Privacy in the AI Age: What's Really Changing in 2026 (with Cloudflare's CPO)
Fri Feb 06 2026
In this episode of This Week in NET, host João Tomé is joined by Emily Hancock, Cloudflare’s Chief Privacy Officer and Data Protection Officer, for a wide-ranging conversation about privacy in 2026 and how the role has evolved in the age of AI.
Emily explains how privacy officers shifted from GDPR compliance to broader data governance, responsible AI practices, cybersecurity collaboration, and cross-border data frameworks. We explore privacy by design, data minimization, vendor risk, government requests, warrant canaries, digital sovereignty, insider threats, and how AI is reshaping both attacker and defender capabilities.
We also discuss Cloudflare’s approach to responsible AI, how teams use internal controls to avoid misuse of customer data, and why “human in the loop” remains essential for accuracy, safety, and trust.
Check the Cloudflare Blog: blog.cloudflare.com
1:53 — Blogs roundup
3:58 — How the CPO role has evolved since GDPR
7:04 — From GDPR to AI governance
9:46 — Privacy + cybersecurity: breaches, notifications, preparedness
14:08 — “Fire doors” and incident containment
14:56 — Privacy by design & data minimization
20:07 — Government requests, due process, and transparency
22:08 — Warrant canaries & what Cloudflare will never do
23:17 — Digital sovereignty: localization and global differences
26:25 — Data Localization Suite & Metadata Boundary
28:06 — AI and privacy: rules, training, customer protections
29:35 — Cloudflare’s AI principles
31:32 — AI sovereignty & running inference close to users
32:19 — “AI as an intern”: accuracy and human review
34:31 — Protecting personal data when using AI
36:20 — What’s coming in 2026: regulation & fragmentation
38:37 — Insider threats & Zero Trust
40:33 — Emily’s privacy wish list for 2026
More
In this episode of This Week in NET, host João Tomé is joined by Emily Hancock, Cloudflare’s Chief Privacy Officer and Data Protection Officer, for a wide-ranging conversation about privacy in 2026 and how the role has evolved in the age of AI. Emily explains how privacy officers shifted from GDPR compliance to broader data governance, responsible AI practices, cybersecurity collaboration, and cross-border data frameworks. We explore privacy by design, data minimization, vendor risk, government requests, warrant canaries, digital sovereignty, insider threats, and how AI is reshaping both attacker and defender capabilities. We also discuss Cloudflare’s approach to responsible AI, how teams use internal controls to avoid misuse of customer data, and why “human in the loop” remains essential for accuracy, safety, and trust. Check the Cloudflare Blog: blog.cloudflare.com 1:53 — Blogs roundup 3:58 — How the CPO role has evolved since GDPR 7:04 — From GDPR to AI governance 9:46 — Privacy + cybersecurity: breaches, notifications, preparedness 14:08 — “Fire doors” and incident containment 14:56 — Privacy by design & data minimization 20:07 — Government requests, due process, and transparency 22:08 — Warrant canaries & what Cloudflare will never do 23:17 — Digital sovereignty: localization and global differences 26:25 — Data Localization Suite & Metadata Boundary 28:06 — AI and privacy: rules, training, customer protections 29:35 — Cloudflare’s AI principles 31:32 — AI sovereignty & running inference close to users 32:19 — “AI as an intern”: accuracy and human review 34:31 — Protecting personal data when using AI 36:20 — What’s coming in 2026: regulation & fragmentation 38:37 — Insider threats & Zero Trust 40:33 — Emily’s privacy wish list for 2026