Send us a text

▶ UK ICO Investigates TikTok, Reddit & Imgur – 

The UK’s privacy regulator is investigating TikTok’s content recommendations for minors and Reddit and Imgur’s age verification measures, signaling a crackdown on children’s data protection.

▶ CJEU Clarifies ‘Meaningful Information’ in AI Decisions – 

The EU’s top court ruled that companies using automated decision-making must provide clear, intelligible explanations of how personal data influences outcomes, even if trade secrets are involved.

▶ California AG Targets Location Data Sharing – 

The California Attorney General is probing mobile apps, ad networks, and data brokers over potential violations of CCPA rules on precise location tracking, reinforcing consumer rights to limit data use.

Send us a text

As AI and LLMs become deeply embedded in products, privacy leaders must move fast to address privacy, security, and ethical risks.

In this episode, industry experts share their hands-on strategies, lessons learned, and best practices for:
✅ Building AI governance frameworks that scale
✅ Managing compliance with GDPR, CCPA, and emerging regulations
✅ Addressing security risks in AI-driven products
✅ Navigating ethical challenges in automated decision-making
✅ Mitigating third-party risks and vendor accountability

🎙 Featuring:
🔹 Henri Kujala – Global Head of Privacy by Design, Vodafone
🔹 Jon Adams – Senior Director, Legal (AI + Data), LinkedIn
🔹 Shoshana Rosenberg – Chief AI Governance & Privacy Officer, WSP USA
🔹 Barbara Sondag – Sr. Associate General Counsel & DPO Canada, Intuit
🔹 Nishant Bhajaria – Data Privacy Author & Executive

Whether you’re a privacy leader, legal expert, or AI professional, this panel delivers practical insights to help you navigate AI governance.

Send us a text

Leading privacy experts discuss why trust-based compliance is no longer enough and how product-driven privacy is the key to scalable compliance.

Here's what the Keynote covers:

🔹 Why teams can no longer rely on trust-based privacy mechanisms

🔹 How product privacy management enables evidence-based privacy and compliance at scale

🔹 Lessons from HP & Grindr on moving to evidence-based privacy

🔹 Privado.ai’s roadmap and vision for product privacy management

Huge thanks to Aaron Weller, Kelly Peterson, Vaibhav Antil, Prashant Mahajan for 

Send us a text

Privacy Corner Newsletter: February 13, 2025

🔹 EU’s AI Act Guidelines Clarify Compliance Risks – 
The European Commission releases two sets of AI Act guidelines, breaking down the definition of AI systems and outlining nine prohibited AI practices, including emotional manipulation and biometric categorization.

🔹 UK’s Secret Demand for Apple’s Encrypted Data – 
The UK government issues a confidential order under the Investigatory Powers Act, demanding Apple create a backdoor for accessing encrypted iCloud data, sparking concerns over user privacy and global implications.

🔹 Amazon Faces First Lawsuit Under Washington’s Health Data Law – 
A class action lawsuit accuses Amazon of collecting precise geolocation data and Mobile Advertising IDs via its SDK without consent, violating the My Health My Data Act’s strict health data protections.

Send us a text

Privacy Corner Newsletter: Jan 30, 2025
By Robert Bateman and Privado.ai

In this edition:

▶ UK Court Ruling: Invalid Consent in Gambling Case
A UK gambling firm unlawfully tracked users for marketing, despite their supposed consent. The court ruled that consent must be informed, freely given, and valid, emphasizing the importance of assessing users’ ability to provide meaningful agreement—especially in vulnerable groups.

▶ Google’s RTB System Accused of Sharing Data with China & Russia
A new complaint alleges that Google’s real-time bidding (RTB) system transmits sensitive user data to foreign entities, including those in China and Russia. The case claims these transfers violate US privacy laws and pose national security risks.

▶ New York Enacts Strict Health Privacy Law (NYHIPA)
The New York Health Information Privacy Act (NYHIPA) expands protections far beyond HIPAA, covering any organization processing health data linked to NY residents. This law applies to fitness apps, wearables, and non-HIPAA-regulated entities, making compliance a pressing concern for businesses handling health data.

