Send us a text

📢 Privacy Corner Newsletter: June 6, 2025

🔹 California tweaks CIPA lawsuits but the retroactive fix is gone

The Senate passed SB 690 to limit wiretapping claims tied to adtech by aligning CIPA with the CCPA — but removed the retroactive clause, meaning older lawsuits can still proceed.

🔹 German court says 'Accept & Close' banners aren’t enough

A Hannover court ruled cookie banners must allow true choice and that Google Tag Manager requires GDPR-valid consent — marking a major shift in how consent is interpreted.

🔹 TikTok wins court delay in data transfer ban

The Irish High Court granted a temporary stay on TikTok's China data transfer ban, pausing the DPC’s order while appeals are heard — a relief for engineering and compliance teams.

#Privado #DataPrivacy #PrivacyEngineering

Send us a text

In this episode of the Website Privacy Series, Ali Jessani, Counsel at WilmerHale, joins Privado.ai CEO Vaibhav Antil to unpack the biggest privacy risks facing U.S. websites in 2025. 

From CCPA enforcement in California to biometric settlements in Texas, this session breaks down where companies are getting it wrong and what you can do to avoid fines and lawsuits.

You'll learn:

• What’s triggering class actions under CIPA and the My Health My Data Act
• How regulators are interpreting older laws for modern tech like pixels and SDKs
• Why new rules from the DOJ mean even data storage locations matter now

Whether you're in legal, privacy, or marketing, this conversation will help you understand where website tracking and consent setups are falling short and what you can do to protect your company.

Send us a text

📢 Privacy Corner Newsletter: May 22, 2025

🔹 Meta’s AI Training Faces Legal Pushback –
Noyb challenges Meta’s use of public posts for AI under “legitimate interests,” citing GDPR violations, lack of transparency, and risks to data subject rights.

🔹 OpenAI Ordered to Retain Chat Logs –
A U.S. judge directs OpenAI to preserve all ChatGPT output, overriding privacy settings and regulations amid a copyright case brought by The New York Times.

🔹 Montana Expands Privacy Law Scope –
Montana’s revised privacy law lowers thresholds, strengthens protections for minors, and introduces profiling opt-outs and stricter enforcement with no cure period.

#privado #dataprivacy #privacyengineering #privacybydesign

Send us a text

📢 Privacy Corner Newsletter: May 8, 2025

🔹 Meta’s Court Challenge Rejected – The EU’s General Court dismissed Meta’s attempt to annul the EDPB’s 'consent or pay' opinion, stating it lacks binding legal effect. Meta also failed in its claim for compensation.

🔹 Todd Snyder Fined $345K Under CCPA – A broken cookie consent mechanism and excessive ID verification led the California Privacy Protection Agency to fine fashion retailer Todd Snyder and demand major privacy practice changes.

🔹 EDPB Approves Short-Term UK Adequacy Extension – The Board endorsed a 6-month extension to the UK’s adequacy decision, calling it a one-time move to allow the new Data (Use and Access) Bill to be finalized.

Send us a text

📢 Privacy Corner Newsletter: April 24, 2025

🔹 EU Fines Meta & Apple Under DMA – 

The European Commission hits Meta with a €200M fine and Apple with €500M for violating the Digital Markets Act. This challenges the future of “consent-or-pay” models across Europe.

🔹 UK Law Firm Fined Over Ransomware Handling –

ICO fines a UK law firm £60,000 for poor response to a ransomware incident. The breach left sensitive data inaccessible reaffirming that loss of availability is a serious privacy violation.

🔹 NOYB Criticizes GDPR Reform –

Max Schrems’ NOYB blasts the EU’s new procedural reform proposal, warning it could delay enforcement by 33 months and weaken GDPR’s effectiveness.

Send us a text

Privacy engineering is a growing field that requires a blend of regulatory knowledge and technical skills. Privacy engineers are tasked with collaborating across privacy and engineering teams to ensure compliance while maintaining technical excellence.

