This week, "A view from Brussels" is brought to you from Washington, D.C., as the IAPP hosted its annual Global Privacy Summit 2023. The GPS feeling started Sunday as the plane leaving Brussels for D.C. was full of the who-is-who of European privacy, from EDPS Wojciech Wiewiórowski to the European Commission's Bruno Gencarelli and fellow IAPP members. Summit formally opened with a keynote panel featuring CDT's president Alexandra Reeve Givens and comedian Trevor Noah. They discussed Noah's childhood as a multiracial kid in segregated South Africa and the bearing of surveillance regimes on people's lives, development, and relationship to privacy. 

The main stage also hosted Danielle Citron, who discussed the notion of intimate privacy and the exponential growth of sextortion and others trading on people's most intimate moments and features. She made a compelling case for intimate privacy to be recognized as a moral and civil right. Nina Schick then took us on a journey through generative artificial intelligence, demonstrating how this content-maker "turbo engine" is already very pervasive across our online world. She predicts that 90% of online content may be AI-generated by 2025 (and she has been right before). "We have the power and responsibility to decide how generative AI shapes our society," she concluded. IAPP President and CEO J. Trevor Hughes, CIPP,  hosted Citron and Schick for a pre-Summit LinkedIn Live discussion.

There have been many highlights over the last few days. I had the pleasure of hosting a conversation with EDPB chairwoman Andrea Jelinek as she nears the end of her five-year term. The EDPB was a creation of the EU General Data Protection Regulation in 2016. It has been quite a journey for both the Board and the Secretariat. Paraphrasing the Secretariat's number two, Gwendal Le Grand, one is still a kid at four years old. Still, that kid has done a lot of foundational work for whoever the next chairperson will be.

Candidates should submit their application by 26 April, and the chair will be elected 25 May. At that point, Jelinek's mandate will end, though she will remain chair of the Austria authority until the end of the year. There is a bit of speculation as to who might throw their hat in the game for this role, allegedly an influential one in Europe and global privacy conversations. Jelinek would not place any bets, of course, but reflected on what had helped her do the job and being the head of a supervisory authority allowed her to keep a foot on the ground and the reality of fieldwork.

Jelinek will leave a legacy that she wanted to be built on trust among data protection authorities, among their staff and with the Secretariat, which is helping run the Board day in and day out. Her mandate can be illustrated in numbers: more than 40 guidelines adopted, more than 2,700 cross-border cases investigated and about 700 decisions, eight (soon nine) decisions from the dispute resolution mechanism, i.e., less than 1.5% of EDPB's decisions had to go through the Article 65 procedure. She also discussed the many activities the Board has carried out or is currently working on:

  • The DPO coordinated enforcement action: "The 80,000 IAPP members are crucial to the functioning of the global privacy system."
  • AI governance: organizations need technologists, managers and lawyers on their teams to be able to find a common language.

I am only highlighting a couple here, but you know the IAPP has its pulse on these and other developments. Our team has been reporting throughout Summit, so check out our newsletters and website for more information and see you next year to be part of something even bigger.