Inside The Mind Of A Former Privacy Regulator
Recorded: Jan. 20, 2026, 10:03 a.m.
| Original | Summarized |
Inside The Mind Of A Former Privacy Regulator | AdExchanger
image/svg+xml:
Topics Opinion About Us Events Podcasts NEW! Programmatic AI 2026 Become an AdHero Subscribe Sign In
Sign In Topics
Home Data Privacy Roundup Inside The Mind Of A Former Privacy Regulator
Data Privacy Roundup Tuesday, January 20th, 2026 – 1:00 am
Most interactions between companies and regulators end without a formal investigation or public settlements, Bridegan said, so long as companies engage openly and work to resolve concerns up front. Subscribe AdExchanger Daily Daily Roundup Daily News Roundup Around four months after I started, Texas’ data privacy law took effect, and the new Texas data broker law took effect the year before. There are a ton of laws that get passed and then nothing happens on the enforcement side. We wanted to signal that we were taking these laws seriously.
Next In Data Privacy Roundup Don’t Let These Privacy Shifts Blindside You In 2026
Related Stories Data Privacy Roundup Must Read AI Ad industry experts call out trends to watch in 2026 and separate the real AI use cases having an impact today from the AI hype they heard at CES. Commerce Fraud is eating into retail profits. A new startup called Pinch AI just launched with $5 million in funding to fight back. Commerce On Wednesday, retail and CPG data company SPINS added a new piece with its acquisition of MikMak, a click-to-buy ad tech and analytics startup that helps optimize their commerce media. Marketers Believe it or not, car oil change service company Valvoline is in the midst of a fascinating retail marketing transformation. PODCAST: The Big Story Agents, streamers and robots, oh my! Live from the C-Space campus at the Aria Casino in Las Vegas, our team breaks down the most interesting ad tech trends we saw at CES this year. antitrust From afar, it looks like Google had a rough year in antitrust court. But zoom in a bit and it becomes clear that the past year went about as well as Google could have hoped for.
Popular AI Ad industry experts call out trends to watch in 2026 and separate the real AI use cases having an impact today from the AI hype they heard at CES. Marketers Linkby, which connects brands with publisher content that advertisers pay for based on reader engagement, announced its $15 million Series B on Tuesday. Commerce Retail’s Big Show, the annual NRF event in New York City, was big on agentic commerce, unsurprisingly, as well as influencer and creator marketing, which was an eye-opener. CTV Roundup Returning to the news desk after a year away from CTV beat reporting is like discovering a time capsule with the industry’s core dilemmas. One thing that has changed, however, is the CTV industry’s infatuation with agentic AI. Publishers Traffic is down, but publisher content is still driving purchases. Partnerize’s new attribution model lets publishers see what’s working and strike fair compensation deals.
Join the AdExchanger Community Your trusted source for in-depth programmatic news, views, education and events. NEXT EVENT
ABOUT ADEXCHANGER CONNECT
© 2026 Access Intelligence, LLC - All Rights Reserved |
The article features an interview with Tyler Bridegan, a former privacy regulator who served as director of privacy and tech enforcement for the Texas attorney general’s office before transitioning back to private practice as a partner at Womble Bond Dickinson. Bridegan provides insights into the decision-making processes of privacy regulators, strategies for companies to navigate regulatory scrutiny, and broader trends in state-level enforcement. His perspective is shaped by his dual experience in public and private sectors, as well as Texas’s increasingly aggressive stance on data privacy. Bridegan explains that regulators often initiate actions based on consumer complaints, media headlines, or personal experiences as consumers. However, he emphasizes that most interactions between companies and regulators do not escalate to formal investigations or public settlements if firms demonstrate openness, transparency, and a willingness to address concerns proactively. He advises companies to respond swiftly to regulatory inquiries, avoid defensiveness, and resolve issues promptly. This approach not only mitigates risks but also fosters smoother resolutions. Bridegan notes that 2026 is expected to be a particularly active year for enforcement, though cooperation and pragmatic problem-solving remain critical. “Don’t overshare but also don’t be so cagey that it looks like you’re hiding things,” he cautions, highlighting the delicate balance regulators seek between accountability and reasonableness. His transition back to private practice, he explains, was always part of his long-term plan. After serving in the Texas AG’s office, where he contributed to enforcing landmark privacy laws such as the Texas Data Privacy and Security Act (TDPSA) and the Texas Data Broker Law, Bridegan returned to private practice to leverage his firsthand understanding of regulatory priorities. He credits his public sector experience with deepening his expertise in consumer protection, a field he has navigated through roles at the Federal Communications Commission (FCC) and now in private practice. This blend of perspectives, he argues, enables him to offer clients a more nuanced view of compliance strategies. Texas’s reputation for aggressive enforcement is central to Bridegan’s analysis. The state has pursued high-profile cases against major corporations, including Allstate, General Motors, TikTok, Google, and Meta, as well as lawsuits targeting smart TV manufacturers for alleged data collection practices. These actions reflect a broader trend among state attorneys general (AGs) to use privacy enforcement as a platform for political visibility. Bridegan points out that many AGs face re-election pressures in 2026, creating incentives to pursue high-impact cases. He notes that bipartisan support for privacy laws has made enforcement a politically low-risk endeavor, with significant public approval. “It’s one of those unique areas where you almost can’t go wrong,” he says, suggesting that regulators view enforcement as a win-win for both accountability and popularity. Bridegan’s insights into state-level enforcement strategies reveal the diversity of priorities across jurisdictions. While Texas focuses on specific areas like data broker regulations and large-scale corporate violations, other states such as Connecticut and Oregon adopt a more reactive approach, following up on every complaint they receive. However, Bridegan clarifies that resource constraints make it impractical for all states to adopt such a model. Instead, he highlights the importance of understanding regional enforcement trends. For instance, states with robust consumer protection frameworks may prioritize cases involving children’s privacy or social media practices. Companies operating in multiple jurisdictions must therefore tailor their compliance efforts to align with the specific priorities of each state’s AG office. To minimize regulatory scrutiny, Bridegan advises companies to proactively engage with regulators, particularly when launching products or services in high-risk areas. He stresses the importance of updating privacy policies, addressing obvious vulnerabilities, and avoiding overly defensive or evasive responses. “Don’t get cagey; it just makes them dig deeper,” he warns, emphasizing that transparency is key to building trust. This advice extends beyond mere compliance with legal standards; it involves anticipating regulatory concerns and addressing them before they escalate into formal investigations. For example, companies developing products with significant data collection capabilities should initiate dialogue with regulators early in the development process. Such proactive engagement can preempt potential conflicts and demonstrate a commitment to responsible data practices. Bridegan also addresses the challenge of balancing legal compliance with business operations. He acknowledges that companies must navigate complex regulatory landscapes while pursuing innovation and growth. However, he argues that compliance should not be viewed as a burden but as an integral part of product development and marketing strategies. For instance, firms operating in sectors like children’s privacy or social media must implement heightened safeguards to mitigate risks. This includes conducting thorough data protection impact assessments and ensuring that privacy policies are both legally sound and user-friendly. Bridegan emphasizes that waiting for regulatory action to prompt changes is a reactive approach that can lead to costly delays and reputational damage. Instead, he advocates for internal risk assessments and the integration of compliance considerations into business decisions from the outset. The article also touches on broader trends in state-level privacy enforcement, including the growing emphasis on data broker regulations and the expansion of consumer rights. Texas’s TDPSA, which grants consumers greater control over their personal data, has set a precedent for other states to follow. Bridegan notes that this trend reflects a shift toward more comprehensive privacy frameworks, which in turn increases the complexity of compliance for businesses. Companies must now contend with a patchwork of state laws, each with its own requirements and enforcement mechanisms. This fragmentation underscores the need for flexible compliance strategies that can adapt to evolving legal standards. In addition to regulatory considerations, Bridegan highlights the importance of corporate culture in fostering compliance. He argues that a proactive approach to privacy and data protection requires internal commitment, starting with leadership and extending to all levels of an organization. This includes investing in employee training, establishing clear accountability structures, and fostering a culture of transparency. By embedding compliance into the organizational DNA, companies can reduce the likelihood of regulatory breaches and build long-term trust with consumers. The interview concludes with reflections on the future of privacy enforcement, particularly in the context of emerging technologies. Bridegan acknowledges that advancements in artificial intelligence (AI) and other data-driven innovations will continue to challenge existing regulatory frameworks. However, he remains optimistic that collaboration between regulators and industry stakeholders can lead to effective solutions. This includes ongoing dialogue about the ethical implications of new technologies and the development of guidelines that balance innovation with consumer protection. Overall, Bridegan’s insights underscore the dynamic nature of privacy regulation and the importance of adaptability for companies operating in this space. His experience as a former regulator provides a unique perspective on the motivations and priorities of enforcement agencies, offering practical advice for navigating the complex interplay between compliance, business strategy, and public accountability. As privacy laws continue to evolve, his emphasis on transparency, proactive engagement, and cultural commitment to compliance serves as a valuable guide for organizations seeking to minimize regulatory risks while fostering trust with their audiences. |