Nathalie Barrera: NIS2 (EU) and the interplay between cybersecurity, privacy, AI, and IoT data laws
Will EU cybersecurity laws result in new global standards? Should companies handle NIS2 compliance in concert with GDPR, AI Act, or Data Act requirements? Does it make sense to take data localization to its ultimate consequences? Nathalie Barrera serves as the Director for Privacy for the EMEA region at Palo Alto Networks, which is a leading provider of cybersecurity solutions. Her expertise involves the company’s compliance with NIS2, the AI Act, the GDPR, and DORA. She also assists customers in navigating their own complex regulatory requirements. She has previously spent seven years at Cisco Systems working as commercial counsel and Privacy and Security Counsel. She studied law and completed her LLM at the University of Navarra. References: Nathalie Barrera on LinkedIn EU Network and Information Services Directive II EU Data Act EU Digital Operational Resilience Act (DORA) Â
-------- Â
30:33
--------
30:33
Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence
How do we move from mere words to actual baked-in privacy? Can built-in alerts, code scanning tools, or server-side auditing make life much easier for DPOs and legal teams? We are joined by Vaibhav Antil in a new installment of our Privacy Tech series. Vaibhav is founder & CEO of Privado.ai. Before starting Privado.ai, Vaibhav led product management at a tech company and worked with the legal team on GDPR compliance. Vaibhav started Privado.ai to solve the language gap between legal, privacy, and product engineering teams. References: Vaibhav Antil on LinkedIn Privado: Evidence-based Privacy Bridge: Technical Privacy Summit (by Privado) CNIL: Use analytics on your websites and applications (how analytical cookies can be exempt from consent) Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025) Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025) Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025)
-------- Â
28:10
--------
28:10
John Pavolotsky: How successful can US privacy laws be at regulating AI models and systems?
John Pavolotsky is a partner at Stoel Rives in San Francisco. He is co-chair of the firm's AI, Privacy & Cybersecurity group and focuses his practice on data privacy, information security, and complex technology transactions. He has also been chair of the Intellectual Property Section of the California Lawyers Association. John has taught Technology Transactions Law at the UC Davis School of Law and Comparative Privacy Law at the Santa Clara University School of Law. John has also guest lectured on technology and privacy law topics at the University of California, Berkeley, Haas School of Business; the University of San Francisco School of Management; and Stanford University. References: John Pavolotsky on LinkedIn John Pavolotksy at Stoel Rives Timeline of discussions (House, Senate) leading to a final decision on a 10-year moratorium on state-level AI laws (final deadline: July 4, 2025), Techcrunch Texas Legislature Passes House Bill 149 to Regulate AI Use (Nelson Mullins) Colorado AI Act California Privacy Protection Agency: Draft Automated Decision-making Technology Regulations California Gov. Newsom vetoes AI safety bill that divided Silicon Valley (September 2024), NPR Poland puts pausing enforcement of the AI Act on EU ministers' table (June 2025, MLex - paywalled) A Brief Overview of the Federal Trade Commission's Investigative, Law Enforcement, and Rulemaking Authority (FTC)
-------- Â
27:32
--------
27:32
Thomas Ghys: The privacy engineer as a translator, an auditor, and a programmer
Who can really claim to be a privacy engineer? Does this change in the digital marketing arena? What is the winning formula to integrate this role within the company’s privacy practice? Thomas Ghys has worked as a management consultant, data scientist, and data strategist, including a 5-year stint at McKinsey, prior to setting up his own privacy engineering practice. He has deep expertise in MarTech and AdTech, auditing traditional machine learning models and data flows. He is also the founder and CEO of Webclew, a tool that helps with the auditing of websites and mobile apps. References: Thomas Ghys on LinkedIn Webclew: scanning websites and apps for privacy risks CNIL: a focus on mobile SDKs, announcing enforcement actions in 2025 Thomas Ghys: BAPD expectations for cookie compliancy unattainable for most publishers Dr. Augustine Fou: dismantling marketing attribution, ad fraud controls, and the business case for third-party cookies (Masters of Privacy, February 2024)
-------- Â
28:04
--------
28:04
Cillian Kieran (Ethyca): Privacy Tech spotlight III - compliance as an engineering challenge
Can we shift the focus from documentation to technical implementation? How can we bridge the cultural differences between legal teams and engineers? What do we mean with open-source data classification? We are joined by Cillian Kieran, Ethyca’s CEO and founder, in a new installment of our Privacy Tech series. Cillian is a serial entrepreneur and seasoned privacy engineer with two decades of experience leading data-intensive businesses. He combines deep technical expertise with a track record of building and scaling companies, including a global digital agency serving Fortune 500 clients. References: Fides: the open source language for data privacy Cillian Kieran on LinkedIn Ethyca Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025) Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025)
Interviews and updates at the intersection of marketing, data, privacy, and technology. With an eye on a human-centric, demand-led future in which transparency, control, and personal agency play a crucial role.
Sergio Maldonado (host) is a dual-qualified lawyer, entrepreneur, investor, guest lecturer at various universities. LL.M in IT & Internet Law, FIP, CIPP/E/US, CIPT.