Meaghan Henderson started off as a litigation attorney in Los Angeles, subsequently joining Snap Inc.’s Trust and Safety operations. She is now Global Head of Privacy at iRobot (makers of the ubiquitous Roomba, a robotic vacuum cleaner).

We have gone over the many tasks that Meaghan has managed (and regularly manages) to accomplish as a one-person team: rolling out a full privacy program, raising internal awareness, coordinating with security teams, complying across multiple jurisdictions, and being part of the AI governance committee.

References:

* Meaghan Henderson on LinkedIn

* Generally Accepted Privacy Principles (GAPP)

* ISO/IEC 27701 (program maturity over time)

* Fair Information Practice Principles (FIPPs)

* NIST Privacy Framework

* OECD Privacy guidelines

* Amazon and iRobot agree to terminate pending acquisition

We revisit the topics of individual agency, consumer perceptions of privacy, and self-sovereign identity through the lens of a “personal AI”.

Copenhagen-based Yngvi Karlson is the Co-founder of Kin, a personal AI built on privacy and trust. After two successful exits and a career in venture capital, he set out to answer a bigger question: can AI empower us without owning us? For him, Kin is more than technology. It’s a movement to put people back in control of their data, their conversations, and their future.

References:

* Download Kin

* Yngvi Karlson on LinkedIn

* My data, my rules? Not so fast. (Sergio Maldonado, 2021)

* Dan Stone: how to own our identity, protect personal data, and escape LinkedIn (Masters of Privacy)

* Jamie Smith: AI Agents, digital identity, wallets and personal data (Masters of Privacy)

* Adrian Doerk: digital identity, digital wallets and data protection (Masters of Privacy)

* Sille Sepp: MyData Global and the fight for Human Centricity (Masters of Privacy)

* An emotional attachment to GPT 4o results in OpenAI reversing course on GPT 5 (Wired)

Jennifer Oliver is an experienced commercial litigator who has defended consumer class actions and multidistrict litigation, including those arising from data breaches and antitrust. She has worked in several high-profile jury trials, serving as lead counsel in complex mediations. She also counsels clients on matters related to privacy compliance and use of ad tech and similar technologies.

Jennifer is a shareholder at Buchanan, Ingersoll & Rooney and has a long list of relevant affiliations and certifications including being an Executive Committee Member of the Privacy Section at the California Lawyers Association.

With Jennifer we have dived deeper into AdTech or pixel-related litigation in California, both in court and through arbitration.

References:

* Jennifer Oliver on LinkedIn

* Jennifer Oliver’s profile at Buchanan

* John Pavolotsky: How successful can US privacy laws be at regulating AI models and systems? (Masters of Privacy)

* California SB 690 Passes California’s Senate, Signaling a Major Step in Redefining Privacy Law and Limiting CIPA Litigation for Online Businesses

Are privacy compliance and AI governance poised to remain stand-alone practices within the large enterprise? What is their interplay with an all-encompassing compliance effort? How will we deal with consent in the world of AI Agents?

Erica Irvin is SVP, Commercial and Innovation Law, and Chief Privacy Counsel at Lowe’s Companies, Inc., where she leads legal strategy for commercial operations, privacy, and innovation. With nearly 30 years of in-house experience across retail, tech, and education, she is known for building agile legal teams and shaping ethical approaches to Privacy by Design, AI and digital transformation. Erica is also a frequent speaker and advisor on privacy, data governance, and legal innovation.

References:

• Erica Irvin on LinkedIn
• Linsey Krolik: the growing role of the Product Counsel in privacy and AI compliance (Masters of Privacy, May 2025)
• Gam Dias: Agents Unleashed, understanding the Agentic AI stack (Masters of Privacy, April 2025)

What is “manipulative design”? How does this concept differ from “dark patterns”? How could we expand website and mobile app monitoring to a company’s ad stack?

Boltive’s Christine Desrosiers has joined us for another Privacy Tech interview. She is an operations and product professional with 20 years of experience building best-in-class publisher ad stacks and ops teams, and integrating ad and site stacks with Privacy Tech. She is involved in a number of industry working groups and advisory boards, working to raise the bar on privacy, security and transparency.

References:

• Christine Desrosiers on LinkedIn
• Boltive: monitor security and privacy compliance across the consumer front end (including publishing and AdTech)
• Jessica B. Lee, Chair of Loeb & Loeb LLP’s Privacy, Security & Data Innovations practice
• Global Privacy Enforcement Network: 2024 “sweep” on deceptive design patterns
• FTC, ICPEN, GPEN Announce Results of Review of Use of Dark Patterns Affecting Subscription Services, Privacy (FTC, July 2024)
• Bringing Dark Patterns to Light (FTC, September 2022)
• Daniel Solove, A Taxonomy of Privacy (UPenn Law Review, January 2006) - see “decisional interference”
• Website Privacy Controls (New York State Attorney General)
• FTC study finds ‘dark patterns’ used by a majority of subscription apps and websites (TechCrunch, July 2024)
• FTC vs. Amazon (“Roach Motel” pattern through the internally called “Illiad” process for consumers to cancel their Amazon Prime membership)
• California SB 690: A new hope for CIPA litigation overload? (Norton Rose Fulbright)
• Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)
• Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025)
• Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025)
• Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025)
• Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence (Masters of Privacy, July 2025)

Could transparency and control requirements be seamlessly integrated within delightful customer journeys? How has a famously design-led company (Airbnb) mastered Privacy User Experience?

Ansuman Acharya serves as a Principal Product Manager at Airbnb, where he leads the design and development of cutting-edge privacy experiences that safeguard the trust of millions across the globe. With a foundation in privacy technology and user-centric design, he artfully bridges engineering depth with ethical product leadership. His 11-year journey at Microsoft, spanning Hyderabad, India and Bellevue, WA shaped his multidisciplinary expertise across enterprise and consumer domains spanning commerce, collaboration/productivity and healthcare tech. Ansuman holds a Master’s from the University of Washington’s Foster School in Information Systems and a Bachelors degree in Computer Science Engineering from NIT Rourkela in India.

References:

• Ansuman Acharya on LinkedIn
• Airbnb: privacy choices
• USENIX Conference on Privacy Engineering Practice and Respect
• Defining Privacy UX (UserTesting)

Will EU cybersecurity laws result in new global standards? Should companies handle NIS2 compliance in concert with GDPR, AI Act, or Data Act requirements? Does it make sense to take data localization to its ultimate consequences?

Nathalie Barrera serves as the Director for Privacy for the EMEA region at Palo Alto Networks, which is a leading provider of cybersecurity solutions. Her expertise involves the company’s compliance with NIS2, the AI Act, the GDPR, and DORA. She also assists customers in navigating their own complex regulatory requirements. She has previously spent seven years at Cisco Systems working as commercial counsel and Privacy and Security Counsel. She studied law and completed her LLM at the University of Navarra.

References:

• Nathalie Barrera on LinkedIn
• EU Network and Information Services Directive II
• EU Data Act
• EU Digital Operational Resilience Act (DORA)

How do we move from mere words to actual baked-in privacy? Can built-in alerts, code scanning tools, or server-side auditing make life much easier for DPOs and legal teams?

We are joined by Vaibhav Antil in a new installment of our Privacy Tech series. Vaibhav is founder & CEO of Privado.ai. Before starting Privado.ai, Vaibhav led product management at a tech company and worked with the legal team on GDPR compliance. Vaibhav started Privado.ai to solve the language gap between legal, privacy, and product engineering teams.

References:

• Vaibhav Antil on LinkedIn
• Privado: Evidence-based Privacy
• Bridge: Technical Privacy Summit (by Privado)
• CNIL: Use analytics on your websites and applications (how analytical cookies can be exempt from consent)
• Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025)
• Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025)
• Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025)