social Science Research for her book Digital Empires.With Anu we are finally looking at EU Digital Policy, including personal data protection and privacy, from a geopolitical and international trade perspective.References:* Anu Bradford (Wikipedia)* Anu Bradford on LinkedIn* Digital Empires: The Global Battle to Regulate Technology (Oxford University Press, 2023)* The Brussels Effect: How the European Union Rules the World (Oxford University Press, 2019)* EU-US trade figures 2023 (EU Commission, Trade Policy)* Lukasz Olejnik: Propaganda, misinformation, the DSA, Section 230, and the US elections (Masters of Privacy, November 2024). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel.Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024.She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).With our guest, here for a third time, we have gone through the logic of the Digital Omnibus package aiming to reform a cluster of important EU regulations, the “birth defects” of the AI Act, the importance of South Korea in the global data protection panorama, and the potential consequences of the recent CJEU case, Russmedia.References:* Gabriela Zanfir-Fortuna at the Future of Privacy Forum* Gabriela Zanfir-Fortuna on LinkedIn* Gabriela Zanfir-Fortuna: A world tour of data protection laws (Masters of Privacy, April 2021)* Data Protection vs. Privacy and Data Privacy: a January 28th conundrum (with Gabriela Zanfir-Fortuna, Masters of Privacy - 2025)* X v Russmedia Digital SRL (CJEU, December 2, 2025). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

It is time to revisit Data Clean Rooms, having dedicated seven previous episodes to the topic across both the English and Spanish-language channels. The convergence of advanced data management techniques, more mature Privacy Enhancing Technologies, and sophisticated 1st-party data-based collaboration scenarios (on the back of AI, retail media, and Connected TV) already call for frequent updates. This is now accompanied by a more nuanced legal analysis that will benefit from the recent EDPS v. SRB (CJEU) case (on the relative nature of “personal data”).Some common, burning questions that you will find answered in this episode: How do you apply Joint Controllership agreements to the various stages in common business cases? How to handle more complex relationships involving two or more parties?References:* Jacob Feder on LinkedIn* Jacob Feder at Fieldfisher* Peter Craddock: EDPS v SRB, the relative nature of personal data, processors, transparency, impact on MarTech and AdTech (Masters of Privacy, September 2025)* Nicola Newitt (Infosum): the legal case for Data Clean Rooms (Masters of Privacy, March 2023)* Matthias Eigenmann (Decentriq): Confidential Computing, contractual relationships and legal bases for Data Clean Rooms (Masters of Privacy, March 2024)* Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy, January 2024)* Guidelines 8/2020 on the targeting of social media users* Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW (CJEU, 2019): The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.* Digital Omnibus Regulation Proposal (EU Commission, November 19th 2025)* Meta Platforms Inc and Others v Bundeskartellamt (CJEU, 2023) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Can AI agents be deployed for enhanced protection? What is a “triple extortion”? How is ransomware evolving? Is there hope for SMEs?Sam Kaplan is a policy, legal, and national security professional with over eighteen years of experience across the public and private sectors. He is currently the Assistant General Counsel for Public Policy & Government Affairs at Palo Alto Networks, providing legal guidance on domestic and international legislative, regulatory, and policy matters, with a focus on cybersecurity, AI governance, privacy, data security, international data flows, and public-private capacity building.Before Palo Alto Networks, Sam led the global product policy team for Facebook’s News Feed and News Tab at Meta Platforms, addressing issues like AI/ML fairness, algorithmic transparency, platform integrity, election security, misinformation, and harmful content.Prior to his private sector roles, Sam spent over thirteen years in the Federal Government. He held senior leadership positions at the U.S. Department of Homeland Security, including Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Policy and Chief Privacy Officer. Earlier government roles included work at the U.S. Department of Justice (Office of Legal Policy, Bureau of Alcohol, Tobacco, Firearms and Explosives, and U.S. Attorney’s Office for the Eastern District of Virginia) and as Counselor to a member of the Privacy and Civil Liberties Oversight Board, focusing on the U.S. Intelligence Community.References:* Sam Kaplan on LinkedIn* Palo Alto Networks* Unit 42 Research (Palo Alto Networks)* Cyber Information Sharing and Collaboration Program (CISCP) at CISA (Cybersecurity and Infrastructure Security Agency) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

In this live recording (January 14th 2026), we have conducted a comparative law exercise (US/EU) regarding ePrivacy compliance through Universal Opt-Out signals.Alan Chapell is the President of Chapell & Associates, a law firm serving media and AdTech. He is outside counsel and CPO to several of the leading advertising and technology companies. He regularly publishes both The Chapell Report and The Monopoly Report.References:* Alan Chapell on LinkedIn* The Chapell Report* The Monopoly Report* IEEE P 7012 (MyTerms)* Alan Chapell: The many struggles of Google’s Privacy Sandbox, and how to deploy it in compliance with EU and US privacy laws (Masters of Privacy, May 2024)* Can the GPC standard eliminate consent banners in the EU? (Sebastian Zimmeck, Harshvardhan J. Pandit, Frederik Zuiderveen Borgesius, Cristiana Teixeira Santos, Konrad Kollnig, Robin Berjon)* The slippery slope of consent banners in preventing CIPA and VPPA claims: why effective Opt-Outs will prevail - also in the EU (Sergio Maldonado). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We will stick to our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs, Zero-Party Data and Customer Centricity; Future of Media.This season’s update includes:* CJEU Russmedia decision (“mere conduit” safe harbour overridden by a marketplace’s role as a data controller)* EU/UK DPA fines (LastPass-ICO, Infobel-APDB, AMEX-CNIL, AENA-AEPD)* California: Public enforcement (by both the AG -JamCity, SlingTV- and the CPPA) and status of CIPA lawsuits* Texas’ AG vs. TV manufacturers* New legislation: EU Digital Omnibus, California’s spree, US Executive Order on AI* Most recent adventures and daring moves of Meta, OpenAI, Google, Apple and X in the face of MarTech/AdTech constraints, market dynamics, antitrust actions and other enforcement initiatives.(Our referenced monographic episode on CIPA/VPPA litigation is available here.)All references and links can be found in a separate blog post available to Masters of Privacy Connect subscribers on our website’s Newsroom section (Newsroom Notes: Fall 2025).Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs.Happy Holidays to all of you :) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

On Wednesday November 19 2025, the European Commission unveiled its Digital Omnibus Package, which was basically split in two proposals: a proposed Regulation on simplification for AI rules; and a proposed Regulation on simplification of the digital legislation. We will tackle the first one today.Today we are reviewing that AI-related block with Oliver Patel, who is AI Governance Lead at the global pharma and biotech company AstraZeneca, where he helps implement and scale AI governance worldwide. He also advises governments and international policymakers as a Member of the OECD’s Expert Group on AI Risk and Accountability.References:* Oliver Patel, “Fundamentals of AI Governance” (now available for pre-order)* Enterprise AI Governance, a newsletter by Oliver Patel* Oliver Patel on LinkedIn* Oliver Patel: How could the EU AI Act change?* EU proposal for a Regulation on simplification for AI rules (EU Commission, covered today)* EU proposal for a Regulation on simplification of the digital legislation (EU Commission, not covered today)* Europe’s digital sovereignty: from doctrine to delivery (Politico). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Can the growing use of first-party data in mobile app advertising result in more effective, privacy-preserving ads? Are app store policies (around fingerprinting and the use of deterministic IDs) more relevant than specific data protection laws and enforcement actions? Can AI take contextual information to the next level? Will LLMs result in collecting less data in order to anticipate customer journeys?Zino Rost van Tonningen is the CEO of TyrAds, a cutting-edge adtech company revolutionizing mobile app marketing with privacy-first programmatic solutions. With over a decade of experience in growth and product strategy for fast-moving brands, Zino combines creative agility with strategic rigor to help startups and established app publishers scale effectively in today’s cookieless ecosystem.References:* Zino Rost van Tonningen on LinkedIn* TyrAds: Mobile App Growth Simplified* Spotify: How We Automated Content Marketing to Acquire Users at Scale* Apple Developers: User privacy and data use* ATT opt-in rates in 2025: Benchmarks, insights and how to increase yours (Purchasely)* Overview of the SDK Runtime on Android This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Dr. Stefano Bennati has over a decade of experience developing tools and processes to ensure data-centric organizations comply with privacy, licensing, and responsible AI standards.Our guest has led privacy engineering and responsible AI teams with a global mandate. His work includes building and deploying compliance tools such as code scanners, AI-powered algorithms for personal data detection and anonymization, design processes for compliance with ISO 27701 Privacy IMS and ISO 42001 AI IMS standards. His latest work is a book (co-authored with Dr. Engin Bozdağ) is titled “AI Governance: Secure, privacy-preserving, ethical systems”, a practical and accessible guide to govern AI and mitigate security, privacy, ethics and regulatory risks.References:* Dr. Stefano Bannati on LinkedIn* AI Governance: Secure, privacy-preserving, ethical systems (Engin Bozdağ, Stefano Bennati) - Use this code to get a 50% discount between Nov 25 and Dec 9th 2025: MLBozdag.* Lokke Moerel: using personal data in the development and deployment of AI models (Masters of Privacy, December 2024)* An overview of machine unlearning (Chunxiao Li et al., 2025)* Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit)* EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

As promised last week, today’s episode provides greater context on US ePrivacy audits, CIPA/VPPA claims, and EU-US comparative law as it affects the rollout or maintenance of MarTech solutions on websites and mobile applications.References:* “The slippery slope of consent banners in preventing CIPA and VPPA claims: why effective Opt-Outs will prevail - also in the EU” (Sergio Maldonado, November 2025 - you are listening to Part I of the more comprehensive analysis)* Jennifer Oliver: privacy litigation over pixels, trackers, and cookies (Masters of Privacy, August 2025)* From wiretapping and video rentals to website pixels, SDKs, and APIs. CIPA/VPPA litigation, risk management, and practical strategies (Nov 2025 update)* Toolbox: Fast CIPA/VPPA website auditing and case law matching for legal professionals (Alpha release). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

In this live recording (November 6th 2025) we have tackled website protections from pixel-related litigation or public enforcement, paying closer attention to technical measures and the bridge between legal compliance and code-based strategies.Our repeat guest is Daniel B. Rosenzweig, Founder & Principal Attorney at DBR Tech Law. He advises clients on legal and technical compliance with data privacy and AI laws, and counsels clients on industry mobile app store requirements, AdTech, and privacy-enhancing technologies.Daniel’s legal practice is unique in that he develops and codes technical solutions to help serve as a bridge between legal, marketing, and technical teams, in addition to providing clients foundational legal services (e.g., conducting risk assessments, drafting disclosures, etc.). He excels at assisting organizations put the law into action by translating complex legal requirements into actionable technical implementations.Our next live recording session is scheduled for Wednesday January 14th 2026. Find more information on the Events section of the Masters of Privacy website.References:* Daniel B. Rosenzweig on LinkedIn* DBR Tech Law* From wiretapping and video rentals to website pixels, SDKs, and APIs. CIPA/VPPA litigation, risk management, and practical strategies (Nov 2025 update, Masters of Privacy)* Daniel Rosenzweig: OK, fingerprinting (Masters of Privacy, February 2025)* Jennifer Oliver: privacy litigation over pixels, trackers, and cookies This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Mélissa M’Raidi-Kechichian is a Research and Advocacy Fellow at the Center for AI and Digital Policy. As an expert in AI policy, frameworks, and regulation, Mélissa has previously worked in the field of AI and digital policy, civic technology, and digital identity, having also held several consulting positions in the private sector and being part of the AI ethics Advisory Panel of the Canadian Digital Governance Council.Mélissa is also a social entrepreneur and civic tech practitioner working at the intersection of technology, AI regulation, and advocacy. As the founder of Activists Of Tomorrow, they focus on how digital spaces can be used by everyday people to bring meaningful and lasting change to their community. During their free time, Mélissa hosts the Activists of Tech podcast — The Responsible Tech podcast, exploring the intersection of technology and social justice.With Mélissa we are revisiting Canada after our last interviews on the country’s data protection framework (over four years ago). We are this time reviewing the country’s latest moves in AI policy, and the manner in which privacy or data protection affects AI.References:* Mélissa M’Raidi-Kechichian on LinkedIn* The Activists of Tech podcast — The Responsible Tech podcast* Center for AI and Digital Policy* Activists of Tech - The Responsible Tech podcast* Parliamentary discussion of Bill C27: An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts* New privacy requirements under Quebec’s Law 25 now in force (IAPP blog)* Stephan Grynwajc: A lawyer’s take on EU-US data transfers and the Canadian approach (Masters of Privacy, October 2022)* Derek A. Lackey: A marketer’s take on EU-US data transfers and the Canadian approach (Masters of Privacy, October 2022). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

