This is my first post 100% written by AI. Of course, I reviewed it and smoothed out some edges, but from a creation standpoint, this was 100% automatic. I use AI to help me with texts, but I usually do research, write the entire post from my head, and then use AI to check sources, organize the structure, correct grammar, and suggest improvements—like when I use technical jargon that is trivial to me but might not be for the reader. But this time, I did things a bit differently.

I took all my article posts from 2025 and fed them into Google’s NotebookLM. Then, I gave it a prompt to generate a retrospective covering everything I posted in the format of an article with great storytelling. Here is the result below; I hope you enjoy it, and see you in 2026!

If we had to define 2025 in a single sentence, it would be: the year “science fiction” collided violently with regulatory and human reality. It was the year we dreamed of placing datacenters on the Moon to escape terrestrial jurisdictions, yet woke up to the urgent need to protect the facial biometrics of retirees against basic digital fraud.

By analyzing the content production and events of this year, it becomes clear that 2025 was not just about technological advances, but about the invisible cost of those advances. Privacy ceased to be a compliance item and became a matter of national security, physical integrity, and mental health.

The Identity Crisis of Artificial Intelligence

Artificial Intelligence (AI) moved beyond being just a productivity tool to become the center of an ethical and technical battlefield. We saw the rise of “Vibe Coding,” where AI-assisted intuitive programming generated fast code but paved the way for data leaks due to a lack of rigor in security engineering.

The euphoria over Large Language Models (LLMs) encountered severe technical barriers. We discovered that harmless files, such as PDFs, could contain invisible instructions capable of “hacking” the interpretation of AI systems, manipulating legal or compliance results. Even more serious, AI hallucinations—the generation of false truths—collided head-on with laws like the GDPR, which require data accuracy. The right to rectification became a paradox: how can data be corrected in a probabilistic model without destroying it?

This forced privacy engineering to evolve. The concept of “Machine Unlearning” left theory to become a practical necessity to avoid “algorithmic disgorgement”—the legal obligation to discard entire models trained on illicit data. In the regulatory field, the European Union stood firm with its AI Act and codes of practice, rejecting pauses in regulatory progress despite pressures for competitiveness.

The Cybercrime Underworld: From Baguettes to National Identities

While technology advanced, cybercrime mocked corporate defenses. 2025 was the year ransomware turned into mockery: we saw gangs demand bizarre ransoms, such as $125,000 paid in baguettes, as a form of public humiliation for the victims.

But the sharp humor of crime hid real tragedies. Venezuela suffered a cybersecurity collapse, with massive leaks exposing millions of citizens and weakening the country’s sovereignty. In Spain, a teenager known as “Alcasec” cloned the country’s judicial infrastructure, exposing half a million taxpayers and reminding us that institutional fragility is global.

Panic was also monetized. Headlines about “16 billion leaked passwords” generated hysteria, though cold analysis showed it was largely a recycling of old data packaged to look like a new catastrophe. However, the true gold mine was not passwords, but health. We discovered that medical data is worth up to 50 times more than credit cards on the dark web, fueling a cruel market of extortion and discrimination.

Geopolitics and Brazil’s Regulatory Maturity

In the political arena, privacy became a diplomatic bargaining chip. Donald Trump’s return to the political scene reignited tensions with Europe, questioning the rigidity of the GDPR and threatening transatlantic data flows.

In contrast, Brazil experienced a historic moment. The National Data Protection Authority (ANPD) was finally transformed into a special autarchy, gaining the necessary autonomy for real oversight, similar to ANATEL or ANAC. This maturation culminated in the publication of the adequacy draft by the European Commission, signaling that Brazil has reached a level of protection “essentially equivalent” to the European standard, which could decree the end of the bureaucracy of Standard Contractual Clauses (SCCs) for data transfers.

Emerging countries also dictated rules. India (with the DPDPA and its Consent Managers) and Saudi Arabia (with the PDPL and prison penalties) showed that data regulation is now a global economic pillar, and not exclusive to the West.

The Human Factor: Children, Biometrics, and the Right to Exist (or Vanish)

Finally, 2025 was the year we looked in the mirror—and at our children. Facial biometrics, sold as the definitive security solution, failed spectacularly when fraudsters used “stolen selfies” to trick life verification for the INSS, proving that technology without robust liveness detection is an open door for crime. In residential complexes, the convenience of keyless entry turned into unnecessary exposure of sensitive data.

Online child protection reached a breaking point. Australia led a radical movement to ban minors under 16 from social media, sparking global debates on how to balance protection and freedom in the digital environment.

For the average individual, the question remaining in 2025 was: “is it possible to disappear?” The answer is complex. Obfuscation techniques, metadata cleaning, and anti-tracker measures became survival skills. Even faith came under debate, with the European Court discussing whether the “right to be forgotten” applies to Catholic Church baptismal records.

Conclusion

Looking back, 2025 taught us that privacy is no longer about hiding secrets, but about maintaining control over one’s own life in a world where everything—from our faces to our health data—is a commodity. Technology, whether it is generative AI or an autonomous robot, now demands governance that cannot be improvised. Whether through the adoption of standards like the new ISO 27701:2025 or Privacy by Design, the message of the year is clear: trust is the only asset that, once broken, no backup can restore.