Masters of Privacy

We’re back with a Newsroom update. We will cover four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, competition and digital markets; and the future of media.
This season’s update includes:
* Age-verification fines (insufficient controls, too much data collection) in the UK and Spain, EDPB age-verification guidelines, California’s upcoming age-verification requirements
* Enforcement actions in the US (public, private)
* Guidelines for email tracking pixels in France and Italy
* New ICO guidelines for storage and access technologies (exceptions for analytics, A/B testing, etc.)
* Social Media bans across the world and what is failing
* Data collection in the context of new media networks and AI labs.
As announced - Firmas.io: a mobile application to complement the TODO.LAW ecosystem (contract management, signatures, credentials).
All references and links (plus some bonus materials) can be found in a separate blog post available to paid Masters of Privacy subscribers on our website’s Newsroom section (Newsroom Notes: Spring 2026).
Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs.


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

As Executive Director of CalPrivacy (California Privacy Protection Agency), Tom Kemp oversees the CPPA’s mission to enforce and implement California’s comprehensive privacy laws and ensure the public has a strong understanding of their rights. Tom has a deep understanding of privacy and cybersecurity, combined with his track record as an executive in the tech industry.
References:
* Breakfast Workshop: Santa Monica - Registration
* Tom Kemp on LinkedIn
* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)
* CalPrivacy
* DROP System
* Data Broker Registry
* California expands data broker registration requirements, SP 361 (Hunton Privacy Blog, October 2025)
* Expanding Privacy Rights Act (SB 923, introduced on January 28, 2026)
* California enacts first-in-nation law requiring web browser opt-out preference signal, AB 566 (Hunton Privacy Blog)
* California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)
* Data broker-provided customer properties in action - enriching first-party data sets for Conversion API uploads (Cognism)
* California Privacy Protection Agency releases letter opposing the SECURE Data Act
* SECURE Data Act (H.R. 8413, Introduced 04/21/2026)
* Whistleblower Protection and Privacy Act (AB 2021), linking the California Whistleblower Protection Act’s principles to the California Consumer Privacy Act (CCPA) to expose privacy violations hidden within corporate “black boxes”.


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Mark Webber is the US Managing Partner responsible for overseeing the operations of Fieldfisher in the country - an English lawyer located full time in Silicon Valley.
Mark is a recognised leading privacy and AI expert, with a wealth of experience working alongside the world’s leading tech companies. Much of his time today involves the responsible development, training, and scaling of AI models and solutions.
Our guest teaches classes for both the CIPP/E and AI Governance Professional Programme certification for the IAPP. He is a Fellow in Information Privacy (IAPP).
As a leader at Fieldfisher he has been instrumental in establishing, nurturing, and expanding Fieldfisher’s presence, operations and services in the United States.
References:
* Mark Webber on LinkedIn
* Mark Webber at Fieldfisher
* Colorado AI Act
* DPO Central (TODO.LAW)
* EU AI Act: rolling out an AI governance framework with AI Sentinel


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Universal opt-out signals (like Global Privacy Control) have gained momentum on both sides of the Atlantic, with the EU recently endorsing them (Digital Omnibus) and CalPrivacy, Colorado, or Connecticut legally enforcing them, but they do not solve for consent opt-in requirements still applicable in many cases.
Meanwhile, privacy notices remain cryptic and challenging for anyone to read or understand. They pay little attention to an individual’s real preferences or needs and sit at the opposite side of agency or the often claimed “we care about your privacy”.
MyTerms is a brand new IEEE standard that could provide the missing link.
This episode is a repost of our recent interview with Iain Henderson, one of the creators of MyTerms, on the After The Magic podcast (co-hosted by Gam Dias and Sergio Maldonado).
Iain is a long term marketer and CRM professional who long since concluded that if the ‘customer side’ had equivalent relationship and data management tools then things would work a lot better. His day job is with JLINC as the architect for personal data solutions, and through that he is also part of the DataPal team in the UK. He is also a Board member of Customer Commons, and has been a core member of the team developing IEEE 7012/ MyTerms.
References:
* Original post (on After The Magic)
* Iain Henderson on Substack
* Iain Henderson on LinkedIn
* MyTerms
* JLINC
* DataPal
* MyData Global
* EU Digital Omnibus: EDPB and EDPS support simplification and competitiveness while raising key concerns


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Shoshana Rosenberg advises boards and executive teams on AI governance, privacy, security compliance, and data strategy. She is the author of Practical AI Governance (Kogan Page, May 2026) and the creator of the PRISM™ framework, a practitioner’s model for responsible AI.
She is Managing Director of Logical AI Governance, founder of SafePorter, and co-founder of Women in AI Governance. Before turning to her current work, she spent nearly two decades building and leading privacy, data governance, and AI and technology governance programs at global professional services firms, most recently as Senior Vice President, Chief AI Governance and Privacy Officer, and an Innovation Advisory Board Member.
Shoshana was named in the top fifty of the Top 100 Women in AI for 2026 by AI Magazine. A U.S. Navy veteran, she organizes TEDxPrinceton and lives in Princeton, New Jersey.
References:
* Practical AI Governance: Building a Program for Oversight and Strategy (Shoshana Rosenberg, to be released on May 26th 2026)
* Logical AI Governance: Training and Certifications
* Shoshana Rosenberg on LinkedIn
* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)
* Introducing AI Sentinel: AI Governance, simplified (Masters of Privacy toolbox).


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe