Masters of Privacy

Can telco-powered identifiers overcome their own privacy challenges in their attempt to replace third-party cookies or email-based alternatives? Pascale is the Data Protection Officer at Utiq, a European based AdTech company. She has been working in privacy and data protection ever since completing her degree in Law, including roles at fashion group Arcadia and Vodafone Group. Pascale’s main goal is always to put privacy at the heart of the business. Utiq’s mission is to enable more responsible digital marketing by offering a telco powered privacy-first technology to Brands, Publishers and Tech Vendors operating in the adtech ecosystem. The Utiq technology consists of online identifiers which can be used to support and optimize digital marketing, advertising and analytics activities, whilst offering individuals enhanced choice, control and transparency, including via the application of privacy-centric controls and a dedicated privacy portal for end users, known as consenthub. Launched in 2023, Utiq was originally backed by Deutsche Telekom AG, Orange SA, Telefónica S.A., and Vodafone Group plc. It has continued to gain support from numerous other leading telecom operators across Germany, France, Spain, Austria and soon expanding to the UK and Italy. References: Pascale Arguinarena on LinkedIn FCC fines Verizon $1.35 million over ‘supercookie’ tracking (The Verge, May 2016) Utiq’s consenthub   This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Are Product Counsels in the best position to anticipate and solve privacy and AI compliance problems before we release new products to the public at large - all of it while avoiding costly delays in fast-moving projects? Linsey Krolik is Assistant Clinical Professor at Santa Clara University School of Law, where she runs the Privacy Law Certificate and teaches Privacy Law. She is Director of the Entrepreneurs’ Law Clinic, where students work with real startups on transactional law projects, and Director of the TechEdge JD, a skills based certificate program for students interested in working in technology law. She also teaches a class called Law and Technology of Silicon Valley, with students playing the role of product or privacy counsel for a day.  Prior to joining academia, Linsey held senior in-house roles as a product, privacy, and commercial lawyer at global companies including PayPal, ARM, and Palm. Also, she continues to consult on privacy and AI governance in her solo law practice. References: Linsey Krolik on LinkedIn Santa Clara University School of Law TechEdge JD Entrepreneurs' Law Clinic Privacy Law Certificate Navigating AI and Data Ethics: The Essential Role of Product Lawyers and the Product Counsel Framework (Linsey Krolik, Adrienne Go, Olga Mack) Gam Dias: Agents Unleashed, understanding the Agentic AI stack (Masters of Privacy) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Is it possible that a whole generation of consent-management solutions built for the EU-driven opt-in world are unsuitable for the opt-out scenario predominant in the US? How are DPOs and AI Governance professionals to deal with “shadow AI” and “shadow IT”?  Daniel Barber is DataGrail’s CEO and co-founder. Prior to DataGrail Daniel led revenue teams at DocuSign, Datanyze (acquired by ZoomInfo), ToutApp (acquired by Marketo) and Responsys (acquired by Oracle). He also advises several high-growth startups. References: Daniel Barber on LinkedIn Unveiling DataGrail’s 2024 Data Privacy Trends Report: The Time Data Subject Requests Surged 246% in Two Years DataGrail Privacy Inspector (Chrome Web Store) Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Georgia Voudoulaki is Senior Legal Counsel at Bosch, certified Compliance Officer, and adjunct professor at the University of Applied Sciences in Ludwigsburg and the Cooperative State University of Baden-Württemberg in Germany. In addition to her legal and academic roles, Georgia regularly publishes articles in leading legal journals and magazines, contributing valuable insights to the evolving conversation around compliance, digital innovation, and responsible AI.  References: Georgia Voudoulaki on LinkedIn University of Applied Sciences Ludwigsburg Baden-Wuerttemberg Cooperative State University (DHBW)   This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Gam Dias is a seasoned technologist and entrepreneur with a rich background in software engineering, AI, and product innovation. As a consultant, he has helped write the data strategy for Fortune Global 500 companies, innovative startups, and ambitious non-profits. He has a degree in Computer Science from the University of Liverpool and an MBA from Warwick Business School. Gam has lived in London, Leeds, Salt Lake City, Santa Cruz, San Francisco, and he currently lives in and works from Madrid, Spain. Gam’s latest work, Agents Unleashed, distills years of experience into a compelling look at the rise of autonomous AI agents and their growing role in marketing, sales, and beyond.  References: Gam Dias on LinkedIn Agents Unleashed (Amazon) Agentforce (Salesforce) Gam Dias: on privacy, agency, convenience, and freedom (Masters of Privacy, 2021)  Hubbl Process Analytics Diana Stern and Dazza Greenwood, From Fine Print to Machine Code: How AI Agents are Rewriting the Rules of Engagement (Stanford Law School)   This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Max Anderson, Founder and head of product at Ketch, brings a wealth of experience in privacy tech to the discussion. He explores the synergy between Consent Management Platforms (CMPs) and Data Subject Rights management, emphasizing their integration for better compliance. The conversation sheds light on the challenges Data Protection Officers face, including budget constraints and vendor expectations. Interestingly, Max contrasts the enthusiastic mindset of marketers with the cautious approach of legal practitioners towards technology adoption. He also envisions innovations for user-controlled data systems in the future.

