In the United States, CIPL plays a leading role in shaping effective and forward-looking approaches to data privacy and artificial intelligence (AI) regulation. Our work spans both state-level initiatives and federal policy developments, with a focus on fostering a legal and regulatory environment that promotes the responsible, ethical, and innovative use of data and AI technologies.
At the core of CIPL’s U.S. policy efforts is the principle of organizational accountability—encouraging companies and institutions to build strong internal governance frameworks that ensure privacy, fairness, and security in data-driven practices. We advocate for regulatory models that support risk-based, outcome-focused approaches, enabling both robust privacy protections and continued technological advancement.
In the U.S., CIPL is working to shape approaches to data privacy and AI regulation across the states and federal government, with a focus on fostering approaches that enable beneficial and safe use of data and that are grounded in organizational accountability and interoperability across jurisdictions. Since 2019, we have worked to become a trusted partner in building a U.S. privacy and AI regulatory landscape that both protects individuals and enables organizations to thrive in a data-driven economy.
2019
We published the white paper Ten Principles for a Revised U.S. Privacy Framework, arguing that any federal privacy law must balance consumer protection with innovation. Our principles emphasize the need for organizations to implement comprehensive privacy programs and demonstrate accountability, while embracing tools that can enhance technological innovation.
2020
Our paper What Does the USMCA Mean for a U.S. Federal Privacy Law? analyzed the implications of the United States-Mexico-Canada Agreement (USMCA) on U.S. privacy legislation.
2022
Our 2022 U.S. Privacy Project Plan, outlined our objectives to enhance engagement at the federal level, build on existing relationships with U.S. government agencies and legislative staff, and contribute to the development of comprehensive, accountability-based and innovation-first federal privacy legislation.
2024
Our white paper Automated Decisionmaking and Profiling (ADM) Requirements in U.S. State Privacy Laws, and Current State of Play in State AI Regulations analyzed the landscape of ADM and AI regulations across U.S. states
Our policy note titled Suggested Enhancements to ‘Commission-Approved Compliance Guidelines’ in the American Privacy Rights Act was published, offering recommendations to improve compliance mechanisms within proposed federal privacy legislation.
Our white paper Data Minimization in the United States’ Emerging Privacy Landscape: Comparative Analysis and Exploration of Potential Effects examined data minimization practices in the context of U.S. privacy laws.
2025
We have continued our work with Attorneys General across the U.S. on approaches to data privacy enforcement.
CIPL’s U.S. Policy Project prioritizes several key areas, including:
Advancing Comprehensive and Coherent Privacy Legislation
-
Supporting the development of federal privacy legislation that harmonizes the patchwork of state laws and provides clarity for organizations and individuals.
-
Advocating for laws grounded in accountability, risk-based approaches, and practical, outcome-focused standards.
-
Providing expert input and policy recommendations to lawmakers and regulatory agencies.
-
Working with stakeholders across sectors to align privacy frameworks with business realities and innovation needs.
Driving Thought Leadership and Multistakeholder Collaboration
-
Convening industry, government, and civil society through roundtables, workshops, and expert forums to shape privacy and AI policy.
-
Promoting thought leadership on data stewardship, ethical AI deployment, and accountability-based governance models.
-
Providing practical tools and frameworks to help organizations implement responsible data and AI practices.
-
Serving as a trusted voice in public debates and regulatory consultations on the future of privacy and AI in the U.S.
Collaborating on State-Level Privacy and AI Innovation
-
Encouraging policy approaches that promote innovation, protect individuals, and create clarity for organizations operating across jurisdictions.
-
Highlighting the value of accountability-based governance models that enable responsible and ethical use of data and AI technologies.
-
Sharing insights, case studies, and best practices to inform smart, adaptable legislation that keeps pace with technological change.
Comparison of US State Privacy Laws: Defining Covered and Sensitive Data
This paper examines how different state laws define personal information and “sensitive data” – foundational concepts that determine the scope of compliance obligations, regulatory triggers, and individual rights – as the landscape of U.S. privacy regulations continues to evolve in the absence of a federal privacy framework. The paper specifically analyzes common approaches and key […]
CIPL Response to the Proposed Rules for the New Jersey Data Privacy Act
