Anu H. Bradford is a Finnish-American author, law professor, and expert in international trade law. In 2014, she was named the Henry L. Moses Distinguished Professor of Law and International Organization at the Columbia Law School. She is the author of “Digital Empires: The Global Battle to Regulate Technology” and “The Brussels Effect: How the European Union Rules the World”.

Anu Bradford attended Harvard Law School on a Fulbright Scholarship, graduating with another Master of Laws degree from Harvard in 2002. After time in Brussels with the law firm of Cleary Gottlieb Steen & Hamilton, working on EU competition law, she returned to the US, joining the faculty at the University of Chicago as an assistant professor of law. She later joined Columbia Law School as a professor of law and an expert in international trade law. She has been named a Young Global Leader by the World Economic Forum and in 2024, she was awarded the Stein Rokkan Prize for Comparative Social Science Research for her book Digital Empires.

With Anu we are finally looking at EU Digital Policy, including personal data protection and privacy, from a geopolitical and international trade perspective.

References:

* Anu Bradford (Wikipedia)

* Anu Bradford on LinkedIn

* Digital Empires: The Global Battle to Regulate Technology (Oxford University Press, 2023)

* The Brussels Effect: How the European Union Rules the World (Oxford University Press, 2019)

* EU-US trade figures 2023 (EU Commission, Trade Policy)

* Lukasz Olejnik: Propaganda, misinformation, the DSA, Section 230, and the US elections (Masters of Privacy, November 2024).

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel.

Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024.

She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).

With our guest, here for a third time, we have gone through the logic of the Digital Omnibus package aiming to reform a cluster of important EU regulations, the “birth defects” of the AI Act, the importance of South Korea in the global data protection panorama, and the potential consequences of the recent CJEU case, Russmedia.

References:

* Gabriela Zanfir-Fortuna at the Future of Privacy Forum

* Gabriela Zanfir-Fortuna on LinkedIn

* Gabriela Zanfir-Fortuna: A world tour of data protection laws (Masters of Privacy, April 2021)

* Data Protection vs. Privacy and Data Privacy: a January 28th conundrum (with Gabriela Zanfir-Fortuna, Masters of Privacy - 2025)

* X v Russmedia Digital SRL (CJEU, December 2, 2025).

It is time to revisit Data Clean Rooms, having dedicated seven previous episodes to the topic across both the English and Spanish-language channels. The convergence of advanced data management techniques, more mature Privacy Enhancing Technologies, and sophisticated 1st-party data-based collaboration scenarios (on the back of AI, retail media, and Connected TV) already call for frequent updates. This is now accompanied by a more nuanced legal analysis that will benefit from the recent EDPS v. SRB (CJEU) case (on the relative nature of “personal data”).

Some common, burning questions that you will find answered in this episode: How do you apply Joint Controllership agreements to the various stages in common business cases? How to handle more complex relationships involving two or more parties?

References:

* Jacob Feder on LinkedIn

* Jacob Feder at Fieldfisher

* Peter Craddock: EDPS v SRB, the relative nature of personal data, processors, transparency, impact on MarTech and AdTech (Masters of Privacy, September 2025)

* Nicola Newitt (Infosum): the legal case for Data Clean Rooms (Masters of Privacy, March 2023)

* Matthias Eigenmann (Decentriq): Confidential Computing, contractual relationships and legal bases for Data Clean Rooms (Masters of Privacy, March 2024)

* Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy, January 2024)

* Guidelines 8/2020 on the targeting of social media users

* Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW (CJEU, 2019): The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.

* Digital Omnibus Regulation Proposal (EU Commission, November 19th 2025)

* Meta Platforms Inc and Others v Bundeskartellamt (CJEU, 2023)

Can AI agents be deployed for enhanced protection? What is a “triple extortion”? How is ransomware evolving? Is there hope for SMEs?

Sam Kaplan is a policy, legal, and national security professional with over eighteen years of experience across the public and private sectors. He is currently the Assistant General Counsel for Public Policy & Government Affairs at Palo Alto Networks, providing legal guidance on domestic and international legislative, regulatory, and policy matters, with a focus on cybersecurity, AI governance, privacy, data security, international data flows, and public-private capacity building.

Before Palo Alto Networks, Sam led the global product policy team for Facebook’s News Feed and News Tab at Meta Platforms, addressing issues like AI/ML fairness, algorithmic transparency, platform integrity, election security, misinformation, and harmful content.

Prior to his private sector roles, Sam spent over thirteen years in the Federal Government. He held senior leadership positions at the U.S. Department of Homeland Security, including Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Policy and Chief Privacy Officer. Earlier government roles included work at the U.S. Department of Justice (Office of Legal Policy, Bureau of Alcohol, Tobacco, Firearms and Explosives, and U.S. Attorney’s Office for the Eastern District of Virginia) and as Counselor to a member of the Privacy and Civil Liberties Oversight Board, focusing on the U.S. Intelligence Community.

References:

* Sam Kaplan on LinkedIn

* Palo Alto Networks

* Unit 42 Research (Palo Alto Networks)

* Cyber Information Sharing and Collaboration Program (CISCP) at CISA (Cybersecurity and Infrastructure Security Agency)

In this live recording (January 14th 2026), we have conducted a comparative law exercise (US/EU) regarding ePrivacy compliance through Universal Opt-Out signals.

Alan Chapell is the President of Chapell & Associates, a law firm serving media and AdTech. He is outside counsel and CPO to several of the leading advertising and technology companies. He regularly publishes both The Chapell Report and The Monopoly Report.

References:

* Alan Chapell on LinkedIn

* The Chapell Report

* The Monopoly Report

* IEEE P 7012 (MyTerms)

* Alan Chapell: The many struggles of Google’s Privacy Sandbox, and how to deploy it in compliance with EU and US privacy laws (Masters of Privacy, May 2024)

* Can the GPC standard eliminate consent banners in the EU? (Sebastian Zimmeck, Harshvardhan J. Pandit, Frederik Zuiderveen Borgesius, Cristiana Teixeira Santos, Konrad Kollnig, Robin Berjon)

* The slippery slope of consent banners in preventing CIPA and VPPA claims: why effective Opt-Outs will prevail - also in the EU (Sergio Maldonado).

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We will stick to our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs, Zero-Party Data and Customer Centricity; Future of Media.

This season’s update includes:

* CJEU Russmedia decision (“mere conduit” safe harbour overridden by a marketplace’s role as a data controller)

* EU/UK DPA fines (LastPass-ICO, Infobel-APDB, AMEX-CNIL, AENA-AEPD)

* California: Public enforcement (by both the AG -JamCity, SlingTV- and the CPPA) and status of CIPA lawsuits

* Texas’ AG vs. TV manufacturers

* New legislation: EU Digital Omnibus, California’s spree, US Executive Order on AI

* Most recent adventures and daring moves of Meta, OpenAI, Google, Apple and X in the face of MarTech/AdTech constraints, market dynamics, antitrust actions and other enforcement initiatives.

(Our referenced monographic episode on CIPA/VPPA litigation is available here.)

All references and links can be found in a separate blog post available to Masters of Privacy Connect subscribers on our website’s Newsroom section (Newsroom Notes: Fall 2025).

Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs.

Happy Holidays to all of you :)

On Wednesday November 19 2025, the European Commission unveiled its Digital Omnibus Package, which was basically split in two proposals: a proposed Regulation on simplification for AI rules; and a proposed Regulation on simplification of the digital legislation. We will tackle the first one today.

Today we are reviewing that AI-related block with Oliver Patel, who is AI Governance Lead at the global pharma and biotech company AstraZeneca, where he helps implement and scale AI governance worldwide. He also advises governments and international policymakers as a Member of the OECD’s Expert Group on AI Risk and Accountability.

References:

* Oliver Patel, “Fundamentals of AI Governance” (now available for pre-order)

* Enterprise AI Governance, a newsletter by Oliver Patel

* Oliver Patel on LinkedIn

* Oliver Patel: How could the EU AI Act change?

* EU proposal for a Regulation on simplification for AI rules (EU Commission, covered today)

* EU proposal for a Regulation on simplification of the digital legislation (EU Commission, not covered today)

* Europe’s digital sovereignty: from doctrine to delivery (Politico).

Can the growing use of first-party data in mobile app advertising result in more effective, privacy-preserving ads? Are app store policies (around fingerprinting and the use of deterministic IDs) more relevant than specific data protection laws and enforcement actions? Can AI take contextual information to the next level? Will LLMs result in collecting less data in order to anticipate customer journeys?

Zino Rost van Tonningen is the CEO of TyrAds, a cutting-edge adtech company revolutionizing mobile app marketing with privacy-first programmatic solutions. With over a decade of experience in growth and product strategy for fast-moving brands, Zino combines creative agility with strategic rigor to help startups and established app publishers scale effectively in today’s cookieless ecosystem.

References:

* Zino Rost van Tonningen on LinkedIn

* TyrAds: Mobile App Growth Simplified

* Spotify: How We Automated Content Marketing to Acquire Users at Scale

* Apple Developers: User privacy and data use

* ATT opt-in rates in 2025: Benchmarks, insights and how to increase yours (Purchasely)

* Overview of the SDK Runtime on Android