Even as the U.S. capital celebrates the return of cherry blossoms, flags have dropped to half-staff to mark the death of Madeleine Albright. Reflecting on Albright’s inspirational diplomatic career, one can’t help but wonder which lapel pin she would have chosen to wear to a Privacy Shield negotiation. The internet is also mourning the loss of the creator of the GIF, Stephen Wilhite (as The Verge reminds us, it’s pronounced "jif"). Meanwhile, technology policy nerds comfort ourselves by creating March Madness-inspired brackets to determine everything from the best privacy movie, to the most prophetic work of speculative fiction, to the most misunderstood legal concept. Here's what’s happened since the last roundup:

• Top-level U.S.-EU agreement paved the way for a renewed Privacy Shield. After months of intense negotiations, U.S. President Biden and EU President von der Leyen announced an agreement in principle on trans-Atlantic data flows. Full analysis here. 
• The FTC reminded us we can’t have data security without privacy. In a draft settlement with the operators of CafePress.com related to multiple data breaches, the Federal Trade Commission included charges about insufficient privacy practices: incomplete data deletion, data uses exceeding stated purpose limitations, and data stored indefinitely ‘without a business need.’ Coincidentally, the IAPP is hosting a webinar about data retention on March 29.
• NIST announced two updates to its work on AI bias. In a revised special publication, the National Institute of Standards and Technology recommended “widening the scope” of the search for sources of algorithmic bias “beyond the machine learning processes and data used to train AI software to the broader societal factors that influence how technology is developed.” At the same time, NIST published an initial draft of its AI Risk Management Framework, with comments requested through April 29.
• State privacy regulators welcomed “thoughts and concerns” from privacy professionals. The Colorado attorney general is seeking informal comments along a broad range of issues related to the implementation of the CPA. Meanwhile, the California Privacy Protection Agency posted a form to request to speak at “stakeholder sessions” to be scheduled later.
• Can you un-ring an algorithm? Protocol published a follow-up article on the FTC’s new remedy of algorithm disgorgement, predicting that it "could get very messy."
• Privacy leaders on the move.
• Boston University School of Law announced the appointment of professor Woodrow Hartzog to its faculty. It’s a good opportunity to re-watch his keynote reflections problematizing the notion of "control."
• In a heartfelt LinkedIn post, Amelia Vance announced her departure from the Future of Privacy Forum, where she led the Youth and Education program, to focus on ‘hands-on work’ as an independent consultant.

Upcoming happenings:

• March 29-30, the California Privacy Protection Agency will host pre-rulemaking informational sessions.
• March 29-31, NIST will host its second virtual workshop on the AI Risk Management Framework.
• March 29 at 2 p.m. EDT, TeachPrivacy will host a webinar on Privacy Legislation: How to Create Effective Privacy Laws.
• March 30 at 11 a.m. EDT, IAPP will host a webinar on Building a Privacy Risk Framework for Accountability Through PIAs.
• March 31 at 1 p.m. EDT, IAPP will host a webinar on the State of CCPA: A Look Back to Prepare for What's to Come.

Please send feedback, updates and your favorite GIFs to cobun@iapp.org.