2 articles
Vendor evaluation
Due diligence checklists for picking an AI provider — what to ask, what to compare, and what to refuse to sign.
AI Privacy
When you call OpenAI, who actually processes your data? The AI sub-processor cascade
A trace-walk of one OpenAI API call through every entity in the cascade, with the Article 28, CLOUD Act, Article 48, and DMA layers stacked on top.
13 min read
AI Privacy
Otter, Fireflies, Zoom AI Companion: when meeting transcription becomes a confidentiality breach
Four named confidentiality failure modes for AI meeting notetakers, anchored in the Brewer v Otter and Cruz v Fireflies 2025 cases and the EU consent stack.
12 min read