In this panel, experienced privacy engineers share how they built their expertise, overcame organizational challenges, and delivered tangible value across both privacy and engineering teams. Gain insights into how privacy engineering drives ROI while ensuring privacy compliance in a fast-evolving tech landscape.

Speakers: 
➡️ Alon Levy, Engineering Manager, Uber
➡️ Luke Oglesbee, Senior Software Engineer, Remitly
➡️ Saima Fancy, Senior Privacy Specialist
➡️ Nishant Bhajaria, Data Privacy Author and Executive

Send us a text

Privacy fines in adtech are skyrocketing, with regulators targeting non-compliant data sharing between marketers and partners. Many businesses still rely on outdated tracking methods, exposing them to legal and financial risks.

This panel shares the latest enforcement trends, the biggest compliance gaps in marketing data practices, and how privacy teams can enforce technical controls to mitigate risks. Learn actionable strategies to align adtech with evolving privacy laws and avoid regulatory penalties.

Speakers: 
➡️ Robert Bateman-Data Protection Consultant at KnowData Ltd, 
➡️ Daniel Goldberg-Partner, Privacy & Security Attorney at FKKS, 
➡️ Andrea Wheeler-Sr. Privacy Operations Manager at Quantcast, 
➡️ Rowena Lam-Sr. Director of Product, Privacy, and Data at IAB, 
➡️ Raashee Gupta Erry-Advisor & Consultant at Lucid Privacy

Send us a text

Privacy Corner Newsletter: April 10, 2025

🔹 EU Advocate General Backs Conditional Consent –

A new opinion from the EU’s top legal advisor says offering a newsletter in exchange for personal data can be lawful, as long as users are informed and the service is genuinely optional.

🔹 CCPA Narrows Scope of ADMT Rules –

California’s privacy regulator has clarified that targeted advertising does not count as automated decision-making under the CCPA, easing compliance pressure on businesses that rely on behavioral data.

🔹 UK Justice Ministry Develops Predictive Policing Tool –

The UK government is piloting an AI system to identify individuals at risk of committing murder based on prior offenses and vulnerability factors, raising serious privacy and ethics questions.

Send us a text

▶ UK ICO Investigates TikTok, Reddit & Imgur – 

The UK’s privacy regulator is investigating TikTok’s content recommendations for minors and Reddit and Imgur’s age verification measures, signaling a crackdown on children’s data protection.

▶ CJEU Clarifies ‘Meaningful Information’ in AI Decisions – 

The EU’s top court ruled that companies using automated decision-making must provide clear, intelligible explanations of how personal data influences outcomes, even if trade secrets are involved.

▶ California AG Targets Location Data Sharing – 

The California Attorney General is probing mobile apps, ad networks, and data brokers over potential violations of CCPA rules on precise location tracking, reinforcing consumer rights to limit data use.

Send us a text

As AI and LLMs become deeply embedded in products, privacy leaders must move fast to address privacy, security, and ethical risks.

In this episode, industry experts share their hands-on strategies, lessons learned, and best practices for:
✅ Building AI governance frameworks that scale
✅ Managing compliance with GDPR, CCPA, and emerging regulations
✅ Addressing security risks in AI-driven products
✅ Navigating ethical challenges in automated decision-making
✅ Mitigating third-party risks and vendor accountability

🎙 Featuring:
🔹 Henri Kujala – Global Head of Privacy by Design, Vodafone
🔹 Jon Adams – Senior Director, Legal (AI + Data), LinkedIn
🔹 Shoshana Rosenberg – Chief AI Governance & Privacy Officer, WSP USA
🔹 Barbara Sondag – Sr. Associate General Counsel & DPO Canada, Intuit
🔹 Nishant Bhajaria – Data Privacy Author & Executive

Whether you’re a privacy leader, legal expert, or AI professional, this panel delivers practical insights to help you navigate AI governance.