In this episode of Privacy in Practice, Kellie du Preez and Danie Strachan speak with Daniel Solove, Professor of Intellectual Property and Technology Law at George Washington University Law School and CEO of TechPrivacy. One of the most cited legal scholars in the field of law and technology, Daniel joins the podcast to unpack some of the most common myths that share how businesses think about privacy—and why those myths can lead to weaker compliance decisions, poor risk assessments, and ineffective privacy strategies.

The conversation explores several assumptions in privacy, including the idea that consumer behaviour proves people do not care about privacy, that AI presents an entirely new set of privacy problems, and that consent alone is enough to meet a a company's obligations. Daniel explains why these beliefs often fall apart under closer scrutiny, and what a more thoughtful, practical, and forward-looking approach to privacy should look like.

What this episode covers:

Why the privacy paradox is a risk-calculation, not proof that consumers do not care about privacy
Why "nothing to hide, nothing to fear" misunderstands what privacy is actually about
How AI inference may make seemingly ordinary personal data sensitive in practice
Why consent does not end a company’s privacy obligations
Why staying a step ahead of the law is more achievable and more valuable than chasing perfect compliance
Why security certifications and privacy compliance solve different problems
Why privacy regulation can redirect innovation and encourage privacy by design
And so much more!

Daniel is the author of more than 10 books and one of the most cited legal scholars in the field of law and technology. Beyond academia, he is also the founder of TeachPrivacy, a specialised privacy training company, and co-founder of the Privacy+Security Forum.

If you enjoyed this episode, make sure to subscribe, rate, and review it.

Episode Highlights:

[05:41] The Privacy Paradox: Why Behaviour Isn't Evidence of What People Value

When people click "accept" or trade data for convenience, that is a specific risk calculation made in a specific context, not a reflection of their general views on privacy. The problem is that benefits are tangible and immediate while privacy harms are abstract and often unknowable in advance. Businesses that interpret this behaviour as informed agreement are misreading the signal entirely.

[10:35] "Nothing to Hide, Nothing to Fear" Misunderstands What Privacy Is Actually About

Privacy has never been primarily about concealing secrets. It is about control over how information is used, the freedom to not have to explain yourself, and context — who knows what, and when. A person with cancer is not hiding their diagnosis; they are deciding who learns it and on what terms. Businesses that dismiss privacy risk through this framework are starting from the wrong question.

[14:04] AI Isn't a New Privacy Problem — It's an Old One Amplified

One of the biggest myths about AI is that it introduces entirely new privacy challenges. AI puts existing problems on ‘steroids’ and exposes how badly the notice-and-consent model was already failing. If people cannot make a reasonable risk calculation when they give their data, and that data can later be used to infer sensitive information, privacy law is not doing its job. AI makes that failure impossible to ignore.

[26:12] The Innovation Myth: Privacy and Growth Are Not at Odds

The claim that privacy regulation kills innovation is historically unfounded. Car safety regulation did not stop the auto industry, it redirected innovation toward features customers actually valued and bought more of. A seatbelt is as innovative as a faster car. Privacy regulation does the same: it steers companies to innovate in a different direction, not a lesser one.

Episode Resources:

Daniel Solove on LinkedIn
Kellie du Preez on LinkedIn
Danie Strachan on LinkedIn
VeraSafe Website