Regional Engagement

Asia Pacific: Advancing Data Privacy, AI Governance, and Cross-Border Trust

Asia-Pacific Economic Cooperation (APEC)

• CIPL has official observer status in key digital economy working groups and participates regularly in working group activities around the APEC CBPR System (and its transition to the Global CBPR System).
• CIPL participated in the First and Third APEC Senior Officials Meetings in Lima, Peru (March 2024 and August 2024) where we presented our publications on Building Accountable AI Programs and Understanding Privacy-Enhancing and Privacy-Preserving Technologies.

Asia-Pacific Privacy Authorities (APPA) Forum:

• CIPL participated in the APPA meetings and co-hosted with Rakuten an APPA Forum side event in Tokyo, Japan on AI Regulation and Global Privacy Initiatives) (November 2024)

Australia

• CIPL organized a side even during IAPP ANZ with the Australian Privacy Commissioner and other Australian privacy leaders on Navigating Australia’s New Era of Privacy.
• CIPL is planning additional events in the region especially in the context our Children’s Privacy and Safety work.

Hong Kong

• CIPL provided input to the Office of the Privacy Commissioner for Personal Data’s Model Personal Data Protection Framework (published June 2024)

India

• CIPL participated in a Global CBPR Conference in New Delhi, India September 2024 organized by the Indian Government, NASSCOM and the Global CBPR Forum.
• On behalf of the U.S. Department of Commerce, CIPL prepared a comparative analysis of India’s Digital Personal Data Protection Act of 2023 with the Program Requirements of the Global CBPR and Global PRP Systems (finalized July 2024).
• CIPL will help shape constructive implementation of India’s Digital Personal Data Protection Act through events and written interventions (forthcoming 2025).

Indonesia

• On behalf of the U.S. Department of Commerce, CIPL prepared a comparative analysis of Indonesia’s Personal Data Protection Law with the Program Requirements of the Global CBPR and Global PRP Systems (finalized July 2024)

Korea

• CIPL published its Ten Recommendations for Global AI Regulation in Korean and will pursue opportunities to engage with regulators and policymakers on responsible AI policy.
• We published a paper on “The Limitations of Consent as a Legal Basis for Data Processing in the Digital Society” (December 6, 2024).
• CIPL will attend the Global Privacy Assembly in Korea in September 2025 and organize a side event on a relevant topic relating to AI and data policy.

Japan

• CIPL has strong relationships with Japan’s privacy, trade, and information policy bodies and will continue to pursue opportunities for engagement on AI, data protection, and other key topics.
• CIPL responded to the Japan Fair Trade Commission’s Request for Information and Comments Concerning Generative AI and Competition (November 22, 2024).

Singapore

• CIPL convened a side event on the impact of the GDPR and EU Digital Agenda in the Asia-Pacific during Singapore “PDP Week” in coordination with Singapore’s Infocomm Media Development Authority (IMDA) (held July 18, 2024).

Thailand

• On behalf of the U.S. Department of Commerce, CIPL prepared a comparative analysis of Thailand’s Personal Data Protection Act 2019 and related regulations with the Program Requirements of the Global CBPR and Global PRP Systems (finalized July 2024).

Brazil: Championing Responsible AI Regulation

As part of its commitment to advancing effective and ethical AI governance, CIPL is actively collaborating with key stakeholders in Brazil and across Latin America to help shape future-ready AI regulation. Leveraging its global expertise in data protection and policy, CIPL is driving meaningful engagement with policymakers, regulators, and experts on the development of trustworthy, transparent, and practical AI frameworks.

Recent Highlights from CIPL’s AI Engagement in Brazil

• Webinar on Brazil’s Draft AI Legislation (March 2024) – Convened thought leaders to explore the implications and opportunities of the proposed AI law.

• Delegation Visit (March 2024) – Hosted members of Brazil’s Congressional Delegation in Washington, DC for a strategic dialogue on AI and data governance.

• Testimony to the Brazilian Senate (September 2024) – Shared expert recommendations on the draft AI legislation to promote responsible innovation and human-centric AI.

• Presentation to Brazil’s National Council for the Protection of Personal Data and Privacy (CNPD) (December 2024) – Delivered best practices for AI oversight, data protection, and governance to Brazil’s leading data policy advisory body.

