Masters of Privacy

Chiara Wirz is a dual-admitted lawyer (California-Switzerland) who advises on privacy, AI governance, and cross-border corporate matters. She has served as Corporate Counsel and AI Ambassador at eBay Inc., where she built AI governance frameworks, operationalized AI deployment at the use case level, and trained legal and compliance professionals.Chiara holds triple IAPP certification, is completing a Professional MBA, and is Co-Chair of the WISP (Women in Security and Privacy) San Francisco Bay Area chapter. She is also an Executive Committee member of the New Lawyers Section and the Liaison of the Privacy Section of the California Lawyers Association.Our guest is a published author and conference speaker on AI governance (PLI, SCCE, California Lawyers Association).References* Chiara Wirz on LinkedIn* Women in Security and Privacy (WISP)* EU AI Act-based AI Governance (with AI Sentinel)* ISO 42001-based AI Governance (with AI Sentinel)* NIST-based AI Governance (with AI Sentinel). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Can you imagine an all-encompassing dashboard that shows your progress across all three pillars of “digital confidence”: AI governance, privacy, and cybersecurity?Amy Worley is Managing Director at BRG, a global leader in data protection, information security, and AI governance. A licensed attorney, certified privacy professional, and certified information systems security professional, She formerly served as the Chief Privacy Officer for a billion-dollar pharmaceutical and medical device company and now serves as a fractional Data Protection Officer for several multinational companies.Our guest is the author of the newly-published book “The Confidence Advantage. Optimizing Privacy, Cybersecurity and AI Governance for Growth”, and we will discuss its contents, how they came to be, and how they apply to the real world.References:* Amy Worley on LinkedIn* The Confidence Advantage (official website)* The Confidence Advantage (Amazon.com)* Amy Worley: US privacy compliance for B2B startups, cross-border AI regulation, and a first glance at the American Privacy Rights Act (Masters of Privacy, April 2024)* NIST-based AI Governance with AI Sentinel (explanatory video)* DPO Central on TODO.LAW This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We will stick to our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs, Zero-Party Data and Customer Centricity; Future of Media.This season’s update includes:* EU, UK, and California fines (Free, Reddit, Disney, PlayOn)* Progress on the Digital Omnibus* Important CJEU cases (WhatsApp vs. EDPB)* AI capabilities spreading fast through MarTech and AdTech* OpenClaw, Moltbook, Manus, WebMCP* Fresh DSA and DMA enforcement in the EU (Google, TikTok)All references and links can be found in a separate blog post available to paid Masters of Privacy subscribers on our website’s Newsroom section (Newsroom Notes: Winter 2026).Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

John Harman (CIPP-US, CIPP-E, CIPM, FIP) is senior privacy counsel at a major global entertainment company (NBCUniversal), where he advises on emerging privacy challenges at the intersection of AI, biometric data, film marketing and consumer-facing technologies. With a background spanning both legal analysis, incident response, and cross-functional collaboration with product and engineering teams, John helps organizations navigate complex regulatory frameworks including BIPA, the amended COPPA Rule, U.S. privacy laws, and the EU AI Act’s biometric prohibitions. John is known for translating regulatory complexity into actionable guidance, helping teams audit API architectures for biometric data creation, assess AI-driven inference risks, and build privacy-by-design practices that align business objectives with evolving global standards. He emphasizes early engagement with product teams and operational controls that satisfy both enforcement authorities and product goals, positioning privacy as a business enabler rather than a compliance checkpoint.With John we will start discussing recent news like the networks of Ring cameras working together across neighborhoods and the new features of Meta glasses, to then go into practical ways to deal with innovation in AI, AI governance frameworks, and more.References:* John Harman on LinkedIn* Doorbell cams, surveillance tech face growing backlash (Axios)* The Legal Case Against Ring’s Face Recognition Feature (EFF)* Can Federal Law Enforcement Access Your Ring Doorbell Videos (Consumer Reports)* Meta will ruin its smart glasses by being Meta (The Verge)* Illinois Legislature Passes Major BIPA Amendment (Paul Hastings, May 2024)* Introducing AI Sentinel for Masters of Privacy subscribers This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