South Africa’s POPIA uniquely protects both individuals and legal entities, a departure from typical data protection laws. We have focused on understanding this unique figure (Will it one day offer key insights into the complexities arising from the increasing use of AI?) before discussing similarities with the GDPR and international data transfers, both within the SADC region and the wider African continent.Advocate Dirontsho Mohale holds an LLB, postgraduate diplomas in Compliance Management and Senior Management Development Programme from the University of Johannesburg and Regent Business School respectively. She is an Admitted Advocate of the High Court of South Africa, a member and a fellow of the Compliance Institute of Southern Africa - CPrac (SA), International Certified Compliance Practitioner (International Federation of Compliance Associations), is designated Fellow in information Privacy (CIPP/E and CIPM) by the International Association of Privacy Professionals and a FAIS Compliance Officer approved by the Financial Sector Conduct Authority. She is also a former non-executive director on the board of the Compliance Institute Southern Africa and chairs the Social, Ethics, Remuneration and Nominations Committee and a board member of the Each One Hold One.Dirontsho has worked in senior management positions within the financial services sector, locally and internationally, and has over 20 years’ experience as a compliance officer as well as in risk, governance and legal. She has occupied compliance roles in some of South Africa’s major banks and leading insurance companies. Her most recent roles include Senior Compliance Manager for Data Privacy and Corporate Governance at Discovery Group and Executive: POPIA at the Information Regulator SA as well as the role of a data privacy lead for Standard Bank Group after spending some time as the data privacy lead for Standard Bank South Africa.In her capacity as CEO of Baakedi Professional Practice, she offers governance, risk, legal, ethics and compliance services to organisations including data protection authorities not only within financial services providers, but in general; focusing mostly on data protection and privacy in the SADC region.References:* Advocate Dirontsho Mohale on LinkedIn* Protection of Personal Information Act (POPI Act) - POPIA* South Africa: Amendments to the POPIA regulations (Baker & McKenzie)* SADC: Southern African Development Community* Data Protection: Kenya and the EU launch very first Adequacy Dialogue on the African continent (May 2024). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

California has enacted a sweeping wave of new privacy and AI laws in the past few days. From browsers finally reading opt-out signals to age verification, chatbot companions, data brokers and AI transparency, some of these laws will have a serious impact on the areas we mostly focus on (marketing, advertising, ecommerce, media).We have discussed AB 566, SB 361, SB 53, AB 1043, AB 656, AB 853, and SB 243 with John Pavolosky, joining us for a second time.Our guest is a partner at Stoel Rives in San Francisco. He is co-lead of the firm’s Technology Industry Group. He has also been chair of the Intellectual Property Section of the California Lawyers Association.John has taught Technology Transactions Law at the UC Davis School of Law and Comparative Privacy Law at the Santa Clara University School of Law. John has also guest lectured on technology and privacy law topics at the University of California, Berkeley, Haas School of Business; the University of San Francisco School of Management; and Stanford University.References:* John Pavolotsky on LinkedIn* John Pavolotsky at Stoel Rives* John Pavolotsky: How successful can US privacy laws be at regulating AI models and systems? (Masters of Privacy, June 2025)* AB 566 (Opt-Out Preference Signal, October 8)* AB 1043 (Digital Age Assurance Act, October 13)* SB690, the law that could have done away with most CIPA lawsuits* SB 361 (Expanded Data Broker Transparency Requirements, October 8)* AB 56 (Social Media Warning Law, October 13)* AB 656 (Social Media Account “Delete” Button, October 8)* SB 243 (Companion Chatbots, October 13)* Her, a Spike Jonze movie (2013)* AB 853 (Amendment to the California AI Transparency Act, October 13)* SB 53 (Transparency in Frontier AI Act, September 29). