The 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit brought together regulators, industry leaders and experts in Washington, D.C. on April 23-24 to address emerging global trends in data privacy and Artificial Intelligence governance. Key discussions emphasized the increasing coordination among regulators from the European Union, United Kingdom and United States. Notable collaborative efforts highlighted included the U.K.´s Digital Regulation Cooperation Forum, Germany´s Digital Cluster Bonn, and the newly established U.S. Consortium of Privacy Regulators. Despite continuing fragmentation in regulatory approaches, participants noted a marked rise in cross-jurisdiction information sharing and alignment on enforcement priorities.
U.S. state regulators from California, Colorado, Connecticut and Oregon outlined their sharper focus on establishing enforcement precedents, ensuring universal opt-out mechanisms are honored, and the importance of clear, regulator-ready documentation. The California Privacy Protection Agency (CPPA) made clear that overreliance on compliance vendors does not absolve businesses from accountability. Organizations were advised to monitor regulatory advisories and ensure their responses to investigative inquiries are comprehensive to avoid increased scrutiny. Clear privacy notices and unified assessments across different regimes, such as through a Digital Data Impact Assessment, were identified as mitigation strategies against compliance risks.
European and U.K. regulators discussed ongoing Artificial Intelligence legal and regulatory developments, including updates on the EU AI Act and the decision in the U.K. to pursue an AI code of conduct instead of immediate legislation. Regulatory guidance on ad-tech models such as ‘pay or consent’ was debated, with the European Data Protection Board maintaining it does not offer a valid choice to consumers, while the U.K. Information Commissioner´s Office indicated some potential for validity depending on context. In the Asia-Pacific region, recent and anticipated legislative reforms in Australia and Japan signaled heightened enforcement and the importance of tailoring compliance efforts to local law.
A major announcement involved a formal cooperation agreement between the CPPA and U.K. Information Commissioner´s Office, expanding joint research and enforcement collaboration and reflecting a trend toward global harmonization in privacy enforcement. Organizations were urged to update compliance frameworks, embrace proactive regulatory interaction, develop agile data risk management processes, and align Artificial Intelligence governance strategies with evolving codes of conduct and legal expectations. These developments underscore the importance of preparedness, cross-border legal clarity, and ongoing engagement with regulatory bodies in a rapidly changing privacy and technology landscape.
