I promise there will be no controversy, ok? Last Friday I participated in an event as a panelist, and one of the questions raised was about the impact of recent decisions and moves in US politics on the development of AI regulation, which of course also brings privacy into the conversation. So I thought I would share a bit about how I see all of this in the market I work in every day.

In recent years, the global debate on privacy has gained an unlikely protagonist, at least from my perspective: Donald Trump. In 2017, the then US president signed a resolution that repealed FCC rules that would have prevented internet providers from selling data and required security measures. The repeal not only removed these protections but also barred the FCC from establishing similar rules, leaving consumers without a federal agency capable of protecting them. This move reflects a deregulatory stance that would be repeated years later.

In February 2025, Trump issued an executive order titled “Defending American Companies and Innovators From Overseas Extortion and Unfair Fines and Penalties,”1 which strongly reinforced what I see as a consistent trend of the Trump administration up to its conclusion.

The document accuses foreign governments of using digital regulations as non-tariff barriers and of imposing stricter rules on US companies than on their own. The main target, of course, is the European Union, whose digital service laws, such as the Digital Markets Act, are, according to Trump’s allies, designed against large US platforms.

One example is GDPR fines: by March 2025, European authorities had imposed €5.65 billion in penalties, and 83% of that amount fell on US companies. The context of digital “lawfare” fuels the narrative that Europe uses privacy as a tool of trade war, which in my opinion is quite true — that was never the original principle behind privacy regulations, but that is the story being told.

Brazil also entered the geopolitical radar after tightening the enforcement of its General Data Protection Law (LGPD), even though I believe we are still very far from calling Brazil’s enforcement “strict.” We are just at the beginning, similar to Europe in 2018. In 2024, the National Data Protection Authority (ANPD) issued rules on appointing data protection officers, incident disclosure, and standard contractual clauses, and even prohibited Meta from using personal data to train generative AI, along with new rules for international data transfers closely aligned with European concepts. The suspension of Meta’s AI policy, with a daily fine of R$ 50,000, showed that the ANPD is willing to confront US tech giants in defense of data subjects’ fundamental rights. Although some business leaders see these sanctions as a barrier to innovation, public reaction shows that society values transparency and control over personal data.

Meanwhile, the US also moved forward. California passed the California Privacy Rights Act (CPRA), expanding the former CCPA, which in my view was not even a true privacy law, it was mostly a set of marketing rules with many gaps. The CPRA brought significant improvements: it introduced the category of Sensitive Personal Information, raised the business threshold to 100,000 users, and granted consumers new rights, such as correcting data, requiring third parties to delete information, and opting out of automated decisions and behavioral advertising. These changes bring the state law closer to the robustness of the GDPR and show that the US is not moving solely toward deregulation. Not by chance, in California, Kamala Harris (Democrat) won with about 58.5% of the vote, while Donald Trump (Republican) received about 38.3%.

The regulatory landscape is polarized: on one side, Trump pushes the narrative that Europe and Brazil use privacy to harm US companies; on the other, Brazilian and European authorities are stepping up sanctions to protect citizens. For entrepreneurs and tech professionals, this scenario might feel uncertain, but I also think it opens opportunities. The repeal of FCC rules showed that full deregulation leaves consumers vulnerable, while billion-dollar fines can discourage innovation and reinforce protectionist rhetoric.

Despite skepticism about Trump’s motives and ongoing geopolitical tensions, consumers are more aware, lawmakers are beginning to engage with the industry, and initiatives like the CPRA show it is possible to balance protection and innovation. For those working in technology or privacy, this is the moment to stay informed, adapt processes, and invest in transparency. After all, as recent disputes have shown, privacy has gone from being a technical detail to becoming a central piece in global politics and the economy.

Do you want more proof of its importance than having the world’s top leaders discussing privacy? Let it continue that way.