How does Google Consent Mode affect ePrivacy compliance, opt-in signals, traffic sampling, marketing performance, and CIPA claims? What are the most common technical mistakes in the configuration of Tag Managers, tracking rules, and consent banners? Where is “do not train” (LLMs) going? Does agentic traffic ruin analytics or the premises of consent?We have gone through all of this with a true Google Analytics, Google Tag Manager, and website auditing expert.Phil Pearce is founder of MeasureMinds and creator of ConsentModeMonitor. He started in paid search for CreditCards.com managing a multi-million dollar PPC account, before shifting to Privacy & Analytics about 8 years ago, when he did a series of talks about Black Hat Analytics. More recently, he has been helping brands with technical defence against CIPA & ePrivacy/PECR and GDPR claims. Prior to building his business, Phil worked for ConversionWorks, Jellyfish & Sitemakers as a Google Analytics and Search Specialist. He is a top authority in Google Analytics and Google Tag Manager and is the author of the GTM developer guide as well as host of the GA4ward, GTM4ward and Privacy4Marketers conferences.References:* Phil Pearce on LinkedIn* Consent Mode Monitor (Masters of Privacy Toolbox), free website scans for three months* Compliance Briefs (Masters of Privacy Toolbox), $500 discount for our listeners* Lineberry v. AddShopper, Inc. (3:23-cv-01996), May 29, 2025* MCP Manager by Usercentrics* Introducing DPO Central: AI-powered privacy program management* Sealmetrics: cookieless, consentless analytics This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Taylor Bloom is a partner at Baker & Hostetler LLP with significant experience operating at the intersection of law, technology and business, with a keen focus on international data protection, data privacy and governance. A certified privacy professional (CIPP/E, CIPP/US and CIPM) and the former in-house counsel at an advertising technology company, Taylor’s diverse strengths include coordinating and leading the implementation of global privacy and data security policies and programs; advising on compliance issues, negotiating agreements with vendors and business partners; and maintaining a deep knowledge of the advertising technology ecosystem and related privacy issues, including those surrounding geolocation and cross-device tracking interest based advertising practices. Taylor brings this experience to advising clients on the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA).References:* Taylor Bloom at Baker & Hostetler LLP* Taylor Bloom on LinkedIn* California Won’t Let It Go: Attorney General Bonta Announces $2.75 Million Settlement with Disney, Largest CCPA Settlement in California History (February 2026)* Attorney General Bonta Announces Largest CCPA Settlement to Date, Secures $1.55 Million from Healthline.com (July 2025)* Seneca: MarTech & AdTech Privacy Case Law Research (TODO.LAW) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

