Carlos Aguilar Melchor, Chief Scientist – Cybersecurity at SandboxAQ

Privacy Day highlights the importance of safeguarding personal information and advancing secure systems in an increasingly interconnected world. We are seeing organizations across the globe push toward a Zero Trust Architecture (ZTA) strategy, which underscores a shift to “never trust, always verify” principles, enhancing data security and resilience against cyber threats. Simultaneously, the ongoing transition to Post-Quantum Cryptography (PQC) is crucial to future-proofing encryption against the potential risks posed by quantum computing, ensuring privacy and security in the digital age. We are proud to be contributing to these initiatives through cryptography modernisation, and to reflect a proactive approach to evolving privacy challenges.
Morey Haber, Chief Security Advisor at BeyondTrust

As technology advances, questions about data security, usage, and abuse become more pressing, especially with the rise of AI and data analytics. Governments, businesses, and individuals must all play a role in protecting digital identities and ensuring privacy. To protect individuals, governments must draft privacy regulations that can be embedded in the design of products and services. And then governments and the private sector need to work closely together to make sure these regulations can be implemented in practice. But regulations alone won’t suffice – personal responsibility is key. Every unique complex password created, every privacy setting enabled, every analytics setting that is opted out of, and every thoughtful conversation about personal information advances us closer to an online culture rooted in data privacy.
Gerald Beuchelt, Chief Information Security Officer (CISO) at Acronis

While there has undoubtedly been greater consumer awareness around data privacy in recent years, real-world behaviors reveal a persistent gap between awareness and action. All too often, convenience takes precedence over best practices. Surveys consistently show that individuals use weak passwords and reuse them across multiple online platforms, leaving their accounts vulnerable. The recent debate over a potential TikTok ban in the United States underscored this disconnect, with many users largely indifferent to concerns such as this and other apps’ extensive data tracking practices. Similarly, how many of us have connected to public Wi-Fi networks without considering the security risks involved?
Against this backdrop, Data Privacy Day serves as a timely reminder of the need to bridge the gap between awareness and behavior. It underscores the importance of improving cybersecurity tools to make them more accessible and user-friendly while also emphasizing the need for ongoing education to empower consumers to better safeguard their personal information.
Even diligent users face threats that go beyond what they can control individually. Solid endpoint protection is critical in preventing the theft of Personally Identifiable Information (PII) from devices such as laptops and smartphones. Cybercriminals are leveraging sophisticated tools like contact, bank info, and credential stealers to exploit vulnerabilities, making robust security solutions, such as Endpoint Detection and Response (EDR), an essential safeguard.
By fostering a culture of accountability and proactive action, paired with advanced cybersecurity technologies, we can collectively work towards a safer digital environment—one where both awareness and tools work hand in hand to protect personal data.
Edwin Weijdema, Field CTO EMEA & Cybersecurity Lead at Veeam Software

This year, Data Privacy Day seems a little different. With significant cybersecurity regulations coming into force around the world, most notably NIS2 and DORA, it feels like a lot has changed since we marked this day just 12 months ago.
And it has. We’ve seen corporate accountability given increasing weight when it comes to data resilience thanks to NIS2. It’s no longer a case of passing the buck – responsibility ultimately sits with the C-suite. Simultaneously, data resilience is shifting from a ‘cybersecurity requirement’ to a tangible business differentiator. At the moment, breaches and ransomware are still a ‘when’, not an ‘if’ – and I don’t see this changing. As C-suites become ever more aware, they’ll be demanding to see evidence of their organization’s data resilience, from their internal teams and any third-party partners.
“Data Privacy Day is a good chance to reflect on how much can change in a year. After all, organizations can’t rely on markers like this to nudge them on the importance of data resilience – it needs to be a priority 365 days a year.
Emilie Kuijt, DPO at AppsFlyer

In 2025, as technological advancements outpace regulatory frameworks, online privacy has become both a challenge and an opportunity for brands. Consumers are increasingly aware of how their data is used, and companies must adapt to meet these expectations while complying with evolving legislation. Forward-thinking brands are embracing Privacy-Enhancing Technologies to balance innovation with compliance, turning data protection from a burdensome obligation into a value-driven framework rooted in Privacy by Design.
To succeed in this new era, brands must prioritize transparency with clear cookie policies, offer customers genuine choices without coercion, ensure communications are relevant, and delete personal information when it’s no longer needed. Above all, respecting data subject requests and making it easy for customers to control their data is essential. Ignoring these principles—whether through opaque tracking, forced sign-ups, irrelevant marketing, or indefinite data retention—not only erodes trust but also puts brands at significant risk. Privacy is no longer just a regulatory box to check; it’s the cornerstone of building trust and creating lasting customer relationships.
Sascha Giese, Global Technical Evangelist – Observability at SolarWinds

“I have nothing to hide,” they say, and accept all kinds of intrusion into their digital life and beyond. Guess what, even if there’s nothing to hide, privacy is a right we fought hard for, should insist on, and defend when required. No one needs to become paranoid, but we should pay attention to what information we provide voluntarily, and if it’s really necessary to provide all intel that some web portals ask for. Maybe think of spending your personal information the same way you spend your money. Surely, you have heard “data is the new gold,” too. Just some food for thought this Data Privacy Day…
Pedram Amini, Chief Scientist at OPSWAT
Large Language Model (LLM) solutions are rapidly interweaving themselves into the fabric of our daily lives. They are listening in on our conversations, watching our video feeds, summarizing our emails, and even writing our program code. This emerging norm creates new complexities that we must navigate. Where is our data going? Who, or what, governs its use? There’s been an explosion of new products built around cloud-hosted language models; could our private information be found in the next release?
It’s hard to believe, but most of the world’s Internet scrapeable data has already been harvested by the frontier model creators. The pressure to acquire novel data to ensure continuous model iteration has already created documented cases of data violations. For example, copyrighted works appear in OpenAI’s ChatGPT and Google’s Bard. The lack of dataset transparency adds to the current nebulousness of the situation and leaves ample room for improvement.
Fortunately, there have been major enhancements in the release of open models. The latest model released from DeepSeek is measurably comparable to the abilities of OpenAI’s flagship offering. By matching the output quality of the closed models, it’s safe to predict that we will see decentralizing away from the major cloud-hosted LLMs which carry a data privacy boost.
In today’s GenAI-driven world, data privacy is no longer just a regulatory issue, it’s a personal and ethical imperative. By questioning the systems we rely on, and pushing for and implementing robust privacy practices, we can achieve a balance where progress respects personal rights. Privacy isn’t just a policy, it’s a principle. A principle that, when upheld, ensures innovation moves forward without compromising the trust and security we all deserve.