FPF at the 2023 IAPP Global Privacy Summit

Earlier this month, IAPP held its annual Global Privacy Summit (GPS) in Washington, DC. FPF played a major role in bringing together a team of seven renowned privacy experts on 11 panel discussions and varying peer-to-peer roundtables ranging from U.S. privacy law to AI tech and regulation to regional contractual frameworks for data transfers. FPF remained active through these expert discussions and engaged with FPF members at networking events and meetings, as well as at our expo booth during the three-day conference.

Most notably, our CEO Jules Polonetsky was the recipient of the 2023 IAPP Leadership Award, given to individuals who “demonstrate an ongoing commitment to furthering privacy policy, promoting recognition of privacy issues, and advancing the growth and visibility of the profession.” Jules has served as FPF’s CEO for the last 15 years.

“The Privacy Leadership Award is an incredible recognition, I am honored. I thank the team at IAPP for the award and my staff at FPF, who continue serving as global privacy leaders and publishing influential scholarship that is imperative to advancing privacy safeguards, protections, and policy.”

Jules Polonetsky, CEO, FPF

On the first day of the conference, FPF, in partnership with GW Law, hosted a reception featuring Chairperson Haksoo Ko of the Personal Information Protection Commission (PIPC) to welcome privacy professionals to Washington, D.C. In a packed room, Jules offered opening remarks and Chairperson Ko a keynote address to guests.

U.S. Privacy Law at a Crossroads: The Past, Present and Future

In an engaging conversation, FPF CEO Jules Polonetsky was joined alongside an expert panel of speakers, including Elliot Golding (Partner, McDermott Will & Emery), Alastair Mactaggart (Board Member, California Privacy Protection Agency; Board Chair, Founder, Californians for Consumer Privacy), and Lydia de la Torre (Board Member, California Privacy Protection Agency; Partner, Golden Data Law). GPS attendees heard the panel discuss relevant issues such as U.S. employment laws and data, state legislation from California and Utah (notably Utah’s social media bill), children’s privacy, and more.

“We need to get legislation done in the responsible ways that California did; otherwise we lean towards a poorer direction”

Jules Polonetsky, CEO, FPF

What Are the Long-term Implications of the Trans-Atlantic Data Privacy Framework

Former FPF Senior Counsel Sebastião Barros Vale discussed the long-term implications of the Trans-Atlantic Data Privacy Framework (TADPF) alongside experts Paul Breitbarth (Senior Fellow, Maastricht University Faculty of Law; Data Protection Lead, Catawiki), Caitlin Fennessy (Vice President & Chief Knowledge Officer, IAPP), and Alexander Joel (Tech, Law & Security Program, American University Washington College of Law). In this discussion, they touched on how the TADPF is an important chapter in the ongoing story of trans-Atlantic data flows, why privacy professionals should seek to enhance mutual understanding among governments, companies, and the public to help lay the groundwork for potential solutions, and more. View the presentation.

Great Expectations: Will the EU’s Data Strategy Laws Change the Digital World?

This panel moderated by FPF VP for Global Privacy Dr. Gabriela Zanfir-Fortuna, discussed the state of play in Brussels with regard to the EU’s new generation of data laws such as the DMA, DSA, DGA, Data Act, and the AI Act. She was joined by renowned global experts Brando Benifei (Member of the European Parliament, co-Rapporteur of the AI Act), Irene Roche Laguna (Deputy Head of Unit, Digital Services, European Commission), and Wojciech Wiewiórowski (European Data Protection Supervisor). 

Attendees learned how the GDPR interacts with the EU’s new generation of data laws and how these data laws coming from Brussels may impact jurisdictions around the world.

“Law is as good as its enforcement is”

Dr. Gabriela Zanfir-Fortuna, VP for Global Privacy, FPF

Oh, the Places We Might Go: U.S. Privacy Law and Regulation

In this standing-room-only, Dr. Seuss-themed panel, FPF Senior Counsel Tatiana Rice discussed the Washington, D.C. data privacy and security landscape as it relates to significant movement in privacy in 2022 and assessing developments from the FTC, Congress, the White House, the Supreme Court, and more. Tatiana was joined by D.C. privacy experts Brandon Pugh (Director and Senior Fellow, R Street Institute, Cyber and Emerging Threats Team), Divya Sridhar, Ph.D., (Director of Privacy Initiatives, BBB National Programs), and Cobun Zweifel-Keegan (Managing Director, D.C., IAPP). 