▶ Privado.ai’s Bridge 2025: A Technical Privacy Summit – Happening Next Week!
The must-attend event for privacy and security leaders! On Feb 5-6, 2025, join industry experts to explore how to bridge the gap between privacy laws and engineering solutions. Expect deep dives into privacy code scanning, automated data flow mapping, and compliance best practices.

Send us a text

Privacy Corner Newsletter: Jan 16, 2025

In this edition:

▶ European Commission must pay damages for Facebook Login feature violation

▶ Texas sues Allstate under new privacy law for illegal data collection

▶ CJEU rules gender data collection not lawful for personalization under ‘contract’ basis

Send us a text

Privacy Corner Newsletter: January 2, 2025

In this edition:

▶ OpenAI faces penalties for GDPR breaches linked to ChatGPT, including transparency failures and inadequate age verification.

▶ California Privacy Protection Agency settles with two more data brokers
PayDae and The Data Group fined for failing to register under California’s Delete Act, with further enforcement anticipated.

▶ Google will permit device fingerprinting starting February 16, 2025, despite ICO objections.

Before we wrap up…

Privado.ai is thrilled to announce Bridge 2025: A Technical Privacy Summit, happening virtually from February 5-6, 2025.

👇 Discover actionable solutions that connect privacy laws to practical engineering strategies, including:
- Unlocking privacy ROI
- Navigating adtech compliance challenges
- Designing privacy-first engineering frameworks

Mark your calendars and join the privacy engineering revolution here:
https://www.privado.ai/bridge-privacy-summit

Send us a text

Privacy Corner Newsletter: December 19, 2024

In this edition:

The Irish DPA fines Meta €251 million over a 2018 data breach, the Dutch DPA fines Netflix €4.75 million for transparency failings, and the French DPA cracks down on non-compliant cookie banners.

▶ Irish DPA fines Meta €251 million over 2018 data breach
The fine follows a breach affecting 29 million Facebook accounts. The DPC found violations of GDPR’s data protection by design, breach reporting obligations, and more.

▶ Dutch DPA fines Netflix €4.75 million for transparency failures
Netflix failed to disclose adequate privacy information, leading to a fine for GDPR violations regarding transparency, data retention, and international data transfers.

▶ French DPA issues cookie banner crackdown
Website operators have one month to comply with stricter cookie consent rules, addressing dark patterns and ensuring an equal choice between accepting and rejecting cookies.

Send us a text

Privacy Corner Newsletter: Dec 5, 2024

In this edition:

The FTC proposes orders targeting sensitive data misuse, Australia bans kids from social media, and noyb gains new powers for collective GDPR actions.

▶ FTC targets sensitive location data misuse in proposed orders:
Gravy Analytics and Mobilewalla face sanctions for selling sensitive location data, including segments like “New Parents” and “LGBTQ+ Community.”

▶ Australia bans kids from social media and reforms privacy laws:
New laws require stricter age verification, ban accounts for under-16s, and introduce a tort for serious privacy invasions.

▶ Noyb gains rights to bring GDPR “class actions” across the EU:
Now recognized as a “qualified entity,” noyb can enforce collective claims and injunctions against GDPR violations.

Send us a text

Privacy Corner Newsletter: November 21, 2024

▶ German Court Opens the Door to Mass Data Breach Lawsuits:

Germany’s Federal Court rules that "loss of control" over personal data qualifies for damages under GDPR Article 82—no proof of distress or financial loss required.

▶ Meta’s ‘Unskippable Ads’ Solution Gains EDPB Attention

Meta launches a free tier with ads using minimal data and unskippable formats in response to EU demands.

▶ Cyber Resilience Act Imposes New Rules on Digital Products

The EU’s Cyber Resilience Act sets strict cybersecurity and data protection requirements for most digital products, with significant penalties for non-compliance starting 2027.

#Privado #ThePrivacyCorner #GDPR #EDPB #CyberAct #EU