Centre for Information Policy Leadership (CIPL)

Is your team prepared for the compliance challenges posed by the EU AI Act? Our EU AI Act Implementation Project is designed to ensure that organizations are not only compliant with the Act, but can excel in the emerging regulatory environment. Through close engagement with leading experts from the academic, technology, research and business communities, the project will address key questions raised by the Act, explore best practices and develop risk-based and forward-thinking practical solutions. To find out more, register your interest in the project here: https://lnkd.in/eUZCQjU2 * We are asking CIPL members and non-members that want to actively participate in this project to crowd source to cover the costs of the workshops, roundtables and academics' involvement. #AIAct #EU #artificialintelligence

In an op-ed published in Tech Policy Press CIPL President Bojana Bellamy and Director of the Center of Human Rights and Humanitarian Law at the American University Washington College of Law, Eduardo Bertoni assess the existing legal landscape and dive into recommendations for policy and lawmakers in the fast-moving world of neurodata and neurotechnology. Plato observed that "when the mind is thinking, it is talking to itself." This statement is increasingly incorrect—these days, the brain is talking to itself and to anyone who may be listening. Advances in neurotechnology and artificial intelligence (AI) systems show just how imminent mind-reading technology is. Developments in the fields of neurotechnology and AI have spurred widespread interest from civil, public, and private sector stakeholders in the legal and ethical frameworks that might govern these technologies. Most countries in the world have adopted data protection laws governing the use of personal data (with the notable exception of the United States). It appears that many of the requirements set forth in these laws will apply to any personal data collected by consumer neurotechnology products and services. Yet, it will be important to assess how data protection laws will practically apply to neurodata and to consider if data protection rights are sufficient to protect against the potential risks and harms of neurotechnology, or if new rights to specifically address neurodata are needed. Read the full article for a detailed analysis of these developments here: https://lnkd.in/d6VVk8RA #neurodata #oped #data #neuro

#ICYMI As data minimization laws continue to proliferate across the United States, it can be challenging for compliance teams to keep track of which provisions are required by each state law. To assist organizations operating within this complex environment, CIPL has put together a guide to which permissible purposes apply to the 20 state privacy laws with provisions relating to data minimization. This guide is based on research from our paper 'Data Minimization in the United States' Emerging Privacy Landscape: Comparative Analysis and Exploration of Potential Effects', which you can download here: https://lnkd.in/emnCHK_E #dataminimization #data #usa #compliance

We are #hiring! CIPL is looking for a Privacy and Digital Policy Analyst to join our team in Washington DC. Are you a public policy professional with a keen interest in tech trends, data privacy and all things digital law? CIPL would love to hear from you about joining our growing team! We are looking for someone to: - Work closely with CIPL's leadership and team members to develop strategies and implement project plans to advance our global policy agenda on a wide range of privacy, data and digital policy issues. - Help to develop specific policy positions by working with CIPL leadership and member companies. - Monitor policy trends and summarize findings to CIPL staff and members - Help to maintain CIPL's reputation as recognized experts and policy thought leaders - Drafting regulatory comments, white papers, issue briefs and articles - And much more To find out more about this exciting role and how you can apply to join CIPL's team, click here: https://lnkd.in/ecQZzM_7 #job #hiring #policyrole

#ICYMI - CIPL Paper on Age Assurance & Age Verification Laws in the United States Legislation requiring the use of age assurance or age verification measures to promote safe online experiences for children and young people is gaining traction in the United States. At the time of publishing, 21 states have enacted laws with age assurance provisions, but there remains little agreement among states regarding the methods or tools to employ when verifying the age of online users. We are excited to announce a new paper which identified technical, practical and legal challenges affecting stakeholders in the age verification space and society more broadly. The paper serves as a starting point for understanding the challenges and exploring the opportunities to address the privacy and safety concerns at stake. See the full paper below 👇 Download a copy here: https://lnkd.in/etjesFyV #ageassurance #children #dataprivacy #research

Tomorrow CIPL Privacy and Data Policy Manager Laila Abdelaziz will be joining a panel on 'Technology and Human Rights' at the American University Washington College of Law alongside expert panelists Nathan White (Meta), Verónica Arroyo (University of Toronto), Diego Borbón (Universidad Externado de Colombia), and Eduardo Bertoni (Center for Human Rights and Humanitarian Law, American University Washington College of Law). The discussion will focus around the impact of neurotechnologies in human rights. You can register for the discussion by scanning the QR code in the image below 👇 We are looking forward to the discussion! #neurotech #data #humanrights #tech

