All posts
-
How to Anonymize Training Data: Techniques, Tools, and Compliance Considerations
A practitioner's guide to how to anonymize training data — covering PII scrubbing, k-anonymity, differential privacy, synthetic data generation, and GDPR compliance requirements.
-
Best Data Anonymization Tools 2026: Open Source and Enterprise Options Compared
A practitioner's guide to the best data anonymization tools 2026 — covering ARX, Microsoft Presidio, Tonic.ai, K2View, and how to choose based on threat model and compliance requirements.
-
How Membership Inference Attacks Work — and Why They Matter for Privacy
Membership inference attacks reveal whether a specific person's record was in a model's training set. Here's the mechanism, the modern shadow-model
-
US State AI Laws in 2026: Colorado, Texas, California, Illinois
A roundup of the US state AI laws shaping 2026 — Colorado's stalled SB 24-205, Texas TRAIGA, California's AB 2013, and Illinois HB 3773 — with verified
-
CCPA, CPRA, and the New ADMT Rules: What They Mean for LLM Products
California's finalized ADMT regulations bring pre-use notice, opt-out, appeal, and risk-assessment duties to automated decisionmaking — including many LLM
-
Training-Data Privacy and Data-Subject Rights Against AI Models
EDPB Opinion 28/2024 and CNIL's 2025 guidance reshaped how GDPR applies to AI training data — when a model is 'anonymous,' the legitimate-interest basis
-
The Privacy Risks of AI Chat Assistants: Retention, Review, Training
Consumer AI assistants increasingly default to using your conversations for training, human review, and multi-year retention.
-
Cross-Border LLM Data Transfers: SCC Compliance After Schrems II
Most LLM deployments cross borders. The Standard Contractual Clauses framework, post-Schrems II case law, and the supplementary measures requirement apply
-
DPIA Template for LLM Deployment: A Working Structure
A practical Data Protection Impact Assessment structure for LLM-integrated workflows. Includes the risk factors GDPR Article 35 requires, the AI Act
-
EU AI Office Enforcement Priorities for 2026: What Signals Say
The AI Office hasn't published a formal enforcement plan, but its working papers, staffing decisions, and member-state coordination show where the early
-
EU AI Act Article 50: Transparency Obligations Explained
Article 50 imposes disclosure obligations on anyone deploying chatbots, generating synthetic content, or running emotion-recognition systems.
-
GDPR Article 22 and LLM Automated Decision-Making
Article 22's prohibition on solely automated decision-making with legal effects applies to many LLM workflows people don't realize. Here's the working test.
-
EU AI Act Article 52: A Provider's Disclosure Checklist
What Article 52 actually requires of foundation model providers, what the EDPB's draft guidance clarifies, and how to operationalize disclosure without