About the IAPP

Müge Fazlioglu, CIPP/E, CIPP/US

IAPP

Principal Researcher, Privacy Law and Policy

Müge Fazlioglu’s research at the IAPP covers legislative processes, EU-U.S. comparative legal analyses, and individual privacy concerns. She writes about U.S. federal and state privacy legislation, analyzes EU developments in data protection, and explores the intricacies of data subject rights. 

Prior to joining the IAPP, she was a Research Fellow at the Center for Applied Cybersecurity Research and the Center for Law, Ethics and Applied Research in Health Information at Indiana University. She completed her Ph.D. in Law and Social Science, specializing in information privacy law and policy at the Maurer School of Law at Indiana University, Bloomington. Her doctoral dissertation examined the risk-based approach to privacy and data protection and the role of information sensitivity within risk management in the European Union and the United States. She also holds LL.M. in European Law from Stockholm University and an LL.B. from Marmara University. 

Her research into privacy law has been published in International Data Privacy Law and the Fordham Urban Law Journal, and she recently wrote a chapter on EU and the U.S. privacy and data protection law and policies for the book “Data Protection Around the World,” published by Springer. Her privacy research has been cited in various media and reports by institutions including the European Parliament, Congressional Research Service, and the United Nations, amongst others. 

Contributions by Müge Fazlioglu

• Futureproofing Privacy for Gen Alpha/Beta: Trends in U.S. Law and Policymaking
  Speaker at IAPP Global Privacy Summit 2025
• US Data Privacy Litigation: Biometrics and consumer health data litigation
  Westin Research Center
• US Data Privacy Litigation
  
• Synthesizing US state privacy law: Cross-cutting compliance strategies for 2025
  Web Conference Speaker
• 10 Tips for Global Compliance with Privacy and Data Protection Laws
  Westin Research Center
• EU AI Act Compliance Matrix
  
• US State Comprehensive Privacy Laws Report – Overview
  Westin Research Center
• US State Comprehensive Privacy Laws Report
  Westin Research Center
• US Federal Privacy Legislation Tracker
  Westin Research Center
• EU AI Act compliance: How can a privacy program give a head-start?
  Web Conference Speaker
• Global AI Governance Law and Policy: US
  Westin Research Center
• Consumer Perspectives of Privacy and Artificial Intelligence
  
• US federal AI governance: Laws, policies and strategies
  Westin Research Center
• Training AI on personal data scraped from the web
  
• Bipartisan consensus in US privacy lawmaking
  The Privacy Advisor
• Countries At-a-Glance: Privacy and Consumer Trust
  
• Contentious areas in the EU AI Act trilogues
  
• U.S. privacy legislation in 2023: Something old, something new?
  Westin Research Center
• The Snowden disclosures, 10 years on
  The Privacy Advisor
• At-a-Glance: Privacy and Consumer Trust in Australia
  
• At-a-Glance: Privacy and Consumer Trust
  
• Perfecting Privacy: How To Increase Consumer Trust in the Golden Age of Data
  Moderator at IAPP Global Privacy Summit 2023
• Filling the void? The 2023 state privacy laws and consumer health data
  Westin Research Center
• IAPP Privacy and Consumer Trust Report – Executive Summary
  Westin Research Center
• Most consumers want data privacy and will act to defend it
  Westin Research Center
• IAPP Privacy and Consumer Trust Report
  Westin Research Center
• Refresher: The GDPR's Six Legal Bases for Data Processing
  
• Member of Privacy Bar Section Advisory Board 2022 - 2050
• Distilling the essence of the American Data Privacy and Protection Act discussion draft
  Westin Research Center
• Negotiating privacy: Bipartisan agreement on US privacy rights in the 117th Congress
  Westin Research Center
• The origins and purpose of Data Protection/Privacy Day
  Westin Research Center
• Benchmarking Complex Global Privacy Operations: The IAPP/EY Governance Report
  Web Conference Speaker
• Privacy for the holidays
  Westin Research Center
• Enhancing protections for children's data
  Westin Research Center
• Notes from the IAPP, Oct. 8, 2021
  United States Privacy Digest
• Privacy bills in the 117th Congress
  Westin Research Center
• Notes from the IAPP, August 20, 2021
  United States Privacy Digest
• Notes from the IAPP, July 9, 2021
  United States Privacy Digest
• ePrivacy Regulation — Q&A on select topics
  Westin Research Center
• Notes from the IAPP, April 16, 2021
  United States Privacy Digest
• The first but not last comprehensive US privacy bill of 2021
  Westin Research Center
• Notes from the IAPP, March 5, 2021
  United States Privacy Digest
• Next-gen privacy: Examining the EU’s ePrivacy Regulation
  Westin Research Center
• Top-10 operational impacts of the CPRA: Part 8 — Rights to delete, no retaliation and children’s privacy
  Westin Research Center
• Top-10 operational impacts of the CPRA: Part 7 — Responding to consumers' requests to know
  Westin Research Center
• Notes from the IAPP, Jan. 22, 2021
  United States Privacy Digest
• 2020 IAPP 'Data Governance Report' Review
  Web Conference Speaker
• Privacy in the Wake of COVID-19
  Westin Research Center
• Notes from the IAPP, Nov. 13, 2020
  United States Privacy Digest
• Top-5 operational impacts of Brazil's LGPD: Part 2 — Security, secrecy of data, good practice and governance
  Westin Research Center
• Consolidating US privacy legislation: The SAFE DATA Act
  Westin Research Center
• Notes from the IAPP, Sept. 4, 2020
  United States Privacy Digest
• Legal remedies to US surveillance after 'Schrems II'
  Westin Research Center
• Notes from the IAPP, July 31, 2020
  United States Privacy Digest
• The value of privacy research: The view from FTC’s PrivacyCon2020
  Westin Research Center
• Using SCCs post-'Schrems II': Guidance from DPAs
  Westin Research Center
• Privacy and racial justice: Regulating facial recognition technology
  Westin Research Center
• Privacy in the Wake of COVID-19: Current and Future Impacts
  Web Conference Speaker
• Notes from the IAPP, June 19, 2020
  United States Privacy Digest
• Privacy Risks to Individuals in the Wake of COVID-19
  Westin Research Center
• Deja vu? The politics of privacy legislation during COVID-19
  Westin Research Center
• Notes from the IAPP, May 8, 2020
  United States Privacy Digest
• Republican senators to introduce the COVID-19 Consumer Data Protection Act
  Westin Research Center