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Can we ever escape never-ending assessments as a core activity of a privacy management program? How does Privacy Tech extend to AI governance? Does built-in know-how become the most crucial moat?We are joined by Pádraig O’Leary, co-founder and CEO of TrustWorks, in a new installment of our Privacy Tech series (our sixth). Pádraig (Ph.D.) is a former academic in computer science.TrustWorks works with Fortune 500 and high-growth clients, helping them discover what AI and data they’re really using, understand the context of regulations and implications, and embed governance into everyday operations.References:* Pádraig O’Leary Ph.D. on LinkedIn* TrustWorks, recipients of the PICASSO most Impactful Privacy Product Award* Christine Desrosiers (Boltive): Privacy Tech spotlight V - understanding Manipulative Design and rolling out comprehensive client-side monitoring (Masters of Privacy, July 2025)* Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence (Masters of Privacy, July 2025)* Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025)* Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025)* Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Alexandria (Lexi) Andresen Lutz is founder of the nonprofit Opt-Inspire, Inc., which is focused on empowering seniors, children, other vulnerable populations, and their caregivers to reduce scams and close the digital divide between generations.In her day job, Lexi serves as Senior Corporate Counsel at a Fortune 500 retail company, where she advises on privacy, cybersecurity, and AI. She currently serves in leadership roles in the American Bar Association and is Chair of the IAPP Boston chapter.References:* SIGN UP NOW for the Masters of Privacy NYC LIVE recording and networking event on Nov 6* Alexandria (Lexi) Lutz on LinkedIn* Opt Inspire* FBI: Internet Crime Report 2024* John Cavanaugh: Privacy as a grassroots movement (Masters of Privacy, June 2024)* Jeff Jockisch: AI-powered phishing attacks in the age of the Delete Act (Masters of Privacy, October 2023). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Robert Bateman is a Senior Partner at Privacy Partnership, which provides consultancy and training on data protection and AI regulation, as well as legal advice via its associated law firm, Privacy Partnership Law. He also hosts The Privacy Partnership Podcast.This is Robert’s third appearance on the show. We have covered three hot topics:* How far do we take watermarking of AI-generated content under article 50 of the AI Act?* How do pre-defined legitimate interest scenarios work under the UK Data (Use and Access) Act?* What is the tension between the Online Safety Act and the new data protection framework in the UK?References:SIGN UP NOW for the Masters of Privacy NYC LIVE recording and networking event on Nov 6 (if you happen to be in town)* Robert Bateman on LinkedIn* Robert Bateman on Bluesky* The Privacy Partnership Podcast* AI Act (EU Commission’s resources)* Data (Use and Access) Act 2025: data protection and privacy changes* The EU approach to age verification (EU Commission)* EU follows UK with age verification in 2026 (PPC Land)* Wikipedia loses challenge against Online Safety Act verification rules (BBC)* Robert Bateman: the EDPB’s Opinion on auditing subprocessors and the future of Meta’s unskippable ads (Masters of Privacy, Nov 2024)* Robert Bateman: Consent or Pay (Masters of Privacy, Oct 2023) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We will stick to our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; Future of Media.This includes:* CJEU decisions on Latombe (EU-US data transfers have survived, for now) and SRB (relative nature of personal data) * UK legal updates and ICO consultations on ePrivacy-related topics* Record public fines and enforcement actions in California* Ongoing explosion of pixel and cookie-related lawsuits across the US* Important fines in the EU, with CNIL’s unwavering passion for large-scale ePrivacy enforcement* Agentic AI milestones for AdTech and customer centricity/empowerment* Key initiatives to protect copyright holders from large AI labs (together with Anthropic’s settlement)All references and links can be found in a separate blog post available to Masters of Privacy Connect subscribers on our website’s Newsroom section.Our usual disclaimer: the voice that joins me today is a text-to-speech output generated with Eleven Labs. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

How can we apply differential privacy to real-world scenarios? How do you go about algorithmic design? Is there a conflict between data minimization and differential privacy? Can you solve for personal data finding its way into machine learning models? Where can a young professional find resources to dive deeper?References:* Daniel Simmons-Marengo on LinkedIn* OpenDP* Some takeaways from PEPR’24 (USENIX Conference on Privacy Engineering Practice and Respect 2024)* Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy, January 2024)* NIST Guidelines for Evaluating Differential Privacy Guarantees (March 2025)* Peter Craddock: EDPS v SRB, the relative nature of personal data, processors, transparency, impact on MarTech and AdTech (Masters of Privacy, September 2025)* Katharine Jarmul: Demystifying Privacy Enhancing Technologies (Masters of Privacy, October 2023)* Sunny Kang: Machine Learning meets Privacy Enhancing Technologies (Masters of Privacy, February 2023)* How GDPR changes the rules for research (Gabe Maldoff, IAPP blog, 2016) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe