Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency,...
Theodore Christakis: the GDPR meets Generative AI - trust, hallucinations, and how not to crash your BBQ party
Theodore Christakis is Professor of International and European Law at University Grenoble Alpes (France), Director of the Centre for International Security and European Law (CESICE), Director of Research for Europe with the Cross-Border Data Forum, Senior Fellow with the Future of Privacy Forum and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre. He is also Chair on the Legal and Regulatory Implications of Artificial Intelligence with the Multidisciplinary Institute on AI, and has been a member of the French National Digital Council, currently serving as a member of the French National Committee on Digital Ethics as well as a member of the International Data Transfers Experts Council of the UK Government. With Theodore we have gone through “the good”, “the bad”, and “the ugly” in the EDPB Opinion on LLMs and personal data. We have also examined the Deepseek affair, as well as the challenges posed by hallucinations in generative AI. References: Théodore Christakis’ SSRN Author Page Théodore Christakis on LinkedIn EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) Lokke Moerel: using personal data in the development and deployment of AI models (Masters of Privacy) Théodore Christakis, ‘European Digital Sovereignty’: Successfully Navigating Between the “Brussels Effect” and Europe’s Quest for Strategic Autonomy Théodore Christakis, Cyber-Attacks – Prevention-Reactions: The Role of States and Private Actors Multidisciplinary Institute on AI Université Grenoble Alpes: Centre d'études sur la sécurité internationale et les coopérations européennes.
--------
43:02
Newsroom: Winter 2025. SDKs under fire, AI Agents everywhere, AI Act-GDPR overlaps, major cases and serious fines
It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode’s blog post.
--------
23:01
Daniel Solove: On Privacy and Technology
Daniel Solove has just published a new book, On Privacy and Technology. We went through a few key concepts from it, and also had a chance to revisit other core ideas in the author’s work. Professor Solove is the Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law at the George Washington University Law School. One of the world’s leading experts in privacy law, Solove is the author of more than 10 books and 100 articles about privacy. He has also written a children’s fiction book about privacy. He is one of the most cited law professors in the law and technology field. Professor Solove has been interviewed and quoted in hundreds of media articles and broadcasts and has been a consultant for many Fortune 500 companies and celebrities. It is to him that we owe the famous taxonomy of privacy harms, as well as very recent papers on Privacy and AI or Privacy and Data Scraping. References: Daniel J. Solove on Bluesky Daniel J. Solove on LinkedIn Daniel J. Solove’s personal page On Privacy and Technology: Oxford University Press, Amazon. The Great Scrape: The Clash Between Scraping and Privacy Artificial Intelligence and Privacy
--------
48:48
Mark Jaffe (Rivian): connected cars, assisted driving, and Privacy by Design
What is the best way to address privacy risks in the context of connected cars? Is data minimization compatible with assisted driving? What is the meaning of “Core Vehicle Data”? Mark Jaffe leads the Rivian ethics, compliance and privacy program. This includes ethical culture, compliance oversight, privacy, and investigations. Prior to joining Rivian, Mark was Senior Vice President for Privacy at Teleperformance, a global business process outsourcer with over 400,000 employees operating in over 80 countries, spending almost two years in Singapore managing privacy issues in the Asia Pacific region. He has also dealt with data protection compliance in Europe, Middle East, and Africa. Prior to that, Mark spent 17 years at AT&T in global privacy roles as well as global compliance and ethics roles. Our guest is a frequent speaker on a variety of topics related to privacy compliance and data ethics. Mark earned his B.A., cum laude, from Duke University and his J.D., cum laude, from Northwestern University. References: Mark Jaffe on LinkedIn Rivian’s Privacy Hub FTC bans General Motors from selling driving data without permission, adding to case for CarPlay 2 (9to5Mac, January 2025) 800,000 EV drivers’ data exposed in Volkswagen breach (The Register, January 2025) Privacy Not Included, a Mozilla Report about connected cars and privacy (“It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy”, September 2023) Investigation by Netherlands' DPA prompts changes to Tesla security cameras (IAPP, 2023) Tesla workers shared sensitive images recorded by customer cars (Reuters, 2022) Privacy4Cars
--------
35:02
Mike Hintze: My Health My Data updates, international transfers of US personal data
An update was due at the intersection of MarTech/AdTech and the My Health My Data Act, with a Washington Consumer Protection Act case against Costco paving the way for the recent class action lawsuit involving the Amazon Ads SDK. Also, the date is approaching for compliance with restrictions on international transfers of US personal data. Mike Hintze is a well-known leader in the field with more than 20 years of experience in privacy and data protection. He has been a partner at Hintze Law since 2016 and prior to that was Chief Privacy Counsel at Microsoft for 18 years. He also teaches privacy law at the University of Washington school of law and has served on multiple advisory boards. He has also testified before Congress, state legislatures or European regulators. References: Mike Hintze on LinkedIn The Washington My Health My Data Act - Parts 1 to 10 (Hintze Law) New U.S. Regulations Impose Significant Restrictions on Cross-Border Data Flows AI governance, MHMD, and third-party risks at PSR 2024 (Masters of Privacy) Written summary: P.S.R. Los Angeles 2024: Vendor Audits; My Health, My Data Amazon Sued in First 'My Health, My Data' Privacy Dispute.
Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency, control, and personal agency play a crucial role.
Sergio Maldonado (host) is a dual-qualified lawyer, entrepreneur, investor, guest lecturer at various universities. LL.M in IT & Internet Law, FIP, CIPP/E/US, CIPT.
Ireland