Masters of Privacy

Hosted by Sergio Maldonado

BusinessInterviews guests

Website RSS feed

Episodes

164

Latest episode

Jun 2026

Language

About the show

Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency, control, and personal agency play a crucial role. Sergio Maldonado (host) is a triple-qualified lawyer (California, England & Wales, Spain), entrepreneur, investor, guest lecturer at various universities. LL.M in IT & Internet Law, FIP, CIPP/E/US, CIPT. www.mastersofprivacy.com

Listen to episodes

60 recent

June 14, 2026Episode 391 hr 13 min

Theodore Christakis: chatbot privacy dreams and the health AI agent rush

“You trust your chatbot with everything. Should you?” is the title of Theodore Christakis’ comprehensive research project on the privacy of our conversations with AI. Part two of this project (“Governments, Courts and the Battle Over Your Chatbot Conversations”) was published on June 8th, and we have taken the opportunity to ask the author for a high-level overview of his findings. On top of this, we have also discussed his separate piece on the rise of AI-powered health assistants against the backdrop of the new European Health Data Space, discussed last week in our Spanish-language channel.(Our previous conversation with Mr. Christakis focused on the use of personal data in LLM training datasets.)Theodore Christakis is Professor of International, European and Digital Law at University Grenoble Alpes (France). He holds, since 2019, the Chair on the Legal and Regulatory Implications of Artificial Intelligence at the Multidisciplinary Institute on AI (AI-Regulation.com). He is Director of Research for Europe at the Cross-Border Data Forum, a member of the Board of Directors of the Future of Privacy Forum, and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre.His work focuses on the questions at the centre of today’s debates on digital sovereignty: government access to data held by private companies, international data transfers, the security and operational resilience of digital infrastructure, and the regulation of artificial intelligence. He served as an expert for the OECD in the process that led to the adoption, in December 2022, of the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities. He was a member of the International Data Transfers Experts Council of the United Kingdom Government, and an expert for the High-Level Expert Group on Access to Data for Effective Law Enforcement established by the European Commission and the Council of the European Union. He has also served as a member of the French National Digital Council and of the French National Committee on Digital Ethics.He has published or co-edited twelve books and is the author or co-author of more than 120 academic articles and book chapters. He has been invited to lecture and present his work at conferences, workshops and seminars on more than two hundred occasions, in over 38 countries.As an independent expert, he advises governments, international organisations and private companies on questions of international and European law, cybersecurity, artificial intelligence, digital sovereignty and data protection.References:* Theodore Christakis’ SSRN Author Page* Theodore Christakis on LinkedIn* You Trust Your Chatbot With Everything. Should You? Part I: How The Controller Uses Your Chat Data (March 3, 2026)* You Trust Your Chatbot With Everything. Should You? Part II: Governments, Courts and the Battle Over Your Chatbot Conversations (June 8th, 2026)* The Health AI Agent Rush: Five Companies, Your Health Data, and the Governance Questions Nobody Is Asking (March 25th, 2026)* Mikel Recuero: a deep dive into the European Health Data Space (ES, Masters of Privacy, June 2026)* Multidisciplinary Institute on AI* Université Grenoble Alpes: Centre d’études sur la sécurité internationale et les coopérations européennes. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

June 9, 2026Episode 3834 min

Malcolm Bain: copyright protection of AI-generated works and protection of copyrighted works from AI training

We are revisiting the AI-copyright interplay for the first time in nearly three years. Copyright remains very relevant to our sphere of interest, not least because the EU AI Act specifically points at EU copyright law with regards to training data and transparency requirements for AI models.Malcolm Bain is an English solicitor and Spanish abogado. He has worked as an Information Technology and Intellectual Property lawyer over the last 20 years, with a specialisation in technology licensing, open source software and content, technology transfer and privacy. In 2006, together with his partner Manuel Martínez, he founded his own firm “id-law partners” as a boutique specialized in IP and ICT. In May 2018, both incorporated this firm into Across Legal.In addition to his professional activity advising entrepreneurs, private companies, public administrations and open source projects, Malcolm is a member of the Free Software Foundation Europe and ASTP, associate professor of law at the University of Barcelona, mentor in Tecniospring Industry and other programs for entrepreneurs and frequent speaker at conferences and seminars in the field of ICTs and entrepreneurship in the digital world.References:* Malcolm Bain at Across Legal* Malcolm Bain on LinkedIn* Monkey selfie copyright dispute (Wikipedia)* Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC* Report on Copyright and Artificial Intelligence (UK Intellectual Property Office)* Stability AI largely wins UK court battle against Getty Images over copyright and trademark (AP News, November 2025)* US Copyright Office: Copyright Registration Guidance: Works Containing Material Generated by Artificial Intelligence (2023)* German Court Rules OpenAI Infringed Song Lyrics in Europe’s First Major AI Music Ruling (November 2025)* Jakob Plesner: Copyright Exceptions for Generative AI (Masters of Privacy, October 2023).* (NOTE: The second part of this conversation was recorded in Spanish and is available in our separate Masters of Privacy ES channel.) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

May 31, 2026Episode 3750 min

John Pavolotsky: California legal updates, Colorado AI reset, data breach clauses revisited

Our repeat guest is a partner at Stoel Rives in San Francisco. John is co-lead of the firm’s Technology Industry Group. He counsels clients on data privacy, information security, artificial intelligence, and other technology dispute, compliance, and transactional matters.John has taught Technology Transactions Law at the UC Davis School of Law and Comparative Privacy Law at the Santa Clara University School of Law. John has also guest lectured on technology and privacy law topics at the University of California, Berkeley, Haas School of Business; the University of San Francisco School of Management; and Stanford University.References:* John Pavolotsky: The Long Arc of Data Breaches: 2006-2026 (May 14, 2026)* Colorado SB 26-189, repealing and replacing Colorado’s original 2024 AI ActNew laws being discussed in California, or just approved:* AB 1542: to prohibit a business, service provider, or contractor from selling or sharing sensitive personal information to a third party.* AB 1898: to require an employer to maintain an updated list of all workplace AI tools currently in use and to provide the list to workers annually.* AB 2021: whistleblower complaints.* AB 2169: social media platforms, artificial intelligence models - to allow a consumer to request a copy of the consumer’s personal information, contextual data, and social graph and require the social media company or model operator to respond to that request within five business days.* SB 300: companion chatbots - transparency and rules of engagement.* SB 574: to obligate an attorney who uses generative artificial intelligence to practice law to ensure that confidential personal identifying, or other nonpublic information, is not entered into a public generative artificial intelligence system.* SB 867: AI-powered toys - to be subject to the same rules proposed for companion chatbots.* SB 923: to expand data deletion requests to any personal information that the business has collected about the consumer (and not just from the consumer).* SB 1000: to require provenance data disclosure in content generated by artificial intelligence as well as tools to facilitate detection.* SB 1142: Digital Dignity Act - to prevent digital replicas for the purposes of impersonation. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

May 24, 2026Episode 3634 min

Tim Turner: The DPO Daily Challenge, recent updates to the UK legal framework

How about an extremely practical book with detailed examples and quizzes based on a fictional town? Also, let’s revisit the UK legal framework: impact of the DUAA 2025 and proposed PECR changes.Tim Turner (here for a third time) is the author of “The DPO Daily Challenge” (April 2026). He has worked on Data Protection, Freedom of Information (FOI) and Information Rights law since 2001. He started at the Information Commissioner’s Office as a Policy Manager on FOI issues. After that, he was a Data Protection & FOI Officer for two councils and then an Information Governance Manager for an NHS organisation. He has been offering data protection training and consultancy since 2011. Also, Tim is the author of the popular DPO Daily newsletter and LinkedIn feed. 2040 is his training company.References:* The DPO Daily Challenge (sign up page)* Tim Turner on LinkedIn* ICO: Our advice to government on potential changes to online advertising rules* The Data Use and Access Act 2025 (DUAA) - what does it mean for organisations?* Data Protection vs. Privacy and Data Privacy: a January 28th conundrum (Tim Turner, Carissa Véliz, Gabriela Zanfir-Fortuna, Markus Wünschelbaum, Brendan Quinn - Masters of Privacy, 2025)* Tim Turner: UK news spotlight - advertising, reforms, AI (Masters of Privacy, March 2025)* The Hitchhiker’s Guide to the Galaxy (Douglas Adams, 1979)* 2040 Training* The DPO Daily on LinkedIn This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

