The Privacy Advisor Podcast

The California Privacy Protection Agency was formed six years ago as mandated by the California Privacy Rights Act. As the first dedicated privacy regulator in the U.S., CalPrivacy - as it's called colloquially - implements and enforces both the CPRA and California Consumer Privacy Act. Under the state's Delete Act, it also oversees California's data broker registry and the Delete Request and Opt-Out Platform, known as DROP. 
 
Tom Kemp serves as executive director for CalPrivacy and is almost a year into his tenure after taking on the role in April 2025. 
 
On 1 January 2026, the DROP system went into effect and now boasts more than 215,000 registrants with more than 500 registed data brokers. The agency is also implementing a number of regulations in the state, including for automated-decision making, risk assessments and cybersecurity audits. 
 
IAPP Editorial Director Jedidiah Bracy caught up with Tom Kemp to learn more about the DROP system and the agency's priorities in the year to come.

Goodwin Partner Omer Tene has long had his finger on the pulse of privacy and AI governance developments and trends. He advises clients on a wide range of issues, from data protection, artificial intelligence, technology, cybersecurity and beyond.
As we head into a brave new 2026, IAPP Editorial Director Jedidiah Bracy caught up with Tene to discuss the big issues he sees playing out this year, from a changing geopolitical environment to US state privacy and AI legislative activity, from kids privacy and safety issues to digital reform in the EU.

On November 19, the European Commission unveiled two major omnibus packages as part of its European Data Union Strategy. One package proposes several changes to the EU General Data Protection Regulation, while the other proposes significant changes to the recently minted EU AI Act, including a proposed delay to the regulation of so-called high-risk AI systems. 
 
Laura Caroli was a lead negotiator and policy advisor to AI Act co-rapporteur Brando Benifei and was immersed in the high-stakes negotiations leading to the AI regulation. She is also a former senior fellow at the Center for Strategic and International Studies, but recently moved back to Brussels during a time of major complexity in the EU. 
 
IAPP Editorial Director Jedidiah Bracy caught up with Caroli to discuss her views on the proposed changes to the AI Act in the omnibus package and how she thinks the negotiations will play out. Here's what she had to say.

Lorrie Cranor has long been a leader in the privacy space. As Director and Bosch Distinguished Prof. in Security and Privacy Technologies at Carnegie Mellon's CyLab Security and Privacy Institute, Prof. Cranor is on the cutting edge of usable privacy and security. Her work has influenced researchers to view privacy as a fundamental design standard rather than an abstract ideal and has helped reshape the technology field with more than 200 co-authored research papers on online privacy and security. 
 
She has also served as chief technologist at the US Federal Trade Commission and co-founded Wombat Security Technologies, among many other initiatives. 
 
Much of her work has focused on understanding how people interact with digital systems and where those systems failed. But, Prof. Cranor is also a mom and has raised three children. 
 
She has published new, illustrated book, called Privacy Please!, which Is geared for children aged 4-6, to help them and their parents understand what privacy means and why it matters. 
 
IAPP Editorial Director Jedidiah Bracy caught up with Prof. Cranor to discuss her new book, what inspired it, and how this book can help children develop a sense of privacy, autonomy and expression. We also discuss some of the broader children's privacy issues that are emerging in jurisdictions around the world, including through social media bans and age verification laws. Here's what she had to say.

Anu Talus was elected Chair of the European Data Protection Board in May of 2023. The EDPB, which was established in 2018, ensures that the EU General Data Protection Regulation and Data Protection Law Enforcement Directive are consistently applied in the EU. It also provides general GDPR guidance, adopts findings to ensure the GDPR is implemented consistently across member nations, advises the European Commission on data protection matters, and encourages DPAs to work together. 
 
In other words, leading the EDPB is no small task, especially in an increasingly complex digital marketplace during the dawn of the AI Era. While here in Brussels, IAPP Editorial Director Jedidiah Bracy sat down with Chair Talus during an especially significant week in EU data protection on the eve of the release of the EU's Digital Omnibus package, which proposes to amend parts of the GDPR and other EU digital regulations. 
 
In this wide-ranging conversation, Bracy and Talus discuss the EDPB's priorities and work in these transformative times.