Ongoing and Upcoming Initiatives

• Policy Analysis & Stakeholder Engagement – Conducting in-depth analysis of Brazil’s proposed AI legislation, while facilitating multi-stakeholder dialogues through a second AI policy roundtable.

• Local Expertise Expansion – CIPL is onboarding a dedicated Brazil and Latin America AI and data policy consultant to lead on-the-ground engagement over the next two years.

Canada: Driving Thought Leadership on Privacy, Biometrics, Online Safety, and AI Policy

CIPL is actively shaping the future of privacy, AI governance, biometrics regulation, and online safety in Canada through strategic engagement with regulators, industry leaders, and policy experts. With a focus on fostering responsible innovation and trust in digital technologies, CIPL provides thought leadership and actionable insights at the intersection of business, technology, and regulation. Through this work, CIPL continues to support forward-looking privacy and AI policies that foster innovation, trust, and accountability in Canada’s digital ecosystem.

Key Activities and Collaborations in Canada

• Expert Contribution to OPC Biometrics Consultation (February 2024) – Featured speaker at Osler workshop, advancing dialogue on responsible biometric data use.

• AI Policy & Governance Workshop with Osler (June 2024) – Co-hosted a high-level forum exploring regulatory frameworks for trustworthy AI in Canada.

• IAPP Canada Privacy Symposium (June 2024) – Presented on the business value of privacy programs and the role of compliance in corporate strategy.

• Response to OPC Consultation on Age Assurance (September 2024) – Submitted policy recommendations to support effective and privacy-conscious online safety solutions.

• Corporate Engagement with TELUS (October 2024) – Delivered a keynote on privacy and data governance as drivers of responsible and sustainable business.

• Second Workshop on AI and Privacy Governance – Expanding the conversation on practical AI regulation and data ethics in Canada.

What’s Next

• Side Event on AI and Cross-Border Data Flows at G7 DPA Meetings  (2025) – Organizing a targeted policy dialogue during the G7 Data Protection Authorities Summit in Canada.

European Union: Shaping the Future of Innovative Digital Regulation

CIPL is at the forefront of EU digital policy engagement, working closely with regulators, policymakers, and key stakeholders to influence the implementation of major EU digital legislation and contribute to the evolution of Europe’s digital and data governance landscape.

From the EU AI Act and Digital Services Act to the GDPR, Data Act, and emerging proposals, CIPL is helping shape a harmonized, future-proof regulatory environment that balances innovation, accountability, and individual rights.

Key Areas of Focus and Ongoing Engagement

• EU AI Act Implementation Project (launched July 2024) – Supporting practical, risk-based AI compliance and governance frameworks.

• Digital Markets Act Project – Exploring implementation challenges and intersections with other EU digital regulations.

• Privacy in the Cloud Project – Advancing dialogue on lawful data transfers and global cloud infrastructure.

• EU Age-Appropriate Design Code Working Group – Contributing to child-focused digital design standards in the EU.

• Better Internet for Kids (BIK+) Strategy – Active participant in BIK+ Board to promote online safety and well-being for children.

• CIPL–WeProtect Global Alliance Project – Leading a multi-stakeholder initiative on effective, privacy-respecting age assurance.

• EU-US e-Evidence Project – Engaging with the EU e-Evidence Regulation and e-CODEX to strengthen transatlantic legal cooperation.

• Public Consultation Contributions – Regular submissions to the European Commission, EDPB, and other EU institutions.

• Thought Leadership & Events – Presentations at key EU forums including CPDP, Venice Privacy Symposium, and IAPP Conferences.

• Institutional Dialogue – Ongoing policy engagement with EU Data Protection Authorities, Permanent Representations, the European Commission, and European Parliament.

• EU AI Office & GPAI Participation – Involved in Code of Practice Working Groups and international AI policy collaboration.

• Brussels-Based Roundtables & Briefings – Hosting regular expert discussions on pressing EU data and digital policy issues.

Middle East: Fostering Responsible AI and Data Governance

CIPL is actively engaging with regulatory authorities and key institutions across the Middle East to support the development of forward-thinking data protection and AI governance frameworks. Through strategic partnerships and expert input, CIPL is contributing to regional efforts to balance innovation, privacy, and accountability in the digital economy.

Dubai & DIFC: A Hub for Digital Policy Leadership

As part of its growing presence in the region, CIPL collaborates closely with the Dubai International Financial Centre (DIFC)—a leading jurisdiction for digital innovation and regulation in the Gulf.

