Privacy engineering mid-year temperature check

In the immortal words of the indie pop band Future Islands, "seasons change." The onset of summer has folks in the Northern Hemisphere watching temperatures rise while cold-weather lovers Down Under eagerly break out their jackets and jumpers. This time of transition offers a fitting moment to check the temperature of privacy engineering in 2026. What's hot? What challenges are cooling things off? And what does the future hold? There is much more to discuss than there is room here, so we will focus on three high-level areas of work: managing AI privacy risk, using large language models to manage privacy risk and traditional privacy engineering work.

Managing AI privacy risk

We hear anecdotally, and unsurprisingly, that privacy engineers are devoting more time than ever to managing artificial intelligence privacy risks. As they battle for solutions to address these new risks, the operational workhorse remains the privacy risk assessment. The new additions to this space in the AI era are the requirements for transparency and accountability of AI models and their outputs. The emerging practice of including model cards for the AI itself and provenance standards like C2PA, or Coalition for Content Provenance and Authenticity, for outputs are helping to simplify the AI privacy risk assessment process.

Cutting-edge, privacy-enhancing technologies continue to mature from research to practice, supporting this hot area of work. Differential privacy is leading the charge on addressing AI training risks and is being used during training to limit the influence any specific data point can have on the final model. This helps meet data minimization requirements, as sensitivity during fine tuning can be controlled at the data level.