The business purposes of digital data collection are not so obvious to all, and things will get even more complicated in an internet dominated by AI agents. We will today revisit the history of Digital Analytics and its evolution from Marketing-centric Analytics to Product Analytics and, eventually, Customer Experience Management (CXM). From there we will address the origins and current state of the composable MarTech stack and the activation, personalization, or demand generation possibilities it unlocks, with a new generation of Customer Data Platforms and Data Warehouses at its core.We do this with the best possible guest. Adam Greco is one of the leaders of the data industry. As one of Omniture’s earliest customers and employees and a data consultant, he has helped thousands of organizations improve their digital properties through data. Adam has blogged extensively about data and authored the preeminent book on Adobe Analytics. He has held strategic roles at Salesforce, Amplitude, and several other leading organizations, having also served as a board member of several data technology providers and winning several awards from the Digital Analytics Association. Adam is a product evangelist at Hightouch, where he helps leading organizations strategize around using data to accelerate growth.References:* Adam Greco at Hightouch* Adam Greco on LinkedIn* Tejas Manohar: Data activation and composable CDPs in a privacy-first world (Masters of Privacy, January 2024)* What is Customer Experience Management? (Harvard Business Review, April 2025)* A deeper look at AI crawlers: breaking down traffic by purpose and industry (Cloudflare, August 2025)* Learning more about Digital Analytics: Marketing Analytics Summit (Santa Barbara, April 2026). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Anu H. Bradford is a Finnish-American author, law professor, and expert in international trade law. In 2014, she was named the Henry L. Moses Distinguished Professor of Law and International Organization at the Columbia Law School. She is the author of “Digital Empires: The Global Battle to Regulate Technology” and “The Brussels Effect: How the European Union Rules the World”.Anu Bradford attended Harvard Law School on a Fulbright Scholarship, graduating with another Master of Laws degree from Harvard in 2002. After time in Brussels with the law firm of Cleary Gottlieb Steen & Hamilton, working on EU competition law, she returned to the US, joining the faculty at the University of Chicago as an assistant professor of law. She later joined Columbia Law School as a professor of law and an expert in international trade law. She has been named a Young Global Leader by the World Economic Forum and in 2024, she was awarded the Stein Rokkan Prize for Comparative Social Science Research for her book Digital Empires.With Anu we are finally looking at EU Digital Policy, including personal data protection and privacy, from a geopolitical and international trade perspective.References:* Anu Bradford (Wikipedia)* Anu Bradford on LinkedIn* Digital Empires: The Global Battle to Regulate Technology (Oxford University Press, 2023)* The Brussels Effect: How the European Union Rules the World (Oxford University Press, 2019)* EU-US trade figures 2023 (EU Commission, Trade Policy)* Lukasz Olejnik: Propaganda, misinformation, the DSA, Section 230, and the US elections (Masters of Privacy, November 2024). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel.Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024.She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).With our guest, here for a third time, we have gone through the logic of the Digital Omnibus package aiming to reform a cluster of important EU regulations, the “birth defects” of the AI Act, the importance of South Korea in the global data protection panorama, and the potential consequences of the recent CJEU case, Russmedia.References:* Gabriela Zanfir-Fortuna at the Future of Privacy Forum* Gabriela Zanfir-Fortuna on LinkedIn* Gabriela Zanfir-Fortuna: A world tour of data protection laws (Masters of Privacy, April 2021)* Data Protection vs. Privacy and Data Privacy: a January 28th conundrum (with Gabriela Zanfir-Fortuna, Masters of Privacy - 2025)* X v Russmedia Digital SRL (CJEU, December 2, 2025). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

It is time to revisit Data Clean Rooms, having dedicated seven previous episodes to the topic across both the English and Spanish-language channels. The convergence of advanced data management techniques, more mature Privacy Enhancing Technologies, and sophisticated 1st-party data-based collaboration scenarios (on the back of AI, retail media, and Connected TV) already call for frequent updates. This is now accompanied by a more nuanced legal analysis that will benefit from the recent EDPS v. SRB (CJEU) case (on the relative nature of “personal data”).Some common, burning questions that you will find answered in this episode: How do you apply Joint Controllership agreements to the various stages in common business cases? How to handle more complex relationships involving two or more parties?References:* Jacob Feder on LinkedIn* Jacob Feder at Fieldfisher* Peter Craddock: EDPS v SRB, the relative nature of personal data, processors, transparency, impact on MarTech and AdTech (Masters of Privacy, September 2025)* Nicola Newitt (Infosum): the legal case for Data Clean Rooms (Masters of Privacy, March 2023)* Matthias Eigenmann (Decentriq): Confidential Computing, contractual relationships and legal bases for Data Clean Rooms (Masters of Privacy, March 2024)* Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy, January 2024)* Guidelines 8/2020 on the targeting of social media users* Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW (CJEU, 2019): The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.* Digital Omnibus Regulation Proposal (EU Commission, November 19th 2025)* Meta Platforms Inc and Others v Bundeskartellamt (CJEU, 2023) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe