The last year has had a number of events with major implications on privacy. General Data Protection Regulation (GDPR) finally got real with fines and with clarification rulings intended to reduce corporate abuses. The European Union (EU) Court of Justice threw out PrivacyShield, affecting the ability of Europeans to exchange data with locations in the US. The California Consumer Privacy Act (CCPA) lurched into existence and is inspiring other state initiatives. And the pan-Canadian Trust Fabric has set a new bar on how to enable privacy in an identity ecosystem. Within the R&E sector, issues from contract tracing to proposed new attribute bundles for content access are driving interesting discussions. This session will provide a brief overview of some of these events and lead into a discussion of how institutions can sort out what’s impactful.