• Regulation 10 Advisory Committee Participation – A CIPL expert serves on the DIFC Advisory Committee on Processing of Data in Autonomous and Semi-Autonomous Systems, providing insights into emerging AI and data governance models.

• CIPL–DIFC Academy Joint Event (December 2024) – Co-hosted a high-level event on AI, Data Protection, and Innovation, spotlighting regulatory best practices and ethical frameworks for AI deployment.

• #RISK GCC Conference Engagement (December 2024) – Delivered a keynote on “AI Innovation and Data Protection: Building Trust in the Digital Future”, and co-led a session on the role of certification in accountable data governance.

Africa: Expanding Data Privacy and Digital Policy Engagement

CIPL is deepening its presence across Africa to support the development of robust, future-ready data protection and digital governance frameworks. Building on its comparative legal work with the Global CBPR System, we are now actively collaborating with regulators, government agencies, and policy experts across the continent to advance trusted and accountable data ecosystems.

Strengthening Regional Engagement and Collaboration

• Network of African Data Protection Authorities (NADPA) – We organized a side event at the NADPA 2025 meeting in Nigeria to promote cross-border data governance, responsible AI, and capacity building.

Country Highlights

• Egypt – We hosted a high-level delegation from the Egyptian government in Washington, DC (August 2024), delivering a focused briefing on cloud technologies, digital infrastructure, and emerging privacy challenges.

• Nigeria – On behalf of the U.S. Department of Commerce, CIPL conducted a comparative legal analysis of the Nigeria Data Protection Act of 2023 and the Program Requirements of the Global CBPR and PRP Systems (finalized July 2024).

United Kingdom: Supporting an Innovation-Forward Approach

CIPL is actively engaged in the United Kingdom to help shape the future of data protection law, responsible AI regulation, and children’s online safety. Through strategic collaboration with the UK government, organizations, regulators, and civil society, CIPL is contributing to a trusted, innovation-friendly digital environment aligned with global standards.

Our work in the UK is helping to guide the country’s transition into a global leader in ethical AI, data privacy, and online child protection

Recent Activities Include:

• Deep Engagement with the ICO on AI policy including work on lawful basis for web scraping to train generative AI models; Purpose limitation in the generative AI lifecycle and engineering individual rights into generative AI models.

• Advancing child-centric data governance and protections.

• Providing Thought Leadership at UK Conferences:

• Parliamentary Engagement including expert testimony before the House of Lords European Affairs Committee on UK–EU Data Adequacy (April 2024).

• Joining key initiatives such as the DRCF Workplan Roundtable.

United States: Driving Accountable and Interoperable Data and AI Policy

CIPL is actively assisting in the evolution of data protection and AI regulation across the United States—at both federal and state levels—by advancing interoperable, risk-based approaches grounded in organizational accountability. Through continuous engagement with legislators, regulators, and enforcement bodies, CIPL supports the development of policies that enable responsible innovation and enhance individual trust.

Key U.S. Engagements and Strategic Focus Areas:

Federal Engagement

• Ongoing collaboration with U.S. Congress and the Executive Branch on AI policy and comprehensive data protection frameworks.

State-Level Leadership and Regulatory Analysis

• Strategic engagement in key states including California and Colorado.
• Formal response to the CCRC’s proposed employment regulations on automated decision systems (July 2024).
• In-person roundtable on age assurance, with participation from state Attorneys General, consumer protection officials, and legislators (September 2024).

U.S. Privacy and AI Law & Policy Project

CIPL’s flagship initiative analyzing emerging trends and regulatory requirements, including:

• Automated Decisionmaking (ADM) & State AI Regulations (May 2024)
• Comparative Analysis of State Data Protection Assessment Laws (Feb 2024)
• Data Minimization in State & Proposed Federal Laws (Aug 2024)
• Landscape of U.S. Age Assurance & Verification Laws (Sept 2024)

Attorney General Engagement

• Led discussions on enforcement and evolving privacy law at the Attorney General Alliance Cybersecurity & Data Privacy Working Group (Nov 2024).
• Hosted Assistant AGs from California and Texas at CIPL’s age assurance roundtable (Sept 2024).

Transatlantic Policy Dialogue

• Co-hosted a roundtable with the EU Delegation to the U.S. on global approaches to age assurance and online verification.

Regular Member Roundtables

• Convening CIPL members for strategic discussions on U.S. state and federal privacy law and AI policy developments.