The world's privacy and AI professionals are set to converge on Washington DC for the International Association of Privacy Professional's annual Global Summit. For the first time, “privacy” isn't the summit’s only title descriptor, as IAPP’s mission expands to artificial intelligence. Besides a focus on the privacy and online safety of children, and regulatory concerns around agentic AI, this year's conference will also increasingly focus on how national security has inserted itself into data-protection issues, and whether the free flow of data around the world will be affected by that.
The presence of world figures such as Salman Rushdie and Prince Harry at next week’s IAPP Global Summit 2026 are another sign of the growing societal prominence of data regulation — and not just for privacy. For the first time, “privacy” is not the summit’s only title descriptor, as IAPP’s mission expands to artificial intelligence.If data is the currency of the 21st Century, it's also the primary fuel of the world’s digital economy, and never more so than in the era of generative AI. Like oil, the flow of data can be squeezed in digital straits during times of national conflict and crisis. It can be withheld — even weaponized — for economic advantage or national security demands between nations and states.
As the world’s privacy and AI professionals gather next week at the “IAPP Global Summit 2026: Privacy/AI Governance” in Washington, DC, they will have to confront a newly complicated and charged era of digital governance as privacy, AI, and national security policies rapidly converge around personal data.
During a two-day conference, along with workshops and training the rest of the week, data protection officers, corporate compliance officials, litigators and regulators will discuss how to confirm who is a child and who is an adult online, how agentic AI plays into data security and scores of other data-related topics.
There will even be discussion of arguably the most foundational issue in privacy and AI governance: the definition of "personal data," in this case through the lens of European regulators.
“We really need as organizations to think holistically about these disciplines, because data is the thread that is pulling through all of that,” Bojana Bellamy, president of Hunton Andrews Kurth’s Center for Information Policy Leadership, a think tank, said in an interview.
Reflecting the title change, the annual IAPP summit has been transformed in recent years from in-depth discussions of data protection compliance, often with a primary focus on US and EU privacy laws, to making AI governance an equal presence.
Other emerging issues include growing scrutiny of the use of children’s data to target advertising and, in the view of some critics, to addict them to social media platforms, as the use of social media by youths becomes a growing concern in Australia, Asia, Latin America and Canada — not just in the US and Europe.
New cybersecurity requirements and sophisticated hacking have made security a top concern and the focus of many panels this year. And other regions of the world — India, Africa, Latin America — are increasingly emerging as regulatory power centers, with their own ideas and laws to protect privacy and online safety.
Geopolitics, the war in Iran, and the strained US-EU relationship will be felt at the international gathering. The Trump administration has been critical of the EU’s digital legislation, arguing that it amounts to a tax on US tech companies. The US has also passed rules to stem the flow of data to China, Iran, North Korea and other adversaries.
Data flows, the subject of several panels, are no longer seen as just a privacy issue but are now viewed through the lens of national security and international trade, Joe Jones, director of research and insights at the IAPP, told MLex in an interview.
“We’re familiar with tariff wars,” he said. “Could this be the beginning of the sort of data wars and the sort of weaponization or retaliation associated with where data can flow?”
—New voices—
Jones told MLex in a pre-conference interview that chief privacy officers can no longer view data flows solely from a technical perspective. They are now beholden to government leaders to find solutions to broader geopolitical tensions over tariffs, government access to data, and national security issues, he said.
About 10 panels address cybersecurity, its link to AI, and data protection. They focus on integrating security into broader digital governance by focusing on incident response, evolving AI-driven threats, and the need to align cyber-risk management with privacy, compliance, and enterprise-wide accountability.
Top speakers, starting with Kent Walker, Google’s president of global affairs, will offer a company perspective on AI, data protection, and digital regulation.
One group of new voices are US federal judges, including US District Judge James Boasberg, the chief judge of the federal court for Washington DC. Boasberg, who was pulled into the US national spotlight last year during an immigration confrontation with President Trump, and US District Judge Allison Burroughs of the District of Massachusetts, will discuss privacy and AI issues for the US federal courts.
