About the IAPP

Müge Fazlioglu, CIPP/E, CIPP/US

IAPP

Senior Westin Research Fellow

muge@iapp.org

Müge Fazlioglu completed her Ph.D. in Law and Social Science at the Maurer School of Law at Indiana University, Bloomington. She was a graduate research fellow at the Center for Applied Cybersecurity Research and at the Center for Law, Ethics and Applied Research, and served as a teaching assistant for the course Legal Research and Writing.



Her main research interests are in privacy, data protection, communications law, risk management and the socio-cultural dimensions of information technology use. She is particularly interested in interdisciplinary and comparative research into the individual-level factors that affect data protection and privacy attitudes and behaviors. Her doctoral dissertation examines the risk-based approach to privacy and data protection and the role of information sensitivity within risk management in the European Union and the United States.



Her research has been published in International Data Privacy Law and presented at various conferences, including the International Communication Association and the Amsterdam Privacy Conference. She also holds an LL.M. in European Law from Stockholm University in Sweden and an LL.B. from Marmara University in her home country, Turkey.

Contributions by Müge Fazlioglu

• Notes from the IAPP, Sept. 4, 2020
  United States Privacy Digest
• Legal remedies to US surveillance after 'Schrems II'
  Privacy Perspectives
• Notes from the IAPP, July 31, 2020
  United States Privacy Digest
• The value of privacy research: The view from FTC’s PrivacyCon2020
  The Privacy Advisor
• Using SCCs post-'Schrems II': Guidance from DPAs
  Westin Research Center
• Privacy and racial justice: Regulating facial recognition technology
  Privacy Tracker
• Notes from the IAPP, June 19, 2020
  United States Privacy Digest
• White Paper — 'Privacy Risks to Individuals in the Wake of COVID-19'
  
• Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
  
• Deja vu? The politics of privacy legislation during COVID-19
  Westin Research Center
• Notes from the IAPP, May 8, 2020
  United States Privacy Digest
• Republican senators to introduce the COVID-19 Consumer Data Protection Act
  Privacy Tracker
• Sharing COVID-19 data with government authorities: Guidance from DPAs
  Westin Research Center
• How is COVID-19 affecting privacy programs? A call for research action
  Westin Research Center
• White Paper – COPRA and CDPA: Similarities, Gray Areas and Differences
  
• Tracking the politics of US privacy legislation
  Westin Research Center
• Notes from the IAPP, Dec. 13, 2019
  United States Privacy Digest
• Notes from the IAPP, Nov. 1, 2019
  United States Privacy Digest
• Book review: 'Nobody's Victim: Fighting Psychos, Stalkers, Pervs, and Trolls'
  The Privacy Advisor
• GDPR in the eyes of the member states
  Westin Research Center
• Notes from the IAPP, Oct. 11, 2019
  United States Privacy Digest
• CJEU clarifies cookie consent requirements
  Westin Research Center
• Notes from the IAPP, Sept. 6, 2019
  United States Privacy Digest
• Notes from the IAPP, August 9, 2019
  United States Privacy Digest
• The GDPR, one year on: What about ePrivacy?
  Women Leading Privacy
• Notes from the IAPP, May 24, 2019
  United States Privacy Digest
• Privacy pros’ salaries rise, yet pay gaps by gender persist
  Women Leading Privacy
• Notes from the IAPP, March 8, 2019
  United States Privacy Digest
• Timelines and budgets for GDPR compliance: A meta-analysis
  Author
• White Paper – Timelines and budgets for GDPR compliance: A meta-analysis
  
• Creating meaningful data protection out of US privacy proposals
  Westin Research Center
• Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
  Author
• White Paper – Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
  
• Web Conference: Establishing Priorities — Privacy Risk Management Based on Research Results
  
• An Introduction to the California Consumer Privacy Act
  Speaker at IAPP Europe Data Protection Congress 2018
• Top 10 Operational Responses to the GDPR
  Author
• What's subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities
  The Privacy Advisor
• Can Austria align 'diverging views' with proposed ePrivacy amendments?
  Privacy Tracker
• Top 5 Operational Impacts of the CCPA: Part 4 — Rights of erasure, objection to sale, and nondiscrimination
  The Privacy Advisor
• Recap: Webinar looks at the exceptional nature of privacy harm
  The Privacy Advisor
• Web Conference: Understanding Harms in Privacy and Data Protection
  
• What FTC Enforcement Actions Teach Us About the Makings of Reasonable Privacy and Data Security Practices: A Follow-Up Study
  Westin Research Center
• Update: Examining the Bulgarian presidency’s latest draft of the ePrivacy Regulation
  Privacy Tracker
• White Paper – What the GDPR Requires of and Leaves to the Member States
  
• What’s new in WP29's final guidelines on transparency?
  Westin Research Center
• Regulating for Results: Effective Use of Both Carrot and Stick
  Speaker at Global Privacy Summit 2018
• Top 10 Operational Responses to the GDPR - Part 10: Communicating with supervisory authorities
  Westin Research Center
• Top 10 Operational Responses to the GDPR - Part 7: Accommodating data subjects’ rights
  Westin Research Center
• Top 10 Operational Responses to the GDPR – Part 4: Data protection impact assessments and data protection by default and by design
  Westin Research Center
• White Paper – How DPA Budget and Staffing Levels Mirror National Differences in GDP and Population
  
• The top five contested issues in the EU’s developing ePrivacy Regulation
  Westin Research Center
• Transparency and the GDPR: Practical guidance and interpretive assistance from the Article 29 Working Party
  Westin Research Center
• Analyzing changes in DPA Income and Staff, from 2011 to 2016
  Westin Research Center
• What WP29 requires for Privacy Shield and when they want it
  Westin Research Center
• Privacy regulators and their many hats
  Westin Research Center
• The Year in U.S. Privacy
  Speaker at IAPP Europe Data Protection Congress 2017
• WP29 releases draft breach notification guidelines
  Westin Research Center
• Takeaways from the first review of the EU-U.S. Privacy Shield
  Westin Research Center
• What’s new in the WP29 guidelines on DPIAs?
  Westin Research Center
• Schrems redux: Now what?
  Westin Research Center