Send us a text

📢 Privacy Corner Newsletter: May 8, 2025

🔹 Meta’s Court Challenge Rejected – The EU’s General Court dismissed Meta’s attempt to annul the EDPB’s 'consent or pay' opinion, stating it lacks binding legal effect. Meta also failed in its claim for compensation.

🔹 Todd Snyder Fined $345K Under CCPA – A broken cookie consent mechanism and excessive ID verification led the California Privacy Protection Agency to fine fashion retailer Todd Snyder and demand major privacy practice changes.

🔹 EDPB Approves Short-Term UK Adequacy Extension – The Board endorsed a 6-month extension to the UK’s adequacy decision, calling it a one-time move to allow the new Data (Use and Access) Bill to be finalized.

Send us a text

📢 Privacy Corner Newsletter: April 24, 2025

🔹 EU Fines Meta & Apple Under DMA – 

The European Commission hits Meta with a €200M fine and Apple with €500M for violating the Digital Markets Act. This challenges the future of “consent-or-pay” models across Europe.

🔹 UK Law Firm Fined Over Ransomware Handling –

ICO fines a UK law firm £60,000 for poor response to a ransomware incident. The breach left sensitive data inaccessible reaffirming that loss of availability is a serious privacy violation.

🔹 NOYB Criticizes GDPR Reform –

Max Schrems’ NOYB blasts the EU’s new procedural reform proposal, warning it could delay enforcement by 33 months and weaken GDPR’s effectiveness.

Send us a text

Privacy engineering is a growing field that requires a blend of regulatory knowledge and technical skills. Privacy engineers are tasked with collaborating across privacy and engineering teams to ensure compliance while maintaining technical excellence.

In this panel, experienced privacy engineers share how they built their expertise, overcame organizational challenges, and delivered tangible value across both privacy and engineering teams. Gain insights into how privacy engineering drives ROI while ensuring privacy compliance in a fast-evolving tech landscape.

Speakers: 
➡️ Alon Levy, Engineering Manager, Uber
➡️ Luke Oglesbee, Senior Software Engineer, Remitly
➡️ Saima Fancy, Senior Privacy Specialist
➡️ Nishant Bhajaria, Data Privacy Author and Executive

Send us a text

Privacy fines in adtech are skyrocketing, with regulators targeting non-compliant data sharing between marketers and partners. Many businesses still rely on outdated tracking methods, exposing them to legal and financial risks.

This panel shares the latest enforcement trends, the biggest compliance gaps in marketing data practices, and how privacy teams can enforce technical controls to mitigate risks. Learn actionable strategies to align adtech with evolving privacy laws and avoid regulatory penalties.

Speakers: 
➡️ Robert Bateman-Data Protection Consultant at KnowData Ltd, 
➡️ Daniel Goldberg-Partner, Privacy & Security Attorney at FKKS, 
➡️ Andrea Wheeler-Sr. Privacy Operations Manager at Quantcast, 
➡️ Rowena Lam-Sr. Director of Product, Privacy, and Data at IAB, 
➡️ Raashee Gupta Erry-Advisor & Consultant at Lucid Privacy

Send us a text

Privacy Corner Newsletter: April 10, 2025

🔹 EU Advocate General Backs Conditional Consent –

A new opinion from the EU’s top legal advisor says offering a newsletter in exchange for personal data can be lawful, as long as users are informed and the service is genuinely optional.

🔹 CCPA Narrows Scope of ADMT Rules –

California’s privacy regulator has clarified that targeted advertising does not count as automated decision-making under the CCPA, easing compliance pressure on businesses that rely on behavioral data.

🔹 UK Justice Ministry Develops Predictive Policing Tool –

The UK government is piloting an AI system to identify individuals at risk of committing murder based on prior offenses and vulnerability factors, raising serious privacy and ethics questions.

Send us a text

▶ UK ICO Investigates TikTok, Reddit & Imgur – 

The UK’s privacy regulator is investigating TikTok’s content recommendations for minors and Reddit and Imgur’s age verification measures, signaling a crackdown on children’s data protection.

