CIPL White Papers

         Corporate Digital Responsibility/Accountability

Cisco-CIPL Report on Business Benefits of Investing in Data Privacy Management Programs
January 10, 2023

CIPL White Paper - Organizational Accountability in Data Protection Enforcement - How Regulators Consider Accountability in their Enforcement Decisions
October 6, 2021

CIPL White Paper - What Good and Effective Data Privacy Accountability Looks Like: Mapping Organizations’ Practices to the CIPL Accountability Framework
May 27, 2020

CIPL White Paper - Organisational Accountability - Past, Present and Future
October 30, 2019

​CIPL Accountability Paper - Q&A on Organisational Accountability in Data Protection
July 3, 2019

CIPL Accountability Discussion Paper 2 - Incentivising Accountability: How Data Protection Authorities and Law Makers Can Encourage Accountability
July 23, 2018

CIPL Accountability Discussion Paper 1 - The Case for Accountability: How it Enables Effective Data Protection and Trust in the Digital Society
July 23, 2018

CIPL Accountability Discussion Paper Intro - Introducing Two New CIPL Papers on The Central Role of Organisational Accountability in Data Protection
July 23, 2018

       Regulatory Engagement

CIPL White Paper - Organizational Accountability in Data Protection Enforcement - How Regulators Consider Accountability in their Enforcement Decisions
October 6, 2021
​
CIPL Remarks - Looking Beyond COVID-19: Future Impacts on Data Protection and the Role of the Data Protection Authorities
June 2, 2020

​Regulatory Sandbox White Paper - Regulatory Sandboxes in Data Protection - Constructive Engagement and Innovative Regulation in Practice
March 8, 2019

​Regulating for Results Paper - Regulating for Results: Strategies and Priorities for Leadership and Engagement (English)
September 25, 2017 (Updated on October 10, 2017) 

• Spanish Version
• Portuguese version
• Mandarin version

Regulating for Results Paper Abstract - English Version and Spanish Version

         Artificial Intelligence

CIPL Recommendations on Adopting a Risk-Based Approach to Regulating AI in the EU
March 22, 2021

CIPL/Hunton Andrews Kurth Legal Note - How the GDPR Regulates AI
March 12, 2020

CIPL AI Second Report - Hard Issues and Practical Solutions
February 27, 2020

• ​Portuguese version

​
CIPL AI First Report - Artificial Intelligence and Data Protection in Tension
October 29, 2018

         Digital Economy & Society

CIPL Discussion Paper - Digital Assets and Privacy
January 19, 2023

Protecting Children's Data Privacy Policy Paper I: International Issues and Compliance Challenges
October 20, 2022

CIPL & HKU Roundtable Series Report - Data Protection in the Time of the Pandemic
April 22, 2021

CIPL Response to the Ireland Data Protection Commissioner's Draft Guidance on Fundamentals for a Child-Oriented Approach to Data Processing
March 26, 2021

CIPL White Paper on GDPR Implementation in Respect of Children's Data and Consent
 March 6, 2018 

Cross-Border Data Transfer Mechanisms

CIPL Study Mapping the APEC CBPR System and EU-US Privacy Shield Requirements to the Provisions of the UK GDPR
September 9, 2022

Local Law Assessments and Online Services - Refining the Approach to Beneficial and Protective Cross-Border Data Flows
A Case Study from British Columbia
June 9, 2022

CIPL Q&A on Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) 2nd Edition
October 8, 2020

CIPL White Paper - A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision
September 24, 2020

CIPL-DSCI Report on Enabling Accountable Data Transfers from India to the United States under India's Proposed Personal Data Protection Bill
September 8, 2020

CIPL Q&A on Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP)
March 19, 2020

Essential Legislative Approaches for Enabling Cross-Border Data Transfers in a Global Economy
September 25, 2017

Cross-Border Data Transfer Mechanisms
August 20, 2015
​
*This paper is an updated version of the August 2015 Cross-Border Data Transfer Mechanisms paper, which was submitted in response to the Indonesian Ministry of Communications and Information Technologies’ request for public comments concerning its Draft Regulation on the Protection of Personal Data in Electronic Systems. 

        GDPR Implementation

CIPL Paper - Bridging the DMA and the GDPR - CIPL Comments on the Data Protection Implications of the Draft Digital Markets Act
December 6, 2021

CIPL Paper - Comments on the Draft ePrivacy Regulation for Trilogue Discussion
September 29, 2021

CIPL Discussion Paper - GDPR Enforcement Cooperation and the One-Stop-Shop - Learning from the First Three Years
September 24, 2021

CIPL White Paper - How the "Legitimate Interests" Ground for Processing Enables Responsible Data Use and Innovation
July 1, 2021

• Summary of CIPL Recommendations for Regulators and Policymakers

​
CIPL White Paper - A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision
September 25, 2020

Data Subject Rights - CIPL White Paper on Data Subject Rights under the GDPR in a Global Data Driven and Connected World
July 8, 2020

Model Clauses for International Transfers under the GDPR - CIPL White Paper on Key Issues Relating to Standard Contractual Clauses for International Transfers and the Way Forward for New Standard Contractual Clauses under the GDPR
August 7, 2019

CIPL GDPR Stocktaking Report - GDPR One Year In - Practitioners Take Stock of the Benefits and Challenges
May 31, 2019

ePrivacy and the EU Charter of Fundamental Rights - CIPL Legal Note on the ePrivacy Regulation and the EU Charter of Fundamental Rights
November 9, 2018

ePrivacy and GDPR Comparative Analysis - Study prepared for CIPL by Brinkhof Advocaten on "EPR vis-à-vis GDPR, A Comparative Analysis of the ePrivacy Regulation and the General Data Protection Regulation"
July 24, 2018

ePrivacy Study - Study prepared for CIPL by Normally on "How Will the ePrivacy Regulation affect the design of digital services and their user experiences?"
May 14, 2018