Today, at the keynote address on ‘Best Practices for AI Governance’ at GRC World Forums' #RISK event in London, CIPL President Bojana Bellamy highlighted that while we are indeed living through an AI-powered Fourth Industrial Revolution, we are also living in the age of accountability and increased corporate digital responsibility. Vitally, we cannot reap the benefits of AI without implementing accountability and best practices in AI governance, development, and implementation. Some key points from Bojana made include: - In this new digital era, accountability isn't just a legal, nor ethical responsibility, nor can it be seen as only a box-tick compliance exercise. Digital accountability is good for business and provides a compass for unchartered waters of digital transformation. By embedding accountability into the DNA of an organization, we unlock wider and more responsible data use, and build trust. Leading companies, their C-Suites and Boards are starting to make this shift. - Risk management is a key element of accountability. Risks must be considered holistically, including impacts and benefits to people and society. In using data and AI, companies and public sector organisations need to strike the balance between privacy and other fundamental rights and interests. AI brings the need for this balancing act in sharp focus. - The Draghi report sends a strong message - over-regulation and inconsistent implementation can slow digital transformation and hurt competitiveness. Equally, forward-thinking, outcomes-based and smart regulation, coupled with organizational accountability can also empower us to use AI responsibly and effectively. - CIPL has identified key tensions between data protection principles and AI technologies, that are leading to an inflection point in Europe in particular. These must be resolved by regulators being ready to re-interpret and evolve the data protection principles to be fit for AI and by organisations being ready to implement accountable AI best practices when developing and using AI. There simply is no other option available - the answer cannot be that GDPR stops the AI in Europe! - CIPL’s Accountable AI Report provides a catalogue of what organisations are doing on the ground to build, implement and monitor accountable AI governance programs. These programs must be risk-based and evolve with the technology. - We must encourage the building of multidisciplinary teams and oversight structures that can constructively collaborate and escalate decision making to ensure that the real benefits of AI can be felt not only by the organisations deploying this technology, but by society more broadly. We hope all who attended enjoyed the discussion! #GRC #AI #artificialintelligence

Today, CIPL hosted a roundtable discussion titled “From Barriers to Bridges: Cloud Computing in Support of Privacy and Security,” centred around the themes from our latest paper of the same name. The event brought together industry leaders, policymakers, and academics to explore the evolving landscape of data protection in the context of cloud computing, the impact of cloud technologies on our digital economies, and the need to eliminate existing barriers to fully realise the benefits of cloud computing. Our dialogue on these critical issues will continue at the upcoming Global Privacy Assembly in Jersey, where CIPL will host an official side event titled “The Silver Lining: Cloud Computing as a Building Block for Digital Transformation and AI,” scheduled for Wednesday, 30 October 2024, from 14:30 to 16:30 BST. We look forward to deepening our engagement on how cloud technologies can continue driving innovation and serve as a building block for AI and other emerging technologies, while at the same time upholding robust data privacy and security standards. Thank you to all who attended today for sharing your insights! #cloud #data #security #event Natascha Gerlach CIPP/E Lukas Adomavicius Theodore Christakis Ilias Chantzos Nathaly Rey María Álvarez Caro, Lorelien Hoet Marco Moragón Laura Balke Anna Lauridsen Zoltan Precsenyi Michael Skinner Dal Singh Sofía Trénor Michelena Aliki Foinikopoulou

Our latest paper ‘Getting the Best Outcomes: Pathways for Data Protection and Privacy Authorities’ outlines a myriad of regulatory approaches to data protection and explores the benefits and challenges associated with each.   One of the more recently developed regulatory frameworks we focus on is the outcome-based co-operative regulation (OBCR) model.   The OBCR model’s key elements include:   1. Clarity about the purpose(s) of the regulatory system as a whole and the outcomes that are desired – or not desired. 2. Evidence to establish whether/how outcomes are being achieved. 3. Engagement between all stakeholders at both design and operational levels. 4. Trust between stakeholders. 5. Agreement on the appropriate institutional arrangements. You can find out more about outcome-based regulation (otherwise known as OBCR) in our short guide below 👇   Download the paper here for our full analysis: https://lnkd.in/eyrzyu3n   #regulation #outcomes #research #data

NEW FROM CIPL 📢 Getting the Best Outcomes: Pathways for Data Protection and Privacy Authorities We are excited to announce our latest white paper, written in partnership with Richard Thomas CBE. The paper raises two fundamental questions for data protection authorities: - What should DPAs be doing and prioritising? - How should they be doing it? While these questions are not easy to answer, they are essential to explore. Building on our previous work, including the Regulating for Results Paper (2017) and the closed session during the Global Privacy Assembly in Istanbul, in this paper we set out ways for DPAs to maximise their effectiveness as regulatory bodies in a time of growing demand for their time and expertise. Our recommendations draw on experience in other sectors of regulation and on evidence as to what does – and does not – work. We offer pathways to effectiveness in hopes of stimulating discussion around how to achieve the best regulatory outcomes at a time of profound digital industrial revolution. You can download the paper here: https://lnkd.in/eYgSTytf And see the full paper below 👇 #regulation #outcomes #research #dataprotection