As the privacy landscape continues to evolve, companies may find it difficult to manage regulator expectations of compliance and consumer demands as outlined in lawsuits, said Julie Rubash, chief privacy officer for Sourcepoint, a vendor.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
Despite stricter court rulings and limits on the use of older statutes to regulate newer technologies, 2025's increase in privacy litigation, especially around tracking technologies, looks set to continue into 2026, said privacy lawyers in interviews. Additionally, the potential for lawmakers clarifying the California Invasion of Privacy Act (CIPA) could push litigators to bring cases at even faster rates this year as they hope to file before an amendment becomes effective, one lawyer said.
There are privacy rules taking effect Thursday in California that have gone “a little bit under the radar,” but companies are beginning to pay attention to them “at the last minute,” Sourcepoint Chief Privacy Officer Julie Rubash told us in an interview.
Many states that have had leading roles in the privacy space will continue to do so in 2026, but several newcomers will be noteworthy owing to laws coming online, potential enforcement and litigation, privacy lawyers said.
Enforcement has focused heavily in 2025 on surface-level, obvious and quick fixes, privacy lawyers said in recent interviews. While this trend will continue in 2026, additional tools and other factors should keep enforcement an area to watch, they said.
Kids privacy and child safety online have been hot-button issues on both sides of the aisle and will remain so in 2026, said privacy lawyers in interviews with Privacy Daily. Despite the bipartisan focus and federal bills pending on these issues, several of the lawyers were doubtful about passage of a national law next year.
The European Commission renewed its two decisions allowing personal data flows between the EU and the U.K., it said Friday. It found that Britain's data protection legal framework is essentially equivalent to the EU's.
Ann Waldo has joined the Future of Privacy Forum as a senior fellow, the FPF said Thursday. Waldo previously served as chief privacy officer at technology company Lenovo and health care firm Hoffmann-La Roche. She also co-founded the law firm Wittie Letsche, among other roles in the privacy space.
Despite some federal statutes and many state laws specific to privacy, the FTC acts as a stand-in for the lack of a comprehensive federal privacy measure, said the agency's former chief privacy officer at a Practising Law Institute (PLI) event Wednesday. Besides state privacy laws, enforcers often employ unfair and deceptive acts and practices (UDAP) statutes and other consumer protection laws, another panelist said.
States are passing a large variety of laws to regulate AI, with some, like Colorado, taking a comprehensive approach and others, like California, targeting specific issues such as discrimination and employment, Vedder Price attorney Michael Kurzer observed Thursday on a panel at the Risk Digital Global virtual conference. Also, the lawyer said he sees “strong overlap between regulation of privacy and the issues that we're focused on now with AI.”