Compliance Without a Compass: Managing Cross-Jurisdictional Privacy and AI Risk

Keith Enright, AIGP, CIPP/G, CIPP/US, Former Chief Privacy Officer, Google; Partner, Gibson, Dunn & Crutcher
Emily Hancock, CIPP/E, CIPM, Vice President, Chief Privacy Officer, Cloudflare
Simon McDougall, AIGP, CIPP/E, CIPM, CIPT, Chief Strategist, Privacy and AI, ZoomInfo
Michael Spadea, CIPP/US, Senior Managing Director, U.S Practice Lead Info Gov, Privacy, and Security, FTI Consulting

This session explores practical strategies for navigating transatlantic regulatory tension. With U.S. regulatory priorities in flux and enforcement activity shifting, companies —particularly those headquartered in the U.S. — face increasing uncertainty about how to manage privacy, AI, and cybersecurity compliance. Federal agencies are rolling back guidance and signaling deregulatory intentions, while state attorneys general pursue aggressive enforcement in areas like data sales, location tracking, and biometric data use. In contrast, the European Union is intensifying its regulatory posture. This divergence creates a strategic and operational challenge for privacy and compliance leaders tasked with managing risk, ensuring legal alignment, and maintaining trust across global operations. 

What you will learn:

·       Actionable insights into balancing regulatory rigor in the EU with operational flexibility in the U.S.
·       Effective ways to manage privacy and AI compliance amid U.S. regulatory uncertainty and mitigating risk from state-level enforcement.
·       Guidance in implementing data governance and compliance programs that are resilient to regulatory change and balance cross-border risk.

Sponsored by: FTI Consulting