Insights

Observations and Opinions from our Experts

May 24, 2026

The Unintended Inefficiencies of Giving Everyone AI

Garbage In, Overconfidence Out: The Regulatory Burden Nobody Counted in Their AI ROI

Jacob Burgess

Apr 6, 2026

What the New EDPB Scientific Research Guidelines Mean for Innovation

The EDPB’s Scientific Research Guidelines offer a pragmatic, research‑friendly interpretation of the GDPR—one that recognises the societal value of science while reinforcing the protection of individuals’ rights.

Dec 1, 2025

When Pseudonymised Data May Not Be “Personal”: Key Takeaways from EDPS v SRB

The EDPS v SRB judgment confirms what many privacy professionals have long argued: pseudonymised data is not inherently personal data in every context.

Recent GDPR (and EU privacy) enforcement actions

The best way to read enforcement actions is as product requirements written by regulators.

The Enforcement Risk Hiding in Plain Sight: Website Privacy Notices

Website privacy notices are deceptively simple. In today’s enforcement environment, the riskiest privacy statement is the one no one revisits.

The Hidden Risks of Failing to Comply with the EU AI Act

The EU AI Act marks a shift from voluntary AI ethics to enforceable accountability. Failing to comply is no longer just a regulatory oversight—it is a strategic risk that can affect finances, operations, and reputation simultaneously.

De‑Identification, Anonymization, and Pseudonymization: Why the Differences Matter More Than Ever

The real mistake is not choosing one approach over another—it’s treating them as interchangeable.