On March 29th, 2026, the IAPP Global Summit welcomed us privacy professionals to the floor of Washington, D.C.’s Walter E. Washington Convention Center, with a larger-than-life-size sign spelling out “Summit,” as brightly lit (and as many lightbulbs flashing) as any Hollywood movie premiere. This kind of royal pomp and circumstance felt fitting, given Prince Harry’s arrival as a keynote speaker the following day.
IAPP, or the International Association for Privacy Professionals, has focused on privacy and privacy officers since the organization’s inception in 2000; although this year, we privacy professionals were newly transformed into “Digital Responsibility Professionals.” The term IAPP coined for us in 2026 seemed wholly appropriate, given the Summit’s (almost) complete focus this year on artificial intelligence, what that meant for our roles as privacy pros, and how we were preparing to address this new technology, both for its effects on particularly vulnerable populations and on consumers generally.
The new term seemed to fit in other ways as well: a small group of us who gathered for breakfast on Tuesday morning to talk about our shared experiences agreed that the term “privacy” seemed to be out; instead, “data” was the ultimate keyword these days to getting budget and recognition.
Tied inextricably to “data,” of course, are the machines ingesting such data—and their outputs. Featured speakers, ranging from Prince Harry to author Salman Rushdie to former child actress (and now Movement Genius CEO) Alyson Stoner, reiterated how our mission as privacy professionals not only had evolved, but must evolve in the face of omnipresent AI dependency: from building frameworks aimed at protecting consumer privacy, to ensuring, somehow, that these models’ are designed and function ethically—and not merely using our expertise to draft “responsible AI governance” statements as a catch-all solution.
As FTC Commissioner Mark R. Meador pointed out in his Fireside Chat, with the alarming trend of applications that induce, or intend to induce, “emotional attachment” to “human-like” machines, it seemed not unreasonable for the FTC to prioritize its focus on such applications’ uses of AI.
Beyond emotional attachment, a session titled “Guidelines to Guardrails” investigated a different challenge when designing AI applications: obtaining valid consent in the face of what one speaker called “the bystander problem.” This speaker suggested a Terms of Service disclaimer might do little to satisfy regulators that consent was validly obtained where, for instance, a consumer decides to ask for a summary of emails from her “ten best friends.”
Of course, the Summit also covered perennial challenges to privacy compliance, which continue to evolve with new regulations: data lifecycles and deletion, dark patterns, and cookie categorization and consent. Even in 2026, according to speakers from the “Cookie Deep Dive” session, cookie categorization still warrants manual review: because, one, automated tools don’t always get it right—and two, because business teams may (still) not yet be on the same page as to what constitutes “strictly necessary” under the various privacy regimes. And new alternatives to cookie collection have their challenges, too. Overall, we took the lesson to be: maybe you can’t yet have your cookies and eat them, too—they still require careful review first.
Regardless of where one stands on the topic of our ever-increasing reliance on AI, the 2026 IAPP Global Summit highlighted that privacy as a field continues to be relevant in the age of AI—and its issues hotly debated.
Employee Portal
Apply