Today we are taking a look at the difference between DPO and CPO roles in the US, the present and future impact of Privacy Tech in the management of privacy programs, the evolution of privacy regulation under the new US administration, and a potential Schrems III scenario.  Andy Dale serves as General Counsel and Chief Privacy Officer at OpenAP and holds the position of Executive Board Member at The L Suite (TechGC). With extensive experience as an advisor to various companies, Andy previously worked as General Counsel and Chief Privacy Officer at Alyce, a company acquired by Sendoso in 2024, and as General Counsel and VP of Global Data Privacy at SessionM, which was acquired by Mastercard in 2019. Andy Dale earned a JD in Law from the University of Baltimore School of Law (2003-2006) and a degree from Colgate University (1996-2000). References:  Andy Dale on LinkedIn The Data Protection Breakfast Club podcast on Spotify Brian Focht: Can the American Privacy Rights Act find a path to survival? (Masters of Privacy) Amy Worley on the American Privacy Rights Act (Masters of Privacy) Molly Martinson on state-level comprehensive privacy laws (Masters of Privacy) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Where is the UK data protection reform headed? How are we to deal with behavioural advertising in the context of sports betting and gambling? Will the UK stay clear of regulating or supervising AI à la EU?  Tim Turner has worked on Data Protection, Freedom of Information (FOI) and Information Rights law since 2001. He started at the Information Commissioner’s Office as a Policy Manager on FOI issues. After that, he was a Data Protection & FOI Officer for two councils and then an Information Governance Manager for an NHS (National Health Service) organisation. He has been offering data protection training and consultancy since 2011. Also, Tim is the author of the very popular DPO Daily newsletter and LinkedIn feed.  References: Tim Turner on LinkedIn 2040 Training The DPO Daily on LinkedIn ICO: Action taken against Sky Betting and Gaming for using cookies without consent UK betting giants under fire for ads targeting at-risk gamblers (The Guardian) UK Data Reform: What’s Proposed (Bird & Bird) Stephen Almond (ICO): data protection laws as a primary tool for AI governance (Masters of Privacy)   This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Theodore Christakis, a renowned Professor of International and European Law and expert in AI and data protection, dives into the intricate dance between GDPR regulations and generative AI. He unpacks the implications of the DeepSeek affair, showcasing how regulatory missteps can lead to chaos. The discussion emphasizes the need for trust in AI, the challenges of managing sensitive data, and balancing innovation with compliance. Christakis also highlights the importance of proactive privacy measures and the evolving landscape of AI accountability.

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode’s blog post. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe