The Privacy Advisor Podcast

As chief privacy officer of the biggest city in the United States, it’s safe to say that Michael Fitzpatrick doesn’t have your normal, run-of-the-mill job. As part of New York’s Office of Technology and Innovation, the Office of Information Privacy provides guidance to more than 175 agency privacy officers across the city. It also works closely with the city’s Cyber Command and has partnered with the Cities Coalition for Digital Rights and the Biometrics Institute. IAPP Editorial Director Jedidiah Bracy caught up with Fitzpatrick to learn more about his work as CPO of New York City, how his office works across government and what he sees as some of the biggest challenges in privacy and cybersecurity.

Autonomous robots with embedded artificial intelligence are growing more common across industry sectors. So-called “embodied AI,” collects vast amounts of data through its sensors and changes how humans interact with technology. As embodied AI becomes more common and continues to drive innovation, it also creates new challenges for ethical uses of data and personal privacy. Erin Relford is a privacy engineer at Google and has worked in the embodied AI space. In a recent article for the IAPP, she wrote that “existing privacy mitigations may be insufficient for human-robot interactions.” That’s why she helped create a robotics privacy framework to “promote privacy-preserving design” in the “responsible deployment of robotics with embedded AI. IAPP Editorial Director Jedidiah Bracy caught up with Erin to discuss her work in this vanguard space.

Privacy law and technological advancements have a deep and intertwined history that go back to at least the 1890s with Samuel Warren and Louis Brandeis's article "The Right to Privacy," which was prompted by camera technology. George Washington University Law Professor Dan Solove has long studied and written about privacy law. He published several well-known books including "Nothing to Hide: The False Trade Off Between Privacy and Security" and co-authored "Privacy Law Fundamentals," which is published by the IAPP. Solove recently published a new book, "On Privacy and Technology." IAPP Editorial Director Jedidiah Bracy caught up with Solove just before the book was published to discuss it and whether the regulation-versus-innovation trade-off is a fallacy, why the notice-and-choice paradigm hasn't worked for consumers, and where the future will take privacy, AI, and cybersecurity law and regulation.

Australia made waves in 2024 after it passed an amendment to the Online Safety Act of 2021, which introduces a legal minimum age of 16 to create and use an account for certain social media platforms in Australia. It also requires platforms within scope to implement age-gating practices. As Australia’s first eSafety Commissioner, Julie Inman-Grant, whose agency administers the Online Safety Act and the Social Media Minimum Age amendment, has been at the forefront of regulating online safety since her appointment in 2017. With a background in the private sector, including stints at Microsoft, Twitter and Adobe, Inman-Grant has a wide-ranging view of the online space and the harms within it. IAPP Editorial Director Jedidiah Bracy recently caught up with Commissioner Inman-Grant to discuss her work in online safety, what’s currently underway regarding age-gating requirements for social media and the effects AI will have for online safety and harms.

Though it came close in recent years, federal privacy legislation is not likely top of mind as a new administration takes the reigns in Washington, DC. The same likely goes for federal AI governance and safety legislation with a divided Congress and executive branch that promotes a deregulatory posture. That means state-level privacy and AI bills will proliferate in 2025. Connecticut was the 5th U.S. state to a pass comprehensive privacy law, and Connecticut State Senator James Maroney played a large role in crafting his state's bill. Maroney is now working on AI legislation and takes part in the Future of Privacy Forum’s Multistate AI Policymaker Working Group, which comprises more than 200 bipartisan state lawmakers and other government officials, with the aim to “foster a shared understanding of emerging technologies and related policy issues.” IAPP Editorial Director Jedidiah Bracy recently caught up with Maroney to discuss his work on privacy, his experience working with other policymakers in the multistate working group, and what to expect from AI legislation in Connecticut this coming year. 

It's hard to believe we’ve reached the final weeks of 2024, a year filled with policy and legal developments across the map. From the continued emergence of AI governance, to location privacy enforcement, children’s online safety to novel forms of privacy litigation, no doubt this was a year that kept privacy and AI governance pros very busy. One such professional in the space is Goodwin Partner Omer Tene. He’s been immersed in many of these thorny issues, and as always, has thoughts about what’s transpired in 2024 and what that means for the year ahead. I caught up with Tene to discuss the year in digital policy. Here's what he had to say.

  AI governance is a rapidly evolving field that faces a wide array of risks, challenges and opportunities. For organizations looking to leverage AI systems such as large language models and generative AI, assessing risk prior to deployment is a must. One technique that’s been borrowed from the security space is red teaming. The practice is growing, and regulators are taking notice. Brenda Leong, a partner of Luminos Law, helps global businesses manage their AI and data risks. I recently caught up with her to discuss what organizations should be thinking about when diving into red teaming to assess risk prior to deployment.

As the U.S. enters the final stretch of the 2024 election cycle, we face a tight race at the presidential and congressional levels. With a razor-thin margin separating Vice President Kamala Harris and former president Donald Trump, we decided to take a look at the possible policy positions of each campaign with regard to privacy and artificial intelligence governance. Of course, reading tea leaves is no easy feat, but while attending IAPP Privacy. Security. Risk. 2024 in Los Angeles, California, IAPP Editorial Director Jedidiah Bracy sat down with Managing Director, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, to gain his insight on each camp's policy positions, from the administrative state to international data transfers and beyond. Here's what he had to say.  

The year 2024 proved to be another robust one for emerging U.S. state privacy law. Seven states joined the ranks, bringing the total up to 19.   Unlike previous years, however, 2024 underwent a paradigm shift away from the standard framework influenced by the draft Washington State Privacy Act. For the Future of Privacy Forum's Keir Lamont, CIPP/US, and Husch Blackwell's David Stauss, CIPP/E, CIPP/US, CIPT, FIP, PLS, 2024 marked the end of what Lamont calls the "Pax Washingtonia" era for state privacy law.   While attending the IAPP Privacy. Security. Risk. conference in Los Angeles, California, IAPP Editorial Director Jedidiah Bracy caught up with Lamont and Stauss to discuss this busy year in state privacy law, as well as what to expect with rulemaking and enforcement at the state level.

Reva Schwartz, a research scientist and principal investigator at NIST, leads the groundbreaking ARIA program aimed at assessing AI's risks and impacts. She discusses the initiative's goal to develop real-world testing methods for AI systems, ensuring their trustworthiness. The conversation dives into the importance of collaboration in model testing and participant recruitment, and how evaluating AI through realistic scenarios will help mitigate biases. Schwartz highlights the establishment of the AI Resource Center as a vital hub for risk management and fostering a trustworthy AI community.