Google's recently departed, and only, Chief Privacy Officer Keith Enright said the industry cannot afford to be inflexible as it reaches an inflection point around evolving artificial intelligence technology and increased digital regulation.
Enright, who shut his Google Chromebook "for the last time" just a few days ago, told attendees at the IAPP Privacy. Security. Risk. 2024 conference in Los Angeles, California that he had presided over the company's privacy team during some of its most pivotal moments, including when it was under the U.S. Federal Trade Commission's scrutiny and during the right to be forgotten court case in the EU. But he said the role of privacy and data leaders will have to change as they lead their organizations through the risks and opportunities associated with AI.
"It's clear that AI isn't just a logical successor" to privacy, Enright said.
"The velocity of change is far, far greater and the scale of potential disruption is almost impossible to overstate, but privacy isn't going away as a result of any of this nor is its criticality as a strategic priority for business," he said.
Enright said privacy officers face increasingly complex legal challenges around the world, with regulators more empowered to make policy changes and impose violations on corporations to bring them into compliance. He anticipate the data and privacy industry will see more enforcement efforts in the next two to three years than ever before.
"But even with that, from an organizational perspective, focusing on privacy and isolation is increasingly impractical as the risk landscape becomes increasingly complex," he said.
Enright's comments came as it was announced he will join law firm Gibson, Dunn & Crutcher as a partner. He will co-chair its tech and innovation industry group. He is the most recent technology veteran to join the firm alongside Apple's former CPO Jane Horvath and Meta's former deputy general counsel Ashlie Beringer. His departure — and lack of an announced replacement so far — made privacy advocates worry about Google's plans for AI safety going forward, Politico reported.
Other privacy leaders also see a need for evolving skills. In an ideal world, those tackling AI and privacy would be multistakeholder groups with varying professional and educational backgrounds, said Harvey Jang, AIGP, CIPP/E, CIPP/US, CIPT, FIP, the vice president, deputy general counsel and CPO of Cisco Systems.
But alongside the traditional data and privacy skills is a critical need to understand the geopolitical and economic forces that shape policy, he said, pointing to the European Commission's data strategies and recent regulatory efforts such as the Data Act as a examples of "economic protectionism."
"They're looking at the fact that they don't have data, and data is what's going to fuel the world's economy and the recognition that the EU didn't have enough of it," he said. "So they're passing laws that are interfering with commercial relationships to bring more data back onto EU soil and in the hands of EU entities."
Those evolving rules can make the job more complex. GE Healthcare Chief Privacy and Data Trust Officer Lara Liss, CIPP/US, said that complexity means staying flexible as individual data localization policies pop up, making a singular, global privacy program impractical.
"I think you do have to have that flexibility to respond to these new laws that are popping up where needed to be able to meet the needs of the business on the ground to continue to sell products and services," she said.
The IAPP's Organizational Digital Governance Report 2024 found CPOs are increasingly having to take on new skills to respond to AI and cybersecurity risks and regulatory actions. More than 80% of privacy teams now do work in those fields, the report found. Some organizations find it difficult to nail down digital governance strategies because there are so many subjects to consider.
Nubiaa Shabaka, Adobe vice president and chief cybersecurity legal and privacy officer, said AI will not replace those professionals but the ability to use the technology effectively will help them rise to the top of their field. She argued employees with differing skills should come together to solve digital governance questions as a group rather than working in silos.
"I think that the future will continue to have this kind of cross-functional data governance strategy, because I cannot imagine just one specific core group being responsible for all of these areas," she said.
Caitlin Andrews is a staff writer covering AI for the IAPP.
