Europe’s digital laws are ambitious. But as GDPR, ePrivacy, DSA, DMA, AI Act and NIS2 converge, organisations and regulators face duplicated reporting, parallel risk assessments and contradictory expectations. CIPL’s Big Ideas for Simplification of Europe’s Digital Rulebook provide twenty-seven targeted proposals to join up Europe’s digital frameworks while maintaining the highest standards of protection. Our […]

Organizational accountability is recognized as a key building block of effective privacy and data protection regulation and compliance. A well-developed, comprehensive accountability framework or program provides organizations with the tools and processes needed to implement relevant legal requirements and standards, as well as internal ethics standards and other internal “best practice” goals. CIPL’s Accountability Framework […]

Earlier this year, the U.S. Congress signaled its intent to take a fresh look at the potential elements of a U.S. federal privacy law. CIPL submitted a detailed comment to the House Committee on Energy and Commerce Data Privacy Working Group on April 7th in response. Following this, we created this summary of our views […]

In this discussion paper, CIPL considers the following key privacy and data protection concepts and explores how they can be effectively applied to the development and deployment of genAI models and systems: Fairness; Collection limitation; Purpose specification; Use limitation; Individual rights; Transparency; Organizational accountability; and Cross-border data transfers. The analysis in this paper builds on […]

The paper, written in partnership with Richard Thomas CBE, raises two fundamental questions for data protection authorities: What should DPAs be doing and prioritizing? How should they be doing it? While these questions are not easy to answer, they are essential to explore. Building on our previous work, including the Regulating for Results Paper (2017) […]

The GDPR has been an important tool for protecting individuals’ privacy and has substantially elevated data protection awareness globally. Its impact can be seen in many data protection laws around the world, as well as in the global privacy compliance and data management programs of many multinational organizations that use the GDPR as their baseline […]

Biometric technologies have emerged as important tools for security, safety, convenience and accessibility. Many of the use cases enabled by biometric technologies are of unquestionable benefit to businesses, individuals, and society, particularly when combined with other emerging technologies such as artificial intelligence, machine learning, and privacy-enhancing technologies. However, certain applications can present challenges and risks […]

This report showcases how 20 leading organizations are developing accountable AI programs and best practices on the ground. Our research shows that organizational accountability is fundamental to the responsible development and deployment of AI. Organizations recognize the need to demonstrate AI accountability as a business imperative, especially as the expectations of consumers, business partners, shareholders, […]

Privacy-enhancing technologies (PETs) and privacy-preserving technologies (PPTs) generally refer to innovations that facilitate the processing and use of data in a way that preserves the privacy of individuals whose data is being used. These technologies not only enhance privacy protections, but also maintain the informational value of data to varying degrees. This White Paper: Provides […]

Drawing on CIPL’s years of experience as a thought leader and our extensive engagement with private sector leaders developing and deploying AI technologies, policymakers, and regulators, CIPL offers in this paper ten recommendations to guide AI policymaking and regulation to enable accountable, responsible, and trustworthy AI. These ten recommendations encapsulate CIPL’s view on a layered […]

This document addresses commonly asked questions about the Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems, which are data transfer mechanisms developed by the Asia-Pacific Economic Cooperation (APEC) member economies. CBPR and PRP operationalize the nine Privacy Principles set forth in the 2005 APEC Privacy Framework. In 2022, several APEC economies established […]

Following the European Data Protection Board’s (EDPB) Stakeholder Workshop on Legitimate Interests on 27 November 2020, CIPL published this white paper as input for the EDPB’s future update of the guidelines on the legitimate interests legal basis. This Paper is also relevant for any jurisdiction where data protection law includes legitimate interests as a legal […]

It is essential that there is consensus and clarity on the precise meaning and application of organisational accountability among all stakeholders, including organisations implementing accountability and data protection authorities (DPAs) overseeing accountability. Without such consensus, organisations will not know what DPAs expect of them and DPAs will not know how to assess organisations’ accountability-based privacy […]

The objectives of this second paper in our Accountability series are, first, to make the case for specifically incentivising organisational accountability and, second, to provide specific suggestions for what such incentives might be. Importantly, the objective in promoting an approach of incentivising accountability is not to weaken or hinder the powers of data protection authorities […]