GDPR News » IAPP Privacy Security Risk

🚀 What an incredible two days at the IAPP Privacy. Security. Risk. Conference in Los Angeles on 22 -23 September! So many thought-provoking discussions on the future of privacy, regulation, and AI. Here are a few key takeaways:

🔑 Avoid Watermelon Risk Metrics: They may look “green” on the outside, but they’re “red” on the inside. We need to focus on meaningful metrics that tell the whole story, not just surface-level success.

🧠 “There is no machine unlearning, so we have to get it right the first time.” This underscores the importance of responsible AI development from the start—there’s no turning back once it’s in motion.

🌍 Privacy rights should travel with your data: A poignant reminder from Max Schrems that privacy isn’t a static concept—it needs to be portable and enforced wherever the data goes.

🤖 AI Regulation and Purpose Limitation: We heard different perspectives on the risk of AI taking over—from a 100% chance in 200 years to just 10% depending on how well we regulate it. The key? Purpose limitation and accuracy, with GDPR providing a reasonable framework.

🌐 Vendor Risk Management: With 70% of data breaches stemming from the supply chain, managing vendor risk is crucial. Certifications like ISO aren’t always enough; it depends on the level of risk and includes often-overlooked services (e.g., cleaning staff with access to sensitive spaces).

❗️ Regulatory Inconsistencies: The Draghi report raised concerns about excessive legislation stifling innovation, but the real problem is inconsistency in applying regulations. For example, 27 different ways to identify individuals in the EU—a clear barrier to streamlined digitalization.

In a world where data privacy and AI regulations are evolving fast, events like this one are vital to keeping us informed and adaptable. Looking forward to continuing the conversation!