The IAPP will gather a community of more than 5,000 privacy professionals next week in Washington for its Global Privacy Summit 2023. The program is action packed, reflecting the number of issues, challenges and opportunities all streams of the privacy profession come across daily.

A few IAPP colleagues and I were brainstorming top-of-mind issues that might be discussed on stage and in the hallways of the conference center. Unsurprisingly, the hard part was not agreeing on those top issues but limiting our list to five so it would not be overwhelming. We managed to limit it to six (and we cheated a bit by using broad categories), giving you just a glimpse here.

Some hot topics are intrinsically linked to the evolving nature of the profession. Many functions – privacy managers, privacy engineers, data protection officers, chief privacy officers and others – have to modernize, evolve and adapt to an ever-evolving technological, business, cultural and legislative landscape. One area that might illustrate this in Europe is the European Data Protection Board enforcement focus on the designation and role of the data protection officer, as this will confront whether the role designed by the EU General Data Protection Regulation 10 years ago has been future-proofed enough to accommodate the emergence and evolution of this particular role.

Another pack of issues we landed on relates to the expanding risks of lawsuits and enforcement in certain regions and domains. Contextualized for Europe, this relates to feedback from IAPP members about the escalation of data subject access requests in particular and their growing "weaponization" either by employees (former, current, and often disgruntled) or by external groups. When networking with peers, one might also hear a lot about the need to adapt to new technologies and adjust to new expectations they might trigger from a governance standpoint, among others. Artificial intelligence governance is a recurring theme, and the prospects of AI legislation in several globally influential jurisdictions are accelerating this thinking across the profession.

For a preview of the amazing keynote speakers the IAPP will host at Summit, I encourage you to watch the LinkedIn Live chats that our CEO Trevor Hughes held with two of them: Danielle Citron, distinguished professor of law at the University of Virginia, discusses the notion of intimate privacy and Nina Schick, author and entrepreneur, discusses what the latest developments in artificial intelligence could mean for privacy pros.

A couple of other updates:

The Court of Justice of the European Union will reach several interesting decisions in the coming months. One case concerns the right established by the GDPR not to be subject to a decision based solely on automated processing, including profiling (Case C-634/21). In his opinion of 16 March, CJEU Advocate General Priit Pikamäe took the view that "the automated establishment of a probability concerning the ability of a person to service a loan constitutes profiling under the GDPR."

The court also reached a decision in a case about the livestreaming by videoconference of classes in state school education which raised the questions about the requirement of teachers' consent to participate in the service. The court found the processing of teachers' personal data during the livestreaming of the public educational classes falls under the GDPR and, where the referring court finds national provisions on the processing of personal data in the employment context do not comply with Article 88(1) and (2), it must still verify whether those provisions constitute a legal basis for the processing under Article 6.

Earlier this month, the IAPP released its first Privacy and Consumer Trust Report to shine a light on what consumers around the globe think about privacy and the companies that collect, hold and use their data. Based on a survey of nearly 5,000 consumers from 19 countries, this report analyses consumers' attitudes and behaviors regarding the privacy of their personal data. The report's key takeaways are organized around the six Cs of care, compliance, comprehension, consumer trust, cybersecurity and computer automation. A few insights: globally, only 29% of consumers said it is easy to understand how well a company protects their personal data. According to 64% of consumers, companies that provide clear information about their privacy policies enhance their trust. Meanwhile, 33% of consumers would lose trust in an organization that uses their data to offer them products or services from another organization.