The panel explored data minimization, a principle likely to appear in state and federal law and regulations, as well as federal agency action and enforcement trends. Notably, speakers discussed protecting vulnerable populations, specifically kids and teens, as attendees heard discussion surrounding age-appropriate design codes. View the presentation here.

The Tip of the AI Iceberg: Views on Bias, Digital Discrimination & Data Rights

On day three, attendees joined an early-morning panel with FPF Senior Policy Counsel Bertram Lee as he discussed views on bias, digital discrimination, and data rights with moderator Anupam Chander (Scott K. Ginsburg Professor of Law and Technology, Georgetown Law), Yvette Badu-Nimako (Interim Executive Director, VP, Policy, National Urban League, Washington Bureau), Travis Hall (Acting Deputy Associate Administrator, National Telecommunications and Information Administration), and Ben Winters (Senior Counsel, Electronic Privacy Information Center (EPIC)). 

Attendees heard Bertram and the expert panel explore AI systems’ risks to privacy, biases and discriminatory outcomes of algorithms, and responsible AI systems, bringing a local D.C. angle to the conversation by discussing how District housing authorities and law enforcement utilize AI systems in their work that is inherently biased and harmful to underserved areas of the city.

“I believe that AI will change the world for the better, but that doesn’t mean that it shouldn’t be accountable to the many communities, and particularly underserved communities, that are impacting their lives. It’s important for us to think about that in the privacy community – how do we mitigate those harms? How do we design responsibly to offset those harms?”

Bertram Lee, Senior Policy Counsel, FPF

Preparing for the Next Generation of AI Tech and Regulation as Privacy Pros

In FPF Senior Policy Counsel Bertram Lee’s second panel of the day, he was joined by Nia Castelly (Co-Founder, Legal Lead, Google), Che Chang (Deputy General Counsel, OpenAI), and Filippo Raso (Senior Associate, Hogan Lovells). In another standing-room-only session, Bertram and the panelists discussed the latest on AI research and development, recent developments on AI commercialization, AI regulatory policy developments, and implementing AI governance.

“AI regulation is not going anywhere. It’s only here to stay”

Bertram Lee, Senior Policy Counsel, FPF

Not-so-standard Contractual Clauses: Comparing Global Data Transfer Tools

An engaging discussion moderated by FPF Senior Counsel for Global Privacy Lee Matheson on trans-border data flows took place on day three of the conference. Lee was joined by Mariano Peruzzotti (Partner, Ojam Bullrich Flanzbaum), Isabelle Vereecken (Head of Secretariat, European Data Protection Board), and Yeong Zee Kin (Deputy Commissioner, Personal Data Protection Commission of Singapore). This global panel covered three different model regional contractual frameworks for data transfers, the Ibero-American model clauses, Association of Southeast Asian Nations (ASEAN) MCCs and other SEA national rules, and the EU’s SCCs. 

When asked by an attendee about “the best scenario for what can be achieved in a dialogue between the EU and other regions,” the panelists offered differing perspectives. There may never be “one set of clauses to rule them all” because of cultural and legal differences, but the dialogue reveals that, at least in some ways, data protection principles related to transfers are moving towards convergence. There can be valid discussions about interoperability for different regional sets without having to agree on one set that will apply everywhere. View a recording of the session here.

A Conversation with the U.S. Ambassador for Cyberspace and Digital Policy

To close off this exciting conference, FPF CEO Jules Polonetsky sat down with Ambassador Nathaniel Fick, U.S. Ambassador for Cyberspace and Digital Policy, in a conversation highlighting several topics, including U.S. digital policy priorities globally, AI systems’ risks to privacy, biases and discriminatory outcomes of algorithms, responsible AI systems, and more.

“Data protection is increasingly becoming the law of everything.”

Jules Polonetsky, CEO, FPF

We hope you enjoyed this year’s IAPP Global Privacy Summit as much as we did! If you missed us at our booth, visit FPF.org for all our reports, publications, and infographics. Follow us on Twitter, LinkedIn, and subscribe to our newsletter for the latest.