Summit Law Blog

From April 22-24, I attended IAPP’s Global Privacy Summit (“IAPP GPS25”) in Washington D.C. Celebrating its 25th year, IAPP is a “policy neutral, not-for-profit professional home for privacy, AI governance and digital responsibility globally.”[1] IAPP GPS25 brought together thousands of privacy, security, and AI professionals from across the globe to discuss their challenges and concerns in the rapidly evolving fields of privacy and AI.

This year, I wanted to understand the current concerns of in-house counsel better. In case you missed IAPP GPS25, here are my high-level takeaways:

Concern #1: Is Federal Regulation Likely

One of the biggest questions facing in-house counsel is whether the United States will enact comprehensive federal legislation regulating privacy or AI. The patchwork of state privacy laws continues to escalate in complexity. 2025 began with a new wave of state privacy laws that took effect. Some states with existing privacy laws are considering amendments. Nearly all states have proposed or enacted at least one AI-related law.

Takeaway:

While many would love to see a unified federal framework, the overall consensus is that federal legislation remains unlikely.

Concern #2: How to Navigate Regulatory Enforcement

Regulatory enforcement continues to be a big area of concern for in-house counsel. There is growing uncertainty over how federal regulatory enforcement priorities will change and evolve following the change in administration. On the state level, attorneys general are becoming more active in enforcing their states’ privacy laws. Internationally, many are keeping a keen eye on how the EU AI Act will be enforced as many requirements begin to take effect this year.

Takeaway:

The regulatory landscape continues to shift rapidly. While it is important to keep up with the regulatory changes, it is even more important to stay apprised of enforcement decisions to understand better how laws will be interpreted and what regulators prioritize.

Concern #3: How to Keep Up With AI

Across nearly all organizations, AI has become an overwhelming concern for in-house counsel, both for product development and organizational efficiency. In-house counsel are trying to keep up with the fast pace of AI development and deployment all while balancing innovation and compliance. In-house counsel are also facing pressure from leadership to use AI tools to enhance their efficiency and reduce costs.

Takeaway: 

To ensure compliance with product development, in-house counsel should remember that the wheel doesn’t have to be reinvented – at least not yet. Rely on and scale existing privacy frameworks, governance, and compliance programs. If looking at implementing AI tools or AI agents to help improve organizational efficiency, don’t rush after every “shiny new thing.” Some AI tools and AI agents may help a team’s efficiency and reduce costs, while others may be counterproductive.

Concern #4: How to Build a Privacy Program

Privacy programs are now essential, not only for compliance but for building customer trust and protecting brand reputation. However, in-house counsel, especially at smaller organizations, often lack buy-in from leadership, making it difficult to obtain the resources needed to build a privacy program. Even when in-house counsel can make a case for a privacy program, they struggle with creating and operationalizing one that complies with the complex landscape of privacy laws and promotes organizational objectives.

Takeaway:

Part of the difficulty is knowing where to start - so look out soon for a post on when in-house counsel may need to implement a privacy program, how to get leadership buy-in, and what to consider when building a privacy program! Remember, there is no one-size-fits-all model.

I’d love to hear from you. If you attended IAPP GPS25, what were your takeaways? If you didn’t attend IAPP GPS25, what are your privacy or AI-related concerns? What do you want to learn more about?

[1] About the IAPP, IAPP, https://iapp.org/about/ (last visited May 1, 2025).