Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital AgeDecember 12, 2023
The paper provides insight into the different types of PETs available, demonstrating their potential application through case studies; sets out how organizations are approaching PETs; explores the extent to which PETs advance data protection principles and support innovation; and discusses obstacles to the development and adoption of PETs and ways to overcome them.
CIPL believes that more should be done to foster the further development and adoption of PETs, in particular policymakers and regulators should incentivize their use, by providing clearer guidance on key legal concepts that impact the use of PETs, and by adopting a more pragmatic approach to the application of these concepts and by recognizing the appropriate use of PETs as part of organizational accountability. |
Data Sharing Between Public and Private SectorsOctober 10, 2023
Governments at the state, county, and municipal levels have become increasingly interested in the treasure troves of local data amassed by the sharing economy. A growing number of localities are requesting (and sometimes mandating) that data collected by sharing-economy businesses—providers of ride-hailing services, short-term rentals, and other peer-based transactions—be shared with the localities themselves for a wide range of governmental purposes.
In this paper, we recommends that both the public and private sector adopt demonstrable accountability measures to foster responsible data-sharing practices and beneficial data uses while respecting individuals’ privacy rights and businesses’ legal obligations. Such measures will foster public trust in any data sharing between public and private sector entities. |
Limiting Legal Basis for Data Processing Under the DMA: Considerations on Scope and Practical ConsequencesMay 30, 2023
CIPL has been a leader in promoting the responsible use of data for more than 20 years. We support the goals of the European Union’s (“EU”) Digital Strategy fostering innovation, growth and competitiveness in the EU while establishing safe and trusted digital spaces for individuals. As part of our ongoing project examining the Digital Markets Act (“DMA”), we are publishing a series of papers taking a closer look at potential implementation challenges and remaining legal uncertainties across the complete EU digital legislation package. In the first paper, CIPL provided an overview of the data protection implications of the DMA.
This second paper will take an in-depth look at open questions regarding the seeming limitation by the DMA of legal bases available for certain processing of personal data and whether the DMA should consequently be considered as a lex specialis to the GDPR. Additionally, the paper examines ambiguities related to the scope of DMA in terms of personal data processing and lack of definitions of ‘data combination’ and ‘cross-use.’ |
Digital Assets and PrivacyJanuary 19, 2023
CIPL has hosted open discussions on the privacy implications of digital assets with industry and experts, providing an opportunity to engage with regulators and government to articulate a perspective on the privacy opportunities and challenges associated with digital assets, and to provide views on policy considerations and recommendations to be considered in the context of legislative and regulatory proposals.
This paper examines CIPL’s findings concerning the privacy implications of digital assets and respective recommendations to seek comprehensive, technology-friendly, future focused and pragmatic regulations on digital assets which are capable of compliance without prejudice to privacy considerations. |
Protecting Children's Data Privacy Policy Paper I: International Issues and Compliance ChallengesOctober 20, 2022
Complying with the growing number of laws on children’s privacy in the global marketplace is an increasingly complex undertaking. It involves reconciling measures to protect children from online harm and intrusions into their privacy with the equally important necessity for children to participate and engage online and to access beneficial or even essential online resources.
This paper includes discussions of the following issues: best interest of the child; consent and legitimate interest; parental consent; age assurance; profiling for targeting to children; transparency; and the risk-based approach to children’s online protection. Four appendixes to the paper contain brief summaries of key laws, regulations, codes of conduct and regulatory guidance relating to children’s online privacy. |
Perspectives on Privacy and Effective Data Use in the Global Digital Economy and SocietyJuly 5, 2022
As we celebrate 20 years of working with industry leaders, regulatory authorities and policy makers to develop global solutions and best practices for privacy and responsible data use.
To mark this occasion, we have compiled a volume of short “thought pieces” under the general title of “Perspectives on Privacy and Effective Data Use in the Global Digital Economy and Society”. This compilation features contributions from academics, technologists, former regulators and other thought leaders in privacy. Prior to the release of the full compendium, CIPL has posted the contributions individually on a weekly basis on CIPL’s blog, “A Very CIPL Solution”. |
Data Protection in the Time of the PandemicApril 22, 2021
This Roundtable Series Report provides a summary of key takeaways from each of the roundtables and highlights the latest thinking on these topics as COVID-19 continues to drive digital transformation and organizations continue to leverage data to fight the pandemic, think about other pressing humanitarian issues and find responsible data solutions to today’s unprecedented data challenges.
|
CIPL Response to the Ireland Data Protection Commissioner's Draft Guidance on Fundamentals for a Child-Oriented Approach to Data ProcessingMarch 26, 2021
On 20 December 2020, the Data Protection Commissioner for Ireland (DPC) issued her draft guidance on the safeguarding of the personal data of children when providing online services, namely “Children Front and Centre—Fundamentals for a Child-Oriented Approach to Data Processing” (Draft Guidance). The DPC invited public comments on the document by 31 March 2021.
The Centre for Information Policy Leadership (CIPL) welcomes the opportunity to submit its comments and recommendations below as input to the DPC final guidance. |
GDPR Implementation in Respect of Children's Data and ConsentMarch 6, 2018
Personal data relating to children are processed for many purposes by private and public sector organizations, including the provision of online and offline services, education, social care, healthcare and personal welfare, and as part of information on family circumstances. In some cases, the processing will include special categories of personal data. CIPL recognizes that the processing of children’s personal data may be regarded as high risk in some cases and require particular levels of care. Indeed, the importance of protecting the rights of children has been highlighted by Article 24 of the EU Charter of Fundamental Rights.
In this paper CIPL addresses issues raised by the processing of personal data relating to children by private sector organizations, such as service providers in the online environment, typically for activities such as social media, the use of some online games or certain IoT products, online advertising services or e-commerce sites which can be used by children, for example by the use of pre-paid debit or gift cards. |
Copyright © 2024 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
|