CIPL White Papers

CIPL GDPR Implementation Project White Papers

ePrivacy Study - Study prepared for CIPL by Normally on "How Will the ePrivacy Regulation affect the design of digital services and their user experiences?"
May 14, 2018

WP29 Certification Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party's "Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679" adopted on 6 February 2018
March 29, 2018

CIPL Factsheet on ePrivacy and the GDPR - Factsheet on the key issues relating to the relationship between the proposed ePrivacy Regulation (ePR) and the General Data Protection Regulation (GDPR)
March 20, 2018

Children's Data and Consent - CIPL White Paper on GDPR Implementation in Respect of Children's Data and Consent
March 6, 2018

WP29 Consent Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party's "Guidelines on Consent" adopted on 28 November 2017
January 29, 2018

WP29 Transparency Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party's "Guidelines on Transparency" adopted on 28 November 2017
January 29, 2018

WP29 BCR Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party's Updated Working Documents Setting Up Tables for Binding Corporate Rules and Processor Binding Corporate Rules adopted on 29 November 2017
January 17, 2018

WP29 Breach Notification Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Working Party's "Guidelines on Personal Data Breach Notification under Regulation 2016/679" adopted on 3 October 2017
December 1, 2017

WP29 Profiling and ADM Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party's "Guidelines on Automated Individual Decision-Making and Profiling" adapted on 3 October 2017
December 1, 2017

ePrivacy Study - Study prepared for CIPL by Professor Niko Härting of HÄRTING Rechtsanwälte PartGmbB on the implications of the proposed ePrivacy Regulation in the EU
October 19, 2017

Regulating for Results Paper - Regulating for Results: Strategies and Priorities for Leadership and Engagement (English)
(Portuguese version)
September 25, 2017 (Updated on October 10, 2017)
Regulating for Results Paper Abstract - English Version and Spanish Version

ePrivacy Paper - Comments on the Proposal for an ePrivacy Regulation
September 11, 2017

WP29 DPIA Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party’s “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is ‘likely to result in a high risk’ for the purposes of Regulation 2016/679” adopted on 4 April 2017
May 19, 2017

Transparency, Consent and Legitimate Interest Paper - Recommendations for Implementing Transparency, Consent and Legitimate Interest under the GDPR
May 19, 2017

GDPR Workshop III Key Takeaways - CIPL Madrid Workshop Key Takeaways
April 27, 2017

GDPR Implementation Challenges Summary Document - GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants’ Feedback
April 27, 2017

Certifications Paper - Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms
April 12, 2017

Legitimate Interest Paper - CIPL Examples of Legitimate Interest Grounds for Processing of Personal Data
March 16, 2017 (Updated on April 27, 2017)

WP29 LSA Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party’s “Guidelines for identifying a controller or processor’s lead supervisory authority” adopted on 13 December 2016
February 15, 2017

WP29 Data Portability Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party’s “Guidelines on the right to data portability” adopted on 13 December 2016
February 15, 2017

WP29 DPO Comments - Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party’s “Guidelines on Data Protection Officers (DPOs)” adopted on 13 December 2016
January 24, 2017

Risk Paper - Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR
December 21, 2016

OSS Paper - The One-Stop-Shop and the Lead DPA as Co-operation Mechanisms in the GDPR
November 30, 2016

DPO Paper - Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation
November 17, 2016

Workshop II Report - The Role of the Data Protection Officer (DPO) and Risk and High Risk under the GDPR
October 5, 2016

Workshop I Report - Implementing and and Interpreting the GDPR: Challenges and Opportunities
May 6, 2016

Reframing Data Transparency

Reframing Data Transparency
October 2016

Protecting Privacy in a World of Big Data

Paper 3: Reinvigorating Privacy Principles
(Forthcoming)

Paper 2: The Role of Risk Management
February 16, 2016

Executive Summary: Three Solutions for Protecting Privacy in a World of Big Data
December 2015

Paper 1: The Role of Enhanced Accountability in Creating a Sustainable Data-Driven Economy and Information Society
October 21, 2015

Cross-Border Data Transfer Mechanisms

Essential Legislative Approaches for Enabling Cross-Border Data Transfers in a Global Economy*
25 September 2017

Cross-Border Data Transfer Mechanisms
August 20, 2015

*This paper is an updated version of the August 2015 Cross-Border Data Transfer Mechanisms paper, which was submitted in response to the Indonesian Ministry of Communications and Information Technologies’ request for public comments concerning its Draft Regulation on the Protection of Personal Data in Electronic Systems.