▶ CJEU Clarifies ‘Meaningful Information’ in AI Decisions – 

The EU’s top court ruled that companies using automated decision-making must provide clear, intelligible explanations of how personal data influences outcomes, even if trade secrets are involved.

▶ California AG Targets Location Data Sharing – 

The California Attorney General is probing mobile apps, ad networks, and data brokers over potential violations of CCPA rules on precise location tracking, reinforcing consumer rights to limit data use.

Send us a text

As AI and LLMs become deeply embedded in products, privacy leaders must move fast to address privacy, security, and ethical risks.

In this episode, industry experts share their hands-on strategies, lessons learned, and best practices for:
✅ Building AI governance frameworks that scale
✅ Managing compliance with GDPR, CCPA, and emerging regulations
✅ Addressing security risks in AI-driven products
✅ Navigating ethical challenges in automated decision-making
✅ Mitigating third-party risks and vendor accountability

🎙 Featuring:
🔹 Henri Kujala – Global Head of Privacy by Design, Vodafone
🔹 Jon Adams – Senior Director, Legal (AI + Data), LinkedIn
🔹 Shoshana Rosenberg – Chief AI Governance & Privacy Officer, WSP USA
🔹 Barbara Sondag – Sr. Associate General Counsel & DPO Canada, Intuit
🔹 Nishant Bhajaria – Data Privacy Author & Executive

Whether you’re a privacy leader, legal expert, or AI professional, this panel delivers practical insights to help you navigate AI governance.

Send us a text

Leading privacy experts discuss why trust-based compliance is no longer enough and how product-driven privacy is the key to scalable compliance.

Here's what the Keynote covers:

🔹 Why teams can no longer rely on trust-based privacy mechanisms

🔹 How product privacy management enables evidence-based privacy and compliance at scale

🔹 Lessons from HP & Grindr on moving to evidence-based privacy

🔹 Privado.ai’s roadmap and vision for product privacy management

Huge thanks to Aaron Weller, Kelly Peterson, Vaibhav Antil, Prashant Mahajan for 

Send us a text

Privacy Corner Newsletter: February 13, 2025

🔹 EU’s AI Act Guidelines Clarify Compliance Risks – 
The European Commission releases two sets of AI Act guidelines, breaking down the definition of AI systems and outlining nine prohibited AI practices, including emotional manipulation and biometric categorization.

🔹 UK’s Secret Demand for Apple’s Encrypted Data – 
The UK government issues a confidential order under the Investigatory Powers Act, demanding Apple create a backdoor for accessing encrypted iCloud data, sparking concerns over user privacy and global implications.

🔹 Amazon Faces First Lawsuit Under Washington’s Health Data Law – 
A class action lawsuit accuses Amazon of collecting precise geolocation data and Mobile Advertising IDs via its SDK without consent, violating the My Health My Data Act’s strict health data protections.

Send us a text

Privacy Corner Newsletter: Jan 30, 2025
By Robert Bateman and Privado.ai

In this edition:

▶ UK Court Ruling: Invalid Consent in Gambling Case
A UK gambling firm unlawfully tracked users for marketing, despite their supposed consent. The court ruled that consent must be informed, freely given, and valid, emphasizing the importance of assessing users’ ability to provide meaningful agreement—especially in vulnerable groups.

▶ Google’s RTB System Accused of Sharing Data with China & Russia
A new complaint alleges that Google’s real-time bidding (RTB) system transmits sensitive user data to foreign entities, including those in China and Russia. The case claims these transfers violate US privacy laws and pose national security risks.

▶ New York Enacts Strict Health Privacy Law (NYHIPA)
The New York Health Information Privacy Act (NYHIPA) expands protections far beyond HIPAA, covering any organization processing health data linked to NY residents. This law applies to fitness apps, wearables, and non-HIPAA-regulated entities, making compliance a pressing concern for businesses handling health data.

▶ Privado.ai’s Bridge 2025: A Technical Privacy Summit – Happening Next Week!
The must-attend event for privacy and security leaders! On Feb 5-6, 2025, join industry experts to explore how to bridge the gap between privacy laws and engineering solutions. Expect deep dives into privacy code scanning, automated data flow mapping, and compliance best practices.