The international privacy landscape is always changing, but according to feedback from the annual International Association of Privacy Professionals (IAPP) Global Privacy Summit, this year is different.
The geopolitical landscape seems to change almost daily, with aftershocks from tariff-related uncertainty to financial market volatility shaking the foundations of the global economy. And considering there being no clear harmony in cross-Atlantic privacy legislation, no standard approach to data privacy in the United States – and not even settled consensus on the future of Europe’s GDPR regulation within the EU, data privacy, data governance and protection remain major concerns and salient topics of discussion.
In highlighting the uncertainties around data privacy and protection, the IAPP summit in April 2025 addressed the reverberations that will be felt going forward. One major perceptual shift is the characterization of data as a valuable asset as opposed to data as a geopolitical weapon. This change makes safeguarding data privacy and user consent more important than ever.
The IAPP summit covered a number of different subjects related to data privacy and protection, with particular focus on AI governance and ethics and its abundant challenges, the fragmented state of global privacy regulations and the need for global cooperation to enforce best practices as legislative changes continue, and the overarching issue of securing data privacy when every aspect of life is intertwined with digital activity. What is user-centric, privacy-first use of data? What does digital responsibility look like, and who is responsible? How is consent captured and enforced?
Framed by these challenging questions, it is clear that standard, compliance-only approaches to data privacy and governance will no longer be enough. The dynamic and “eternal” nature of data means that taking a top-down checkbox-driven approach is not secure, is static, and stands as a barrier to innovation.
While the data privacy landscape is not quite a minefield, it remains unstable ground – and ripple effects can be felt throughout disciplines focused on data protection and cybersecurity as a whole. With more focus on evolving regulations and consent enforcement, we can carve out a few key areas to consider with regard to data privacy and managing user consent and preferences.
Global regulations are changing: Among the most discussed regulatory changes is the European Union’s GDPR. Seven years into its effective life, it has proven to be fairly robust and has been used as intended to protect data. However it has proven to pose expensive and onerous restrictions and monitoring responsibilities, particularly for small and medium businesses. The GDPR is undergoing a controversial set of revisions in 2025 aimed to alleviate some of this burden and simplify its mandates. While the details are vague for now, ensuring that your website’s consent management is governed by a robust CMP can help ensure continued compliance no matter what changes in the law. At the same time, the European Union AI Act was introduced and the Digital Markets Act came into effect, which has shifted data-privacy goalposts – each bringing competitive issues and new considerations for privacy compliance.
Regulation in the United States: Data privacy and protection regulations vary widely and exist only at the state level in the United States, making the approach in the US quite fragmented. A record number of privacy-related pieces of legislation were introduced in 2024, but the majority of the US remains uncovered by privacy protection. Regardless of states’ data privacy posture, most companies doing global business would do well to align with some of the strictest of the US laws, such as CCPA in California, which would help to ensure compliance across all the states where data privacy regulations are in place but not as stringent. An all-in-one CMP can help ensure that your consent management solution is always up to date with the latest regulations in all states.
Privacy-by-design and consent-led concepts become de facto in developing services: Building privacy and consent into websites, content and marketing balances compliance with consumer trust.
©2025 CookieHub ehf.
