The Privacy Advisor Podcast

The complexity and significance of international data flows have long been one of the major issues for privacy and digital responsibility professionals. In the last decade, two major frameworks - the EU-US Safe Harbor and EU-US Privacy Shield agreements - were both invalidated by the Court of Justice of the European Union. The EU-US Data Privacy Framework, however, remains intact, though it has faced one legal challenge in the last year. 
Bill Guidera, who serves as deputy assistant secretary in the U.S. International Trade Administration, leads a team that helps drive policy conditions for US digital, financial, supply chain and other service industries to innovate domestically and abroad. The team plays a significant role in administering and overseeing the DPF and plays a key leadership role on behalf of the US in the Global Cross-Border Privacy Rules Forum. 
 IAPP Editorial Director Jedidiah Bracy caught up with Mr. Guidera to discuss how the DPF is faring, the Latombe legal challenge to the framework, as well as the latest updates to the CBPR Forum, recent reciprocal trade agreements with Argentina and Bangladesh, and the ITA's work in artificial intelligence. Here's what he had to say.

It's no secret that large language models and artificial intelligence systems require massive amounts of data, which often runs up against fundamental privacy principles like purpose limitation and data minimization. Privacy and data protection laws - like the EU General Data Protection Regulation - feature concepts like the right to be forgotten and data subject access requests. But these are often in tension with modern AI systems. 
 
Some tools, however, are emerging. One of those methods is "machine unlearning," a suite of approaches to help remedy deletion requests of information that's already been used to train an AI model. 
 
Jevan Hutson, acting assistant professor and director of the Tech-Law Clinic at the University of Washington School of Law, recently co-wrote a law review article on machine unlearning and its implications for privacy law. 
 
In this episode, Hutson explains the concept of machine unlearning and how its suite of techniques can add to the tool belts practitioners and regulators alike.

The Asia-Pacific region is home to more than half the world's population - at 60% - with approximately 4.75 billion people. In recent years, India and Vietnam, to name just two, have enacted comprehensive data protection laws. Near the end of 2025, India finalized its highly anticipated regulations for the Digital Personal Data Protection Act and Vietnam's Personal Data Protection Law became effective on the first of January this year. 
 
Hogan Lovells Partner Charmian Aw has long practiced in the region, specializing in APAC data protection, privacy, AI governance and cybersecurity law and offers developments of the region in the IAPP's Asia-Pacific Dashboard Digest. She also joined the IAPP Publications Advisory Board this year. While attending the UK Data Protection Intensive in London, IAPP Editorial Director Jedidiah Bracy sat down with Charmian Aw to discuss the latest developments in the region, specifically regarding India and Vietnam. Here's what she had to say.

The California Privacy Protection Agency was formed six years ago as mandated by the California Privacy Rights Act. As the first dedicated privacy regulator in the U.S., CalPrivacy - as it's called colloquially - implements and enforces both the CPRA and California Consumer Privacy Act. Under the state's Delete Act, it also oversees California's data broker registry and the Delete Request and Opt-Out Platform, known as DROP. 
 
Tom Kemp serves as executive director for CalPrivacy and is almost a year into his tenure after taking on the role in April 2025. 
 
On 1 January 2026, the DROP system went into effect and now boasts more than 215,000 registrants with more than 500 registed data brokers. The agency is also implementing a number of regulations in the state, including for automated-decision making, risk assessments and cybersecurity audits. 
 
IAPP Editorial Director Jedidiah Bracy caught up with Tom Kemp to learn more about the DROP system and the agency's priorities in the year to come.

Goodwin Partner Omer Tene has long had his finger on the pulse of privacy and AI governance developments and trends. He advises clients on a wide range of issues, from data protection, artificial intelligence, technology, cybersecurity and beyond.
As we head into a brave new 2026, IAPP Editorial Director Jedidiah Bracy caught up with Tene to discuss the big issues he sees playing out this year, from a changing geopolitical environment to US state privacy and AI legislative activity, from kids privacy and safety issues to digital reform in the EU.