CIPL Factsheet on ePrivacy and the GDPR - Factsheet on the key issues relating to the relationship between the proposed ePrivacy Regulation (ePR) and the General Data Protection Regulation (GDPR)
March 20, 2018

Children's Data and Consent - CIPL White Paper on GDPR Implementation in Respect of Children's Data and Consent
March 6, 2018

CIPL Comments on WP29's Profiling and ADM Guidelines
December 1, 2017

ePrivacy Study - Study prepared for CIPL by Professor Niko Härting of HÄRTING Rechtsanwälte PartGmbB on the implications of the proposed ePrivacy Regulation in the EU
October 19, 2017

ePrivacy Paper - Comments on the Proposal for an ePrivacy Regulation
September 11, 2017

Transparency, Consent and Legitimate Interest Paper - Recommendations for Implementing Transparency, Consent and Legitimate Interest under the GDPR
May 19, 2017
​
GDPR Workshop III  Key Takeaways - CIPL Madrid Workshop Key Takeaways
April 27, 2017

GDPR Implementation Challenges Summary Document - GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants’ Feedback
April 27, 2017

Certifications Paper - Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms
April 12, 2017

Legitimate Interest Paper - CIPL Examples of Legitimate Interest Grounds for Processing of Personal Data 
March 16, 2017 (Updated on April 27, 2017)

Risk Paper - Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR
December 21, 2016

OSS Paper - The One-Stop-Shop and the Lead DPA as Co-operation Mechanisms in the GDPR
November 30, 2016

DPO Paper - Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation
November 17, 2016 

Workshop II Report - The Role of the Data Protection Officer (DPO) and Risk and High Risk under the GDPR
October 5, 2016

Workshop I Report -  Implementing and and Interpreting the GDPR: Challenges and Opportunities
​May 6, 2016

         US Privacy Framework

CIPL Concept Paper - Why We Need Interstate Privacy Rules for the US
September 25, 2020

CIPL White Paper - Data Protection in the New Decade: Lessons from COVID-19 for a US Privacy Framework
August 24, 2020

CIPL White Paper - What Does the USMCA Mean for a US Federal Privacy Law?
January 17, 2020

CIPL White Paper - Organizational Accountability in Light of FTC Consent Orders
November 13, 2019

CIPL White Paper - Organizational Accountability - Existence in US Regulatory Compliance and its Relevance for a US Federal Privacy Law
July 3, 2019

CIPL White Paper - Ten Principles for a Revised US Privacy Framework
March 21, 2019

CIPL White Paper - Learning from the GDPR: What Elements Should the US Adopt?
January 25, 2019

Effective Implementation & Regulation under New Brazilian Data Protection Law (LGPD)

CIPL/CEDIS-IDP White Paper - The Role of the Data Protection Officer under the LGPD (English version)(Portuguese version)
September 27, 2021

CIPL/CEDIS-IDP White Paper - Top Priorities for Public and Private Organizations to Effectively Implement the New Brazilian General Data Protection Law (LGPD) (English version)(Portuguese version)
September 1, 2020

CIPL/CEDIS-IDP White Paper - The Role of the Brazilian Data Protection Authority (ANPD) under Brazil’s New Data Protection Law (LGPD) (English version) (Portuguese version)
April 16, 2020

Reframing Data Transparency

Reframing Data Transparency
October 2016

Protecting Privacy in a World of Big Data

Paper 3: Reinvigorating Privacy Principles
(Forthcoming​)

Paper 2:  The Role of Risk Management 
February 16, 2016

Executive Summary:  Three Solutions for Protecting Privacy in a World of Big Data 
December 2015

Paper 1:  The Role of Enhanced Accountability in Creating a Sustainable Data-Driven Economy and Information Society 
October 21, 2015

Privacy Risk Framework and the Risk-based Approach to Privacy 

Paper 2:  The Role of Risk Management in Data Protection 
December 1, 2014

Paper 1:  A Risk-based Approach to Privacy: Improving Effectiveness in Practice
June 19, 2014

Addressing the Challenges of a Changing Role: An Exploration of the Dynamics Impacting the Role of the Chief Privacy or Data Protection Officer

​Discussion Paper: The Role and Function of a Data Protection Officer in Practice and in the European Commission’s Proposed General Data Protection Regulation Report on DPO Survey Results
2014

Initial Discussion Paper: The Role and Function of a Data Protection Officer in the European Commission’s Proposed General Data Protection Regulation 
2013

​Accountability-Based Privacy Governance

Data Protection Accountability: The Essential Elements A Document for Discussion

Demonstrating and Measuring Accountability - A Discussion Document

Implementing Accountability in the Marketplace - A Discussion Document

Accountability: A Compendium for Stakeholders
​
Accountability: Data Governance for the Evolving Digital Marketplace

Guidance for Analytics: Protecting Privacy and Fostering Innovation

Discussion Document: Big Data and Analytics: Seeking Foundations for Effective Privacy Guidance 
​February 2013 

Ethical Underpinnings of Analytics

Data Protection Law and The Ethical Use of Analytics
2010

Securing Personal Data in the Global Economy

Dos and Don'ts of Data Breach and Information Security Policy
​March 2009

Multilayered Notices

Ten Steps to Develop a Multilayered Privacy Notice
​March 2007

Outsourcing in India

Trusted Information Management: Data Privacy & Security Accountability in Outsourcing*
September 2007

Outsourcing in India: Designing A Privacy Accountability Self-Regulatory Organization*
June 2007
​
*In affiliation with the United States–India Business Council (USIBC)