Conference attendees networking in a modern convention center with blue lighting

Today's Headlines:

  • IAPP Summit opens. 5,000+ privacy professionals gather in DC. FTC Commissioner Meador reveals 2026 enforcement priorities. AI governance dominates.
  • Visa social media screening expands today. 15 new visa categories now require public social media profiles for State Department review.
  • 21 days until Section 702 expires. Government Surveillance Reform Act stalled. The data broker loophole remains open.
  • CNN amplifies Angela Lipps case. Tennessee grandmother jailed five months on Clearview AI false match gets national coverage.
  • EU CSAM scanning vote chaos. Parliament rejected extension days after voting to extend. Scanning becomes illegal April 3.

IAPP Global Privacy Summit Opens: AI Governance Takes Center Stage

The world's largest privacy conference kicked off in Washington DC this morning. Over 5,000 professionals packed the Walter E. Washington Convention Center to debate who controls AI.[1]

FTC Commissioner Mark R. Meador delivered the opening keynote, laying out the commission's 2026 enforcement priorities. The message: expect more actions on dark patterns, children's privacy violations, and AI-driven decision-making that harms consumers. Meador signaled the FTC is watching how companies handle automated decision-making, and taking notes.[2]

The timing is sharp. January 2026 alone brought new California requirements for automated decision-making opt-outs, risk assessments, and cybersecurity audits. Indiana, Kentucky, and Rhode Island's comprehensive privacy laws just took effect. The patchwork keeps growing. At the summit, sessions on "state privacy law fragmentation" are standing room only.[3]

Three themes dominate this year: agentic AI governance, the 21-state privacy law mess, and enforcement actions. Multiple sessions address Section 702 and government data access. Whether privacy professionals can move Congress is another question.

Our IAPP Summit preview

Today: US Expands Visa Social Media Screening to 15 More Categories

Starting today, March 30, the State Department will review social media profiles for 15 additional visa categories. If you're applying for a K-1 fiancé visa, R-1 religious worker visa, or T/U visa for trafficking survivors, set your accounts to public. They're watching.[4]

Here's the full expansion list: A-3, C-3 domestic workers, G-5, H-3, H-4 dependents, K-1, K-2, K-3, Q, R-1, R-2, S, T, and U visas. The program previously covered only H-1B workers, students (F, M, J), and their dependents. Now it's nearly everyone.[5]

The State Department's position: applicants must set privacy settings to "public" or "open" so consular officers can review content directly. Not just disclose your handles: let them scroll through your posts. Content "inconsistent with the stated purpose of travel" triggers additional scrutiny or outright refusal.[6]

The rule change got minimal public attention. Most applicants won't know until they're at the consulate. Processing times will likely increase as officers comb through years of posts.

Immigration lawyers are already advising clients: clean up your accounts before filing. Delete anything political. Remove criticism of US policy. The chilling effect is the point.

Our full guide to the March 2026 visa social media expansion

21 Days: Section 702 Clock Keeps Ticking

The April 20 sunset is three weeks away. Nothing's changed.[7]

The bipartisan Government Surveillance Reform Act (introduced by Senators Wyden and Lee with Reps. Davidson and Lofgren) would require warrants for American queries, ban data broker purchases, and add statutory penalties for privacy violations. It's the only serious reform bill. It's going nowhere.[8]

The White House wants a clean extension. House Judiciary Chair Jim Jordan says the 2024 reforms were enough. The EFF disagrees: "Prior to the 2024 reauthorization, Section 702 was already misused to run improper queries on peaceful protesters, federal and state lawmakers, Congressional staff, thousands of campaign donors, journalists, and a judge."[9]

The SAVE Act poison pill drama continues. Rep. Anna Paulina Luna wants to attach voter ID requirements to FISA reauthorization. Senate Democrats won't pass it. The strategy seems designed to kill reform by making any bill controversial.

Three weeks left. 130+ civil rights organizations demanding action on data brokers. Zero movement in Congress.

Section 702 explainer | SAVE Act confrontation

CNN Amplifies Angela Lipps Case: Clearview AI's Human Cost

Angela Lipps, the Tennessee grandmother jailed five months on a Clearview AI false match, got national attention this weekend. CNN's March 29 story is driving new outrage about facial recognition.[10]

The facts haven't changed. In May 2025, West Fargo police identified Lipps as a suspect in North Dakota crimes using Clearview AI, a database of billions of photos scraped from social media. They did zero additional investigation. Lipps says she's never been to North Dakota. She spent five months in Tennessee jails waiting for extradition. She lost her home, her car, and her dog.[11]

What's new: Fargo police have now announced they'll stop using West Fargo's AI system entirely. "It's their own system. We don't know how it's run or how it's overseen," a spokesman told CNN. One police department won't accept another's AI results. That's progress, measured in increments.[12]

Lipps filed a lawsuit on March 15. Her attorney points out what should be obvious: a facial recognition match isn't identification. It's a lead that requires actual police work. West Fargo skipped that step.

