Masters of Privacy

Our repeat guest is a partner at Stoel Rives in San Francisco. John is co-lead of the firm’s Technology Industry Group. He counsels clients on data privacy, information security, artificial intelligence, and other technology dispute, compliance, and transactional matters.
John has taught Technology Transactions Law at the UC Davis School of Law and Comparative Privacy Law at the Santa Clara University School of Law. John has also guest lectured on technology and privacy law topics at the University of California, Berkeley, Haas School of Business; the University of San Francisco School of Management; and Stanford University.
References:
* John Pavolotsky: The Long Arc of Data Breaches: 2006-2026 (May 14, 2026)
* Colorado SB 26-189, repealing and replacing Colorado’s original 2024 AI Act
New laws being discussed in California, or just approved:
* AB 1542: to prohibit a business, service provider, or contractor from selling or sharing sensitive personal information to a third party.
* AB 1898: to require an employer to maintain an updated list of all workplace AI tools currently in use and to provide the list to workers annually.
* AB 2021: whistleblower complaints.
* AB 2169: social media platforms, artificial intelligence models - to allow a consumer to request a copy of the consumer’s personal information, contextual data, and social graph and require the social media company or model operator to respond to that request within five business days.
* SB 300: companion chatbots - transparency and rules of engagement.
* SB 574: to obligate an attorney who uses generative artificial intelligence to practice law to ensure that confidential personal identifying, or other nonpublic information, is not entered into a public generative artificial intelligence system.
* SB 867: AI-powered toys - to be subject to the same rules proposed for companion chatbots.
* SB 923: to expand data deletion requests to any personal information that the business has collected about the consumer (and not just from the consumer).
* SB 1000: to require provenance data disclosure in content generated by artificial intelligence as well as tools to facilitate detection.
* SB 1142: Digital Dignity Act - to prevent digital replicas for the purposes of impersonation.


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

How about an extremely practical book with detailed examples and quizzes based on a fictional town? Also, let’s revisit the UK legal framework: impact of the DUAA 2025 and proposed PECR changes.
Tim Turner (here for a third time) is the author of “The DPO Daily Challenge” (April 2026). He has worked on Data Protection, Freedom of Information (FOI) and Information Rights law since 2001. He started at the Information Commissioner’s Office as a Policy Manager on FOI issues. After that, he was a Data Protection & FOI Officer for two councils and then an Information Governance Manager for an NHS organisation. He has been offering data protection training and consultancy since 2011. Also, Tim is the author of the popular DPO Daily newsletter and LinkedIn feed. 2040 is his training company.
References:
* The DPO Daily Challenge (sign up page)
* Tim Turner on LinkedIn
* ICO: Our advice to government on potential changes to online advertising rules
* The Data Use and Access Act 2025 (DUAA) - what does it mean for organisations?
* Data Protection vs. Privacy and Data Privacy: a January 28th conundrum (Tim Turner, Carissa Véliz, Gabriela Zanfir-Fortuna, Markus Wünschelbaum, Brendan Quinn - Masters of Privacy, 2025)
* Tim Turner: UK news spotlight - advertising, reforms, AI (Masters of Privacy, March 2025)
* The Hitchhiker’s Guide to the Galaxy (Douglas Adams, 1979)
* 2040 Training
* The DPO Daily on LinkedIn


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

We’re back with a Newsroom update. We will cover four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, competition and digital markets; and the future of media.
This season’s update includes:
* Age-verification fines (insufficient controls, too much data collection) in the UK and Spain, EDPB age-verification guidelines, California’s upcoming age-verification requirements
* Enforcement actions in the US (public, private)
* Guidelines for email tracking pixels in France and Italy
* New ICO guidelines for storage and access technologies (exceptions for analytics, A/B testing, etc.)
* Social Media bans across the world and what is failing
* Data collection in the context of new media networks and AI labs.
As announced - Firmas.io: a mobile application to complement the TODO.LAW ecosystem (contract management, signatures, credentials).
All references and links (plus some bonus materials) can be found in a separate blog post available to paid Masters of Privacy subscribers on our website’s Newsroom section (Newsroom Notes: Spring 2026).
Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs.


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

As Executive Director of CalPrivacy (California Privacy Protection Agency), Tom Kemp oversees the CPPA’s mission to enforce and implement California’s comprehensive privacy laws and ensure the public has a strong understanding of their rights. Tom has a deep understanding of privacy and cybersecurity, combined with his track record as an executive in the tech industry.
References:
* Breakfast Workshop: Santa Monica - Registration
* Tom Kemp on LinkedIn
* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)
* CalPrivacy
* DROP System
* Data Broker Registry
* California expands data broker registration requirements, SP 361 (Hunton Privacy Blog, October 2025)
* Expanding Privacy Rights Act (SB 923, introduced on January 28, 2026)
* California enacts first-in-nation law requiring web browser opt-out preference signal, AB 566 (Hunton Privacy Blog)
* California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)
* Data broker-provided customer properties in action - enriching first-party data sets for Conversion API uploads (Cognism)
* California Privacy Protection Agency releases letter opposing the SECURE Data Act
* SECURE Data Act (H.R. 8413, Introduced 04/21/2026)
* Whistleblower Protection and Privacy Act (AB 2021), linking the California Whistleblower Protection Act’s principles to the California Consumer Privacy Act (CCPA) to expose privacy violations hidden within corporate “black boxes”.


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Mark Webber is the US Managing Partner responsible for overseeing the operations of Fieldfisher in the country - an English lawyer located full time in Silicon Valley.
Mark is a recognised leading privacy and AI expert, with a wealth of experience working alongside the world’s leading tech companies. Much of his time today involves the responsible development, training, and scaling of AI models and solutions.
Our guest teaches classes for both the CIPP/E and AI Governance Professional Programme certification for the IAPP. He is a Fellow in Information Privacy (IAPP).
As a leader at Fieldfisher he has been instrumental in establishing, nurturing, and expanding Fieldfisher’s presence, operations and services in the United States.
References:
* Mark Webber on LinkedIn
* Mark Webber at Fieldfisher
* Colorado AI Act
* DPO Central (TODO.LAW)
* EU AI Act: rolling out an AI governance framework with AI Sentinel


This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe