It is that time of year again. The rain has arrived, autumn-colored leaves are falling from the trees and privacy pros took over the Square conference center in central Brussels for the IAPP's 12th Europe Data Protection Congress. This week, the European capital hosted nearly 3,000 practitioners, regulators, policymakers, academics and researchers for the biggest European gathering of privacy and data protection minds.

The IAPP Congress had its best and most comprehensive line-up of European officials to date. Addressing the closing general session, EU Justice Commissioner Didier Reynders (who currently also holds responsibility for the competition portfolio) restated, that in light of the many EU digital policies being implemented, the General Data Protection Regulation remains the cornerstone of the European legal framework for personal data processing.

While data protection authorities may be the designated supervision and enforcement agencies for that framework, it will be incumbent on member states to ensure proper cooperation at the national level among the various agencies that may otherwise be involved. Reynders also announced the European Commission will organize a global conference next year, inviting other jurisdictions around the world that have adequacy capabilities to advance global collaboration. According to IAPP research, 74 jurisdictions vest powers in either a data privacy regulator or government authority to designate other jurisdictions as having "adequate" data privacy standards. 

During Congress, European Commission representation ranged across DG Justice (with speakers on data transfers, GDPR review, the new landscape of EU data regulations, online advertising and the legislative proposal on procedural harmonization of cross-border enforcement), DG Connect on reconciling competing interests between privacy and other policy objectives, DG Home Affairs (addressing data access by and for law enforcement including under the new e-evidence legislation) and DG Competition on navigating antitrust and privacy intersection.

The European Parliament was also well represented, with an expected emphasis on AI governance and negotiations of the AI Act with its two co-rapporteurs, Dragoș Tudorache and Brando Benifei, conveying that negotiations are reaching a pivotal moment on 6 Dec. as one of the last opportunities this year to reach consensus on the draft legislation. MEP Bart Groothuis, lead MEP on the update of the EU's primary cybersecurity directive, discussed the European cyber strategy and its implications for privacy. Children's online safety was also discussed with MEP Paul Tang, who is active on the proposal to fight child sexual abuse material, which is progressing slowly.

Regulators were also in attendance, with speakers representing Belgium, Finland, Germany, Ireland, Italy, Morocco, Norway and the U.K. I had the pleasure of interviewing Anu Talus, the chair of the European Data Protection Board, who was elected in May for a five-year mandate. The Finn explained that she will build on the existing priorities of the board but is crafting her own strategy that will be released in early 2024. Check our team's reporting on the ground on all of the above in these columns.

Next stops: the Data Protection Intensive: UK in London in February 2024 and the Global Privacy Summit in Washington, D.C. in April. Programming is underway for both events, but registration is already open.