Other keynote speakers will offer a different perspective on privacy.
Rushdie, author of "The Satanic Verses," will address his experience about privacy being a life-or-death issue, after living under a death threat for 30 years and then being the target of an assassination attempt in 2022.
Prince Harry will add star power. He’ll discuss privacy issues with growing up in the media glare as the son of Princess Diana and King Charles.
Reflecting the increasingly global nature of personal data issues, this year’s summit includes sessions on privacy and AI regulation in Africa and Latin America. On the second panel, regulators from Brazil, Argentina, and Ecuador will discuss the Ibero-American Network of Data Protection Authorities in building cross-border cooperation and the harmonization of data protection standards in Latin America.
— AI Governance —
AI governance has moved to the center of the summit’s discussions, with about one-third of the agenda dedicated to the subject. It’s no longer a niche topic and is now a core pillar alongside traditional privacy topics.
Previous summits dissected the EU AI Act and its compliance challenges. But companies are still struggling with practical issues such as risk classification, documentation, audits and ongoing monitoring. The biggest challenge is “operationalizing” AI requirements.
Another new reality is that conversations on AI and privacy governance that were once focused on the trans-Atlantic relationship have widened. AI governance, as seen at India’s AI Summit last month, has shown four poles emerging: the US, the EU, the Global South — led by India — and China (see here).
Jones said “middle powers” — such as the UK, Canada, Singapore, Japan, and Korea — are seeking to borrow “flavors” of AI governance from leading countries to manage risks, avoid being left behind economically or technologically, and maintain sovereign capabilities.
While the summit features high-level discussions on AI and data governance, it also offers practical advice that privacy professionals can use in their day-to-day work. One session description instructs participants that they will “discover how you can leverage automation and agentic AI to optimize compliance work.”
— EU digital regulation —
An important issue that will be the focus of several panels is the evolution of EU digital rules. The EU is debating how to simplify its flagship rules, including the AI Act, the General Data Protection Regulation, ePrivacy Directive and the Data Act.
These conversations are likely to focus on the European Commission’s proposal for a new definition of "personal data" in the Digital Omnibus, which EU lawmakers are debating after it was proposed last November.
Jones said the proposed definition — which critics say would narrow the scope of GDPR enforcement — will be important for companies offering privacy-enhancing technologies on the IAPP’s vast conference floor at the Walter E. Washington Convention Center.
“This is a threshold issue,” he said. “The scope and definition of personal data or personal information around the world is the gateway to everything else. And in some ways, the broader you make that, the more everything else is relevant, and the tighter you make it, the less relevant everything else is.”
“It's the most fundamental of the fundamental issues of protecting personal data through regulation,” he said.
The commission’s proposal has been strongly contested by the European Data Protection Board — the umbrella group of EU privacy regulators — whose chair, Anu Talus, will speak at the summit. Another speaker, privacy advocate Max Schrems — the honorary chairman of NOYB-European Center for Digital Rights — has called the EU proposal “the biggest attack on Europeans’ digital rights in years.”
— Digital responsibility, minor protection —
Minor protection, age verification and platform responsibility have emerged as important themes, particularly in light of Australia’s new rules banning social media platforms for children under age 16 and recent high-profile hearings in Texas and California involving Meta and Google.
The tech giants’ executives, including Meta Chief Executive Mark Zuckerberg, were pressed on their role in protecting minors from harmful or addictive features (see here).
With verdicts emerging in key trials against Meta, YouTube and other social media companies, a central theme is the rapid emergence of age-assurance requirements globally.
Bellamy said organizations should focus on “accountability 2.0,” meaning they should have integrated programs, risk assessments that cover multiple regimes like privacy, AI and safety, and embed controls, training, and governance throughout the business.
“Accountability does not equal compliance,” she said. “Accountability is the way you, as a company, behave. You embed all these interests and rights into your operational controls.”
“Right now is a chance to double down on accountability, because we are seeing some deregulation trends,” she said.
Please email editors@mlex.com to contact the editorial staff regarding this story, or to submit the names of lawyers and advisers.