CNN's coverage matters. National attention forces accountability that local coverage doesn't. Clearview AI remains deployed by thousands of law enforcement agencies. The next Angela Lipps is being scanned right now.

Our original coverage

EU CSAM Scanning: Parliament Voted Yes, Then No

The European Parliament is at war with itself over message scanning.[13]

On March 11, MEPs voted 458-103 to extend a temporary exemption allowing platforms to scan for child sexual abuse material. The exemption from the ePrivacy Directive would continue until August 2027. Conditions: scanning must be "proportionate and targeted," must not apply to end-to-end encrypted messages, and tools should only identify known CSAM.[14]

Then, in late March, Parliament failed to agree on the extension. The current derogation expires April 3, 2026. After that date, scanning becomes illegal in Europe, at least until a new framework passes.[15]

Privacy advocates called the initial March 11 vote a compromise that prevented mass surveillance of encrypted messages. The second vote rejected even that compromise. The EU's long-term CSAM regulation remains stuck in negotiations between Parliament and Council.

What happens April 4? Platforms operating in the EU may have to stop voluntary scanning programs. Or they'll keep scanning and face legal challenges. The mess continues.

Data Breach Updates

  • Kaplan: 1.4 million people affected. Education tech giant disclosed a breach from October-November 2025. Names, Social Security numbers, driver's license numbers exposed. Class action likely.[16]
  • Infinite Campus: K-12 student information system warning customers of extortion attempt. Student data potentially compromised. Districts assessing damage.[17]
  • HackerOne (via Navia): Bug bounty platform employees hit after benefits administrator Navia breach. SSNs, addresses, dependents' data taken.[18]
  • Dutch Finance Ministry: Confirmed March 23 breach, still assessing scope. Government systems compromised.[19]

Quick Hits

  • Apple spyware tools leak: Hacking tools called Coruna and DarkSword have leaked online. Security researchers warn older iOS versions remain vulnerable. Apple's Lockdown Mode and memory-safe code help, but only on current devices.[20]
  • Chicago facial recognition debate: Illinois state legislator proposing ban on police facial recognition databases. Meanwhile, Chicago PD credits the tech with solving a January homicide. The political fight intensifies.[21]
  • Apple Maps ads coming: Apple reportedly planning to sell ad placements in Maps search results this summer. Another monetization move from the privacy-focused company.[22]

What to Watch

  • IAPP Summit Day 2 (March 31): More AI governance sessions. Breakout discussions on state privacy laws.
  • EU CSAM scanning expires (April 3): Legal limbo for platform scanning in Europe.
  • Meta smart glasses deadline (April 6): Senators demanding answers about "Name Tag" facial recognition feature. 7 days left.
  • Section 702 sunset (April 20): 21 days. Reform bills stalled. Clean extension most likely.
  • Meta New Mexico Phase 2 (May 4): Remedies trial after $375M child safety verdict.

Sources

  1. IAPP - Global Privacy Summit 2026
  2. IAPP - Global Privacy Summit 2026 Agenda (FTC Priorities Session)
  3. California Privacy Protection Agency - Latest Announcements
  4. NNU Immigration - "US Expands Visa Social Media Checks from March 30, 2026"
  5. Erickson Immigration Group - "DOS Expands Social Media Screening and Vetting"
  6. Murthy Law Firm - "DOS Extends Social Media Screening to More Visas" (March 26, 2026)
  7. Brennan Center - Section 702 Resource Page (March 2026)
  8. Sen. Wyden - Government Surveillance Reform Act Press Release
  9. EFF - "Congress Is Dropping the Ball with a Clean Extension of FISA" (March 2026)
  10. CNN - "Police used AI facial recognition to arrest a Tennessee woman for crimes in a state she says she's never visited" (March 29, 2026)
  11. MPR News - "Fargo police's use of AI raises questions after suspect says facial recognition failed" (March 18, 2026)
  12. KRDO - Angela Lipps Facial Recognition Coverage (March 29, 2026)
  13. Cybernews - "Privacy vs child safety? EU to stop scanning private chats for abuse material"
  14. Help Net Security - "EU Parliament backs extension of CSAM detection rules until 2027" (March 13, 2026)
  15. The Record - "European Parliament rejects extension of CSAM scanning rules for tech platforms"
  16. PKWARE - 2026 Data Breaches (Kaplan)
  17. Privacy Guides - Data Breach Roundup (March 13-19, 2026) - Infinite Campus
  18. HIPAA Journal - "Navia Benefit Solutions Discloses Data Breach Affecting 2.7 Million"
  19. Privacy Guides - Data Breach Roundup (March 20-26, 2026) - Dutch Ministry
  20. TechCrunch - "Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed" (March 26, 2026)
  21. CWB Chicago - "Facial recognition helps cops solve some of Chicago's most heinous crimes. This state legislator wants to shut it down."
  22. Android Headlines - "Apple Maps Is Getting Ads, and It Goes Against Everything Apple Stands For"