Insights
Where Is My Privacy?
Our publication on data privacy, written for founders, operators, and privacy professionals who want to understand what's actually happening, not just what the regulators say.
Articles
Long-form analysis, twice a week
Deep dives on enforcement, regulation, and privacy practice across the EU, India, US, and beyond. Free to read, free to subscribe.
Browse the archiveDaily notes
One privacy story, every day
Short takes on the privacy, security, and AI stories that matter, posted daily on Substack Notes with the source alongside.
Read the daily notesLatest daily notes
All notes18 Jul 2026
Italy's Garante fined WINDTRE €1.7M after attackers just phoned two shops, posed as IT support, and talked staff into handing over system access. That expose...
Read on Substack17 Jul 2026
Moonshot announced Kimi K3 on Thursday: 2.8 trillion parameters, a million-token context, and headlines already calling it the largest open model ever built.
Read on Substack16 Jul 2026
Saudi Arabia's SDAIA has launched a national AI risk framework. Seven principles, seven risk categories, and a four stage cycle that ends in continuous monit...
Read on SubstackLatest articles

17 Jul 2026
Same scam, opposite verdicts
Two companies lost customer data to someone pretending to be IT support. One was cleared, the other was fined €1.7m. The attack wasn't the difference.
Read on Substack
10 Jul 2026
The model too good to ship
A frontier model held back for its hacking skills, a cyber law its own members ignored, and 7 million driver's licences lost to one phishing email.
Read on Substack
9 Jul 2026
The EDPB just turned "it's anonymous" into a test you have to pass
New draft guidelines on anonymisation and web scraping for generative AI tell AI builders to show their working, not just their labels.
Read on Substack
7 Jul 2026
France built a GDPR fining machine, and it runs on complaints
The CNIL issued 23 sanctions in six months without naming a single company. The headline fines were never the real risk.
Read on SubstackSubscribe, it's free
Written by Abhishek Bansiwal, founder of the practice. CIPP/E certified, LL.M. Trinity College Dublin, statutory DPO at a multi-jurisdiction B2B SaaS platform, ex-Deloitte. Writing about what actually matters in data privacy.
Start here
Tell us what you're dealing with.
Pick the service that sounds closest, or just describe the situation. You'll get an honest reply within 24 hours: where you stand, what actually needs doing, and whether we're the right fit for it.
Prefer to talk? Book a free 30-min callEmail: abhishek.adv@yahoo.com
LinkedIn: linkedin.com/in/abhishekbansiwal
Working with clients across the EU, UK, US, India, and beyond. See the privacy notice for how enquiries are handled.