AI privacy regulation, compliance, and enforcement, sourced.
Independent coverage of AI privacy: GDPR enforcement against AI products, training-data provenance, DSAR for model outputs, state-level privacy laws applied to ML, and the gap between corporate privacy claims and corporate privacy behavior.
US State AI Laws in 2026: Colorado, Texas, California, Illinois
A roundup of the US state AI laws shaping 2026 — Colorado's stalled SB 24-205, Texas TRAIGA, California's AB 2013, and Illinois HB 3773 — with verified statuses and dates.
CCPA, CPRA, and the New ADMT Rules: What They Mean for LLM Products
California's finalized ADMT regulations bring pre-use notice, opt-out, appeal, and risk-assessment duties to automated decisionmaking — including many LLM workflows. The timeline and the test.
Training-Data Privacy and Data-Subject Rights Against AI Models
EDPB Opinion 28/2024 and CNIL's 2025 guidance reshaped how GDPR applies to AI training data — when a model is 'anonymous,' the legitimate-interest basis, and the limits of the right to erasure.
The Privacy Risks of AI Chat Assistants: Retention, Review, Training
Consumer AI assistants increasingly default to using your conversations for training, human review, and multi-year retention. The privacy and legal analysis behind the 2025 policy shifts.
// More incidents
-
Cross-Border LLM Data Transfers: SCC Compliance After Schrems II
Most LLM deployments cross borders. The Standard Contractual Clauses framework, post-Schrems II case law, and the supplementary measures requirement apply directly. Here's the working compliance pattern.
-
DPIA Template for LLM Deployment: A Working Structure
A practical Data Protection Impact Assessment structure for LLM-integrated workflows. Includes the risk factors GDPR Article 35 requires, the AI Act overlay, and the sections most often skipped.
-
EU AI Office Enforcement Priorities for 2026: What Signals Say
The AI Office hasn't published a formal enforcement plan, but its working papers, staffing decisions, and member-state coordination show where the early actions will land.
-
EU AI Act Article 50: Transparency Obligations Explained
Article 50 imposes disclosure obligations on anyone deploying chatbots, generating synthetic content, or running emotion-recognition systems. Here's what counts and what doesn't.
-
GDPR Article 22 and LLM Automated Decision-Making
Article 22's prohibition on solely automated decision-making with legal effects applies to many LLM workflows people don't realize. Here's the working test.
-
EU AI Act Article 52: A Provider's Disclosure Checklist
What Article 52 actually requires of foundation model providers, what the EDPB's draft guidance clarifies, and how to operationalize disclosure without exposing trade secrets.
-
What this site is for
AI Privacy Report is an independent watchdog covering AI policy, regulation, and accountability.
Trusted by researchers across the AI security community
AI Privacy Report is part of a 26-site editorial network covering adversarial ML, AI governance, defensive tooling, and ops engineering — all open access.
AI Privacy Report — in your inbox
AI privacy regulation, compliance, and enforcement, sourced. — delivered when there's something worth your inbox.
No spam. Unsubscribe anytime.