CIPL Quarterly Reports
Message from President Bojana Bellamy
I hope that you are all well and keeping your head above water amidst an ever-expanding sea of developments and challenges in data privacy. As we continue to work digitally, I would like to highlight some of the key areas of work and priorities for CIPL.
We’ve recently drafted a concept paper proposing the novel idea of a multistate interoperable certification in the US. This certification would not only help organizations comply with an ever-increasing number of state privacy requirements, but also improve consumer trust, increase organizational accountability, and bolster states’ limited resources to enforce their privacy requirements. We’ve formed a CIPL-member working group to advance this concept, and will be seeking to engage with relevant state and federal government authorities and state Attorney Generals on this concept.
In Asia, we’ve issued a joint report with the Data Security Council of India (DSCI) on enabling accountable data transfers from India to the US under India's proposed personal data protection bill. We also held a very successful roundtable with DSCI and Indian government representatives in September to discuss our paper and next steps.
Additionally, we’ve launched a series of roundtables with The University of Hong Kong aimed at the Asia-Pacific privacy community, and the first took place on September 10th on “Unleashing the power of data during the pandemic and beyond - How industry can use its data for good”. The idea of this series is to discuss how the world has changed due to COVID-19 and explore what the changes mean for data protection going forward.
In Europe, we’ve been involved deeply in the aftermath of the Schrems II decision, and we’ve issued a paper on “A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision”. We shared this paper with members of the EU Commission, EDPB, EDPS as well as all of our global DPA contacts in advance of the roundtable we held on the topic on October 22. Separately, the EDPB issued guidance on the concepts of controller and processor under the GDPR, and we’ve submitted our response to that as well. We’re also continuing our EU AI project, and spoke with members to align on our next steps. While we continue to work with the EU Commission, we’ve also begun focusing more on engagement with the EU Council and EU Parliament to identify new issues and draw attention to CIPL’s work before the new parliamentary committee shares their upcoming report on proposed AI regulation in the EU. We’re also continuing to follow and be involved with the EU Commission’s data sharing efforts, and have already responded to their consultation on a European Data Strategy. Because the EU AI regulation and data sharing are two of the EU Commission’s highest priorities, we will continue to prioritize these work streams in 2021. In the UK, CIPL has engaged with the UK Department for Digital, Culture, Media & Sport (DCMS) through a pair of roundtables on international data flows and data protection after Brexit.
In Brazil, we’ve issued a very practical, compliance-oriented paper on top priorities for organizations to effectively implement Brazil’s new data protection law. This paper includes a roadmap for compliance, which also applies to other nascent data protection laws. Following the publication of our paper, we organized a webinar and roundtable with both OneTrust and our Brazil project partner CEDIS-IDP to help organizations explore the issues surrounding implementing Brazil’s data protection law in more detail.
I encourage you to read the details of CIPL’s ongoing work in the report below, and I wish you and your loved ones all the best.
Highlights from the July - September 2020 Quarterly Report include: