PrivacyEngine Podcast

Send us Fan MailIn the first of three episodes on the US Privacy landscape, Katie and Maria focused on the unique, fragmented nature of privacy laws in the United States. They discussed how the US lacks a comprehensive federal privacy law, instead relying on sector-specific regulations like HIPAA for health data, COPPA for children's data, and GLBA for financial information, with enforcement primarily handled by the Federal Trade Commission. The conversation covered the historical development of privacy law in the US, from the 1890 "right to be let alone" concept through key legislation including the Privacy Act of 1974 and the Video Privacy Protection Act, highlighting how US laws often emerge in response to specific scandals rather than proactive regulation. They also explored the ongoing challenges in passing comprehensive federal privacy legislation, including political disagreements over private rights of action and federal preemption concerns, as well as the significant influence of tech industry lobbying in slowing or blocking privacy legislation.In episode two, Katie and Maria will cover the state law picture, including California in depth, the broader wave of state comprehensive privacy laws, how individual rights compare with the GDPR, children's data regulation at the state level, and the FTC's role as de facto national privacy regulator.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailIn this episode, Katie Burch and Dr. Maria Moloney unpack Bahrain’s Personal Data Protection Law and compare it with the GDPR and other regional regimes. They cover scope, lawful bases, data subject rights, cross-border transfers, prior authorisation, and the growing role of AI governance.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailIn this episode of the International Data Protection Regulation Podcast, Dr. Maria Maloney and Katie Birch examine Qatar’s Personal Data Privacy Protection Law, Law No. 13 of 2016, and its growing relevance for privacy, cybersecurity, and AI governance.The discussion covers the core structure of Qatar’s privacy framework, including how personal data is defined, how sensitive data is treated, and why consent plays such a central role in lawful processing. The episode also explores the rights available to individuals, such as access, correction, objection, erasure, and withdrawal of consent, as well as the practical obligations placed on organisations that handle personal data.Maria and Katie also look at breach notification, enforcement, cross-border transfers, online privacy, direct marketing, and the higher standard applied to children’s data. They then turn to AI, considering how Qatar’s privacy framework may evolve as AI governance becomes more formalised and as global regulatory expectations continue to shift.This episode is a practical overview for privacy professionals, legal teams, compliance leaders, and anyone interested in how data protection law is developing in Qatar and across the Gulf region.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailIn part two of our UAE data protection series, we move beyond the UAE Federal Personal Data Protection Law (PDPL) and into the free zones, specifically the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM). These financial and commercial hubs operate their own data protection regimes, built to support international business and designed to feel familiar to GDPR-ready organisations.We break down what DIFC and ADGM actually are, why the federal PDPL generally does not apply inside these zones, and how to determine which law applies when operations span multiple jurisdictions or sectors. You will also learn what feels “GDPR-like” (lawful bases, controller-processor rules, DPIAs, RoPA, data subject rights) and what can catch teams out, including regulator expectations, breach notification thresholds and timelines, international transfer mechanisms, governance requirements, and enforcement posture.If you are expanding into the UAE, working with DIFC or ADGM entities, or managing cross-border data flows, this episode offers practical guidance on building a jurisdiction-specific compliance strategy that holds up in day-to-day operations.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailThe UAE’s data protection landscape is layered: a federal PDPL plus separate free-zone regimes (DIFC and ADGM). In Part 1, we break down the UAE Federal PDPL, what it covers, how it aligns with GDPR, individual rights, breach expectations, international transfers, governance requirements, enforcement realities, and practical compliance priorities for organisations operating in or targeting the UAE.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailIn Episode 2 of the Privacy Engine series on international data protection legislation, we explore Saudi Arabia’s Personal Data Protection Law (PDPL), the Kingdom’s first comprehensive privacy framework and a key pillar of Vision 2030’s digital transformation.Hosted by Dr Maria Moloney, and joined by Katie, we break down what the PDPL is, who it applies to inside and outside Saudi Arabia, and how closely it aligns with GDPR, including where it differs in meaningful ways.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.

Send us Fan MailThe Digital Personal Data Protection Act of 2023 is India's first comprehensive data protection law, balancing individual privacy rights with the needs of governments and businesses. It introduces new terminology, such as 'data fiduciaries,' and stems from a 2017 Supreme Court ruling on privacy. Key provisions include consent rules, individual rights, and data breach protocols, with a focus on digital personal data and protections for children.Enjoyed this episode? Subscribe for more practical insights on global privacy and data protection. If you have questions about India's DPDPA, KSA & UAE's PDPL compliance, get in touch. We would love to hear from you.