I gave the opening keynote talk at Global Privacy Leaders Summit @ RSA 2026 about how the role of the Chief Privacy Officer is changing. The thrust of the talk was that because of incoming AI regulation as well as increasing privacy law enforcement, the practice of privacy is increasingly becoming a systems problem, as opposed to a policy problem. I also argued that AI regulation is really just privacy regulation in disguise.

If you’re leading a privacy program, you should be in the room where it happens inside your company. It’s time to go beyond risk-obsessed thinking and to focus on what you could do if you had the right privacy systems. I made the following points:

  1. Compliance is not privacy
  2. Regulation is inevitable and incoming
  3. AI and privacy are frenemies

For more details, see the PDF slides!