In this discussion paper, CIPL considers the following key privacy and data protection concepts and explores how they can be effectively applied to the development and deployment of genAI models and systems: Fairness; Collection limitation; Purpose specification; Use limitation; Individual rights; Transparency; Organizational accountability; and Cross-border data transfers. The analysis in this paper builds on […]

Drawing largely from the experience under the GDPR and several EU digital laws, CIPL partnered with Bae, Kim & Lee LLC on this paper to make the case for shifting away from over-reliance on consent and exploring, instead, other legal bases such as contractual necessity and legitimate interest. The paper argues that to ensure the […]

The paper, written in partnership with Richard Thomas CBE, raises two fundamental questions for data protection authorities: What should DPAs be doing and prioritizing? How should they be doing it? While these questions are not easy to answer, they are essential to explore. Building on our previous work, including the Regulating for Results Paper (2017) […]

In this white paper, CIPL proposes a roadmap for building a holistic data strategy that seeks to align the Board and C-suite on data-driven initiatives and provide a framework for promoting innovative and responsible uses of data, including the development and deployment of powerful AI technologies.

This report showcases how 20 leading organizations are developing accountable AI programs and best practices on the ground. Our research shows that organizational accountability is fundamental to the responsible development and deployment of AI. Organizations recognize the need to demonstrate AI accountability as a business imperative, especially as the expectations of consumers, business partners, shareholders, […]

Drawing on CIPL’s years of experience as a thought leader and our extensive engagement with private sector leaders developing and deploying AI technologies, policymakers, and regulators, CIPL offers in this paper ten recommendations to guide AI policymaking and regulation to enable accountable, responsible, and trustworthy AI. These ten recommendations encapsulate CIPL’s view on a layered […]

This study by the Centre for Information Policy Leadership (CIPL) and the Privacy Center of Excellence at Cisco explores the business benefits and return on investment (ROI) of DPMPs. In particular, the study demonstrates that organizations are experiencing a wide range of benefits from investing in DPMPs. These include risk management and compliance benefits, as […]

Promoting organizational accountability among all organizations that process personal data has been one of the Centre for Information Policy Leadership’s (CIPL) main areas of focus. An important component of our work on that front has been to identify ways in which data protection laws, public policy, and approaches to enforcement can encourage and incentivize organizational accountability. This paper […]

Promoting organizational accountability among all organizations that process personal data has been one of CIPL’s main areas of focus. An important component of our work on that front has been to identify ways in which data protection laws, public policy, and approaches to enforcement can encourage and incentivize organizational accountability. This paper elaborates specifically on […]

The COVID-19 crisis imposed a wide range of immediate and likely long-term impacts on organizations, governments, regulators, people and society at large. Many of them could to stay with us beyond the immediate crisis and change the way we all live, work and interact. These impacts likely will also be felt in data privacy – […]

CIPL has a long history of exploring accountability-based information management and privacy governance. As part of our work on enabling innovation while also protecting privacy, we are currently exploring how to further develop and improve the existing concept of accountability to maximize both goals. This report consolidates the findings of CIPL’s Accountability Mapping Project launched […]

The rise and rapid expansion of Artificial Intelligence technology is one of the main features of the Fourth Industrial Revolution. Its transformational potential for our digital society and ability to drive benefits for citizens, governments and organizations is unparalleled. To realize this potential and ensure its sustainability, we must build AI on a foundation of […]

Organisational accountability is a powerful tool in the hands of the political and business leaders that are shaping 21st century Europe. It places the responsibility for ethical behavior and the protection of individuals on the organizations that are best placed to achieve it. This report argues that accountability is a scalable and transferrable concept that can be implemented by […]

Promoting organizational accountability among all organizations that process personal data has been one of the Centre for Information Policy Leadership’s (CIPL) main areas of focus. An important component of our work on that front has been to identify ways in which data protection laws, public policy, and approaches to enforcement can encourage and incentivize organizational accountability. This paper […]

What is a “Regulatory Sandbox”? How could it contribute to high standards of data protection and privacy and promote innovation? What are the challenges and problems? What safeguards are needed? Why would regulators and organizations want to participate in a Sandbox? In this white paper, we set out the key features of the concept. Essentially, […]

This report introduces artificial intelligence and some of the technologies enabled by it, as well as some of the challenges and tensions between artificial intelligence and existing data protection laws and principles. The challenges to data protection presented by AI are frequently remarked on but are often addressed only at a surface level. There is […]

This short paper introduces two CIPL papers on the topic of organisational accountability – The Case for Accountability: How it Enables Effective Data Protection and Trust in the Digital Society and The Case for Accountability: How it Enables Effective Data Protection and Trust in the Digital Society. It outlines the goals of these other papers, […]

It is essential that there is consensus and clarity on the precise meaning and application of organisational accountability among all stakeholders, including organisations implementing accountability and data protection authorities (DPAs) overseeing accountability. Without such consensus, organisations will not know what DPAs expect of them and DPAs will not know how to assess organisations’ accountability-based privacy […]

The objectives of this second paper in our Accountability series are, first, to make the case for specifically incentivising organisational accountability and, second, to provide specific suggestions for what such incentives might be. Importantly, the objective in promoting an approach of incentivising accountability is not to weaken or hinder the powers of data protection authorities […]

The ecosystem for regulating data protection and privacy is changing rapidly, and not just within the EU. For many years CIPL has championed the role of accountable organizations and the merits of a risk-based approach. We now turn to the “plumbing” of the system as a whole and consider how its component parts can best […]