May 17, 2026Episode 3532 min

Newsroom: Spring 2026

We’re back with a Newsroom update. We will cover four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, competition and digital markets; and the future of media.This season’s update includes:* Age-verification fines (insufficient controls, too much data collection) in the UK and Spain, EDPB age-verification guidelines, California’s upcoming age-verification requirements* Enforcement actions in the US (public, private)* Guidelines for email tracking pixels in France and Italy* New ICO guidelines for storage and access technologies (exceptions for analytics, A/B testing, etc.)* Social Media bans across the world and what is failing* Data collection in the context of new media networks and AI labs.As announced - Firmas.io: a mobile application to complement the TODO.LAW ecosystem (contract management, signatures, credentials).All references and links (plus some bonus materials) can be found in a separate blog post available to paid Masters of Privacy subscribers on our website’s Newsroom section (Newsroom Notes: Spring 2026).Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

May 10, 2026Episode 3442 min

Tom Kemp (CalPrivacy): on the SECURE Data Act, CCPA whistleblowers, DROP, and AB 566

As Executive Director of CalPrivacy (California Privacy Protection Agency), Tom Kemp oversees the CPPA’s mission to enforce and implement California’s comprehensive privacy laws and ensure the public has a strong understanding of their rights. Tom has a deep understanding of privacy and cybersecurity, combined with his track record as an executive in the tech industry.References:* Breakfast Workshop: Santa Monica - Registration* Tom Kemp on LinkedIn* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)* CalPrivacy* DROP System* Data Broker Registry* California expands data broker registration requirements, SP 361 (Hunton Privacy Blog, October 2025)* Expanding Privacy Rights Act (SB 923, introduced on January 28, 2026)* California enacts first-in-nation law requiring web browser opt-out preference signal, AB 566 (Hunton Privacy Blog)* California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)* Data broker-provided customer properties in action - enriching first-party data sets for Conversion API uploads (Cognism)* California Privacy Protection Agency releases letter opposing the SECURE Data Act* SECURE Data Act (H.R. 8413, Introduced 04/21/2026)* Whistleblower Protection and Privacy Act (AB 2021), linking the California Whistleblower Protection Act’s principles to the California Consumer Privacy Act (CCPA) to expose privacy violations hidden within corporate “black boxes”. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

May 3, 2026Episode 3330 min

Mark Webber: a law firm’s perspective on AI governance

Mark Webber is the US Managing Partner responsible for overseeing the operations of Fieldfisher in the country - an English lawyer located full time in Silicon Valley. Mark is a recognised leading privacy and AI expert, with a wealth of experience working alongside the world’s leading tech companies. Much of his time today involves the responsible development, training, and scaling of AI models and solutions.Our guest teaches classes for both the CIPP/E and AI Governance Professional Programme certification for the IAPP. He is a Fellow in Information Privacy (IAPP).As a leader at Fieldfisher he has been instrumental in establishing, nurturing, and expanding Fieldfisher’s presence, operations and services in the United States.References:* Mark Webber on LinkedIn* Mark Webber at Fieldfisher* Colorado AI Act* DPO Central (TODO.LAW)* EU AI Act: rolling out an AI governance framework with AI Sentinel This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

April 26, 2026Episode 3252 min

Iain Henderson: MyTerms as the missing universal opt-in signal (After The Magic repost)

