IAPP Global Privacy Summit 2024

Your roundtable recap from MLex

As regulators, in-house lawyers, academics and technologists gathered in Washington, DC, for the 2024 edition of the IAPP’s Global Privacy Summit, the MLex team was out in force, reporting from key events on the future of regulation across AI, privacy-enhancing technologies, US state privacy, child privacy, healthcare privacy and more.

Tune in now to hear this year's standout themes from our journalists around the globe—plus our conversation with Australia's newly appointed privacy commissioner Carly Kind, speaking to MLex on the conference sidelines in her first major press interview.

The sideline interviews

Our journalists seized the opportunity to speak one-on-one with national enforcers from the EU, the US, the UK, Australia, South Korea, Singapore and beyond.

Keep scrolling for a selection of highlights, or activate your instant free trial now for full access to MLex interviews and insights from this event.

IAPP's new AI thought leader says human element needed for system governance

Mike Swift: Ashley Casovan, named late last year as the first managing director of the International Association of Privacy Professionals' newly created AI Governance Center, had an important insight when she was leading Canada's development of the world’s first national government policy for responsible AI — that it's critical to have a human element in overseeing those systems.

New Australian privacy chief hopes to become a more visible and active face of data protection

Mike Swift and James Panichi: Carly Kind, who recently assumed her role as the first stand-alone Privacy Commissioner since 2015 within the Office of the Australian Information Commissioner, told MLex in an interview today that she will bring a human rights focus to the job and that she hopes to raise the visibility of the OAIC. “I hope that it means that for the Australian public, they can have a very visible face and name to put to privacy issues,” Kind said.

EU companies need to boost investment to tackle cybersecurity threat, Enisa head says

Matthew Newman: European companies need to invest more to tackle cybersecurity threats, the head of the EU's cybersecurity agency said in an interview with MLex. Juhan Lepassaar said that the "threat landscape" from cyberattacks has evolved rapidly in the past three years, and he's concerned that private companies aren't increasing their cybersecurity budgets.

EU privacy authorities best suited to enforce AI Act, European Data Protection Board chief says

Matthew Newman: European data protection authorities are best placed to enforce the EU's Artificial Intelligence Act, the chair of the European Data Protection Board said today. Under the AI Act, EU governments are free to choose which authority should enforce the legislation, which will take effect in the next few months after it's published in the EU's Official Journal.

Online advertising to be targeted in UK as data watchdog vows to tackle ‘broken’ system

Sam Clark: Reforming the “broken” online advertising system will be a top priority for the UK’s data protection watchdog, the head of the regulator told MLex today. John Edwards said in an interview that changing the ecosystem — which funds much of the modern Internet — will be challenging, but that his office plans to “do what we can.”

Italian ChatGPT investigation likely to close by summer, regulator says

Sam Clark: OpenAI can expect Italian data protection enforcement relating to its ChatGPT service to be complete by the summer, according to a senior figure at the regulator. Guido Scorza, a board member at the Italian data protection authority, told MLex that his watchdog is waiting for a taskforce established by the European Data Protection Board to establish a common position on ChatGPT before finalizing its decision.

Decision against EU Commission's use of Microsoft 365 attracts attention from EU privacy watchdogs

Matthew Newman: A decision by the EU institutions' data protection watchdog that the European Commission must suspend its use of Microsoft's cloud-based service, Microsoft 365, has attracted the attention of some of the bloc's data protection authorities. An EDPB report on the use of cloud-based services by the public sector said there is a "need for public bodies to act in full compliance with the GDPR when using cloud-based products or services."

Meta’s pay-or-consent model keeps users ‘prisoner,’ German data watchdog argues

Sam Clark: Meta's pay-or-consent model keeps users "prisoner," German data protection chief Ulrich Kelber said in an interview with MLex. He says that Meta continues to collect data on paying users, and then use that same data for ad targeting if they stop paying. Meta disputed Kelber’s characterization of its services and stressed that the model was built to give people control.

South Korea's top privacy commissioner promotes a proactive yet flexible AI regulatory approach

Jenny Lee and Mike Swift: When it comes to regulating artificial intelligence, South Korea is focusing on minimizing risks to personal data while still giving companies flexibility in addressing potential issues, according to South Korea's top privacy commissioner.

Singapore turns to existing sectoral laws in addressing AI risks

Xu Yuan and Jet Damazo-Santos: While other countries rush to draft laws and regulations for artificial intelligence, Singapore prefers to see how much it can rely on existing laws first to address key risks, a senior privacy official said.

For full access to MLex reporting from this event, activate your instant free trial today.