Universal opt-out signals (like Global Privacy Control) have gained momentum on both sides of the Atlantic, with the EU recently endorsing them (Digital Omnibus) and CalPrivacy, Colorado, or Connecticut legally enforcing them, but they do not solve for consent opt-in requirements still applicable in many cases.Meanwhile, privacy notices remain cryptic and challenging for anyone to read or understand. They pay little attention to an individual’s real preferences or needs and sit at the opposite side of agency or the often claimed “we care about your privacy”.MyTerms is a brand new IEEE standard that could provide the missing link.This episode is a repost of our recent interview with Iain Henderson, one of the creators of MyTerms, on the After The Magic podcast (co-hosted by Gam Dias and Sergio Maldonado).Iain is a long term marketer and CRM professional who long since concluded that if the ‘customer side’ had equivalent relationship and data management tools then things would work a lot better. His day job is with JLINC as the architect for personal data solutions, and through that he is also part of the DataPal team in the UK. He is also a Board member of Customer Commons, and has been a core member of the team developing IEEE 7012/ MyTerms.References:* Original post (on After The Magic)* Iain Henderson on Substack* Iain Henderson on LinkedIn* MyTerms* JLINC* DataPal* MyData Global* EU Digital Omnibus: EDPB and EDPS support simplification and competitiveness while raising key concerns This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

April 19, 2026Episode 3233 min

Shoshana Rosenberg: logic and strategy in AI governance

Shoshana Rosenberg advises boards and executive teams on AI governance, privacy, security compliance, and data strategy. She is the author of Practical AI Governance (Kogan Page, May 2026) and the creator of the PRISM™ framework, a practitioner’s model for responsible AI.She is Managing Director of Logical AI Governance, founder of SafePorter, and co-founder of Women in AI Governance. Before turning to her current work, she spent nearly two decades building and leading privacy, data governance, and AI and technology governance programs at global professional services firms, most recently as Senior Vice President, Chief AI Governance and Privacy Officer, and an Innovation Advisory Board Member.Shoshana was named in the top fifty of the Top 100 Women in AI for 2026 by AI Magazine. A U.S. Navy veteran, she organizes TEDxPrinceton and lives in Princeton, New Jersey.References:* Practical AI Governance: Building a Program for Oversight and Strategy (Shoshana Rosenberg, to be released on May 26th 2026)* Logical AI Governance: Training and Certifications* Shoshana Rosenberg on LinkedIn* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)* Introducing AI Sentinel: AI Governance, simplified (Masters of Privacy toolbox). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

April 12, 2026Episode 3129 min

Mirena Taskova: the human-AI interaction as a growing dimension of consumer profiling, and its impact on human behavior

Our interactions with generative AI tools start to affect our personal relationships, communication style, and mental health, as well as our own perception of each other’s capabilities. They also leave a new trace of signals that privacy professionals never had to contend with in the past.As we approach the “personal agent” era, understanding where our individual freedoms and agency truly start and end becomes paramount. After a deeper offline conversation with Marina Taskova, we are today dipping our toes into a subject with profound implications for individual rights, freedom, data protection, commerce, advertising, and media. We will follow it up with other conversations on the topic, which falls right into our sweet spot. Mirena is a senior expert in data governance, privacy, cybersecurity & AI as well as a lawyer. She was Chief Privacy Officer at Aura until recently, and has over 18 years of experience driving high-growth initiatives in privacy & data governance, AI, and enterprise technology, having held executive roles, including CPO and Managing Director positions. Mirena is a graduate of Stanford University in Law, Science & Technology and has worked in Europe and the US.References:* Mirena Taskova on LinkedIn* Yngvi Karlson (Kin): the rise of the Personal AI Assistant (Masters of Privacy, August 2025)* Google Assistant puts an end to impolite queries with ‘Pretty Please’ feature (The Next Web, 2018)* Seven Lawsuits Allege OpenAI Encouraged Suicide and Harmful Delusions (WSJ)* A.I. Is About to Solve Loneliness. That’s a Problem (The New Yorker, July 14 2025)* The Myers-Briggs Type Indicator (Wikipedia)* Kin AI* New California ‘Companion Chatbot’ Law Imposes Disclosure, Safety Protocol and Annual Reporting Requirements (JD Supra, Skadden)* Character.AI to Bar Children Under 18 From Using Its Chatbots (New York Times, October 2025). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe