About the IAPP

Cobun Zweifel-Keegan, CIPP/US, CIPM

IAPP

Managing Director, D.C.

Cobun Zweifel-Keegan is the Managing Director of IAPP, Washington, D.C. Through this role, Cobun works to integrate the diverse voices of privacy professionals into the evolving tech policy conversation, engaging with business representatives, civil society, congressional leaders, and federal government stakeholders.

Prior to returning to IAPP, Cobun served as Deputy Director of Privacy Initiatives at BBB National Programs, where he advised independent mechanisms that bring accountability and transparency to business privacy practices through voluntary—but enforceable—frameworks like Privacy Shield and the Cross-Border Privacy Rules. Through this work, Cobun also facilitated the development of new programs to clarify best practices in emerging areas such as youth privacy and artificial intelligence.

Cobun first worked at IAPP as a Westin Research Fellow, focusing his research on the global spread of uniform data privacy norms with the advent of the privacy profession. On this topic, in collaboration with IAPP President and CEO J. Trevor Hughes, Cobun published a chapter in the Cambridge Handbook of Consumer Privacy, “Enter the professionals: organizational privacy in the digital age.”

Cobun is a graduate of the University of Colorado School of Law where he served as Executive Editor of the Colorado Technology Law Journal. While in law school, Cobun sought a broad range of privacy and communications law perspectives, interning at Hogan Lovells, the Federal Trade Commission, the Colorado Technology Association, and AT&T.

Named after a creek in West Virginia, Cobun became fascinated with privacy when he realized his unique name made his online presence easily trackable. He earned his undergraduate degree in psychology at Colorado College. This background in social science further inspired his interest in the design of mechanisms that spread privacy norms.

Contributions by Cobun Zweifel-Keegan

• A view from DC: The FTC says ‘Let It Go,’ don’t hold that data anymore
  United States Privacy Digest
• A view from DC: Sectoral privacy updates spread with strengthened student standards
  United States Privacy Digest
• A View from DC: The FTC says, if it can be biometric data, it already is
  United States Privacy Digest
• A view from DC: A red wave of state privacy laws
  United States Privacy Digest
• A view from DC: Die Another Day: FTC v. Kochava
  United States Privacy Digest
• A view from DC: We need zero trust for privacy and AI
  United States Privacy Digest
• How should mobile apps prepare for California's privacy scrutiny?
  Westin Research Center
• A view from DC: Connecting the dots: The Global CBPR Forum grows
  United States Privacy Digest
• A View from DC: HHS takes action on reproductive privacy
  United States Privacy Digest
• Web Scraping: Understanding Compliance Risks and Hidden Costs
  Moderator at IAPP Global Privacy Summit 2023
• Oh, the Places We Might Go: US Privacy Law and Regulation
  Speaker at IAPP Global Privacy Summit 2023
• A view from DC: Should ChatGPT slow down?
  United States Government
• A view from DC: A recap of the TikTok hearing
  United States Privacy Digest
• US Institutions Privacy Stakeholder Map
  
• A view from DC: Data deletion and the threat of ‘heinous crimes’
  United States Privacy Digest
• A view from DC: Scandalous locations and ‘the privacies of life’
  United States Privacy Digest
• A view from DC: In Utah, ‘parent over shoulder’ will be the new normal
  United States Privacy Digest
• A view from DC: Can scraping challenges help limit the idea of public data?
  United States Privacy Digest
• A view from DC: Crisis and compromise
  United States Privacy Digest
• A healthy dose of consent: Takeaways from the FTC’s GoodRx case
  The Privacy Advisor
• A view from DC: If you can’t beat social media, ban it?
  United States Privacy Digest
• A view from DC: From consumer protection to innovation and data
  United States Privacy Digest
• A view from DC: Equal data protection and the NTIA
  United States Privacy Digest
• A view from DC: All the President’s tech policy
  United States Privacy Digest
• A view from DC: Multilateralism is not dead
  United States Privacy Digest
• Takeaways from Epic Games settlement: Teen privacy arrives at the FTC
  The Privacy Advisor
• A view from DC: Elon Musk’s privacy lessons
  United States Privacy Digest
• Text comparison of principles for commercial transfers: From Privacy Shield to DPF
  
• A view from DC: Privacy compromise: As seen on TV
  United States Privacy Digest
• A view from DC: 3 out of 5 attorneys general prefer data minimization
  United States Privacy Digest
• A view from DC: Lame ducks and safe kids
  United States Privacy Digest
• Perspectives on the Latest US Privacy Developments
  Moderator at IAPP Europe Data Protection Congress 2022
• A view from DC: Uncertainty reigns
  United States Privacy Digest
• A view from DC: The school of hard notices
  United States Privacy Digest
• A View from DC: The undiscovered country
  United States Privacy Digest
• Youth Privacy: Lessons from gaming and beyond
  Speaker at Virtual Washington D.C. KnowledgeNet: October 27, 2022
• Maximize your minimization and other takeaways from the FTC’s Drizly case
  The Privacy Advisor
• A view from DC: Privacy gets inclusive
  United States Privacy Digest
• The Day After Tomorrow: What’s Next for U.S. Consumer Privacy?
  Moderator at IAPP Privacy. Security. Risk. 2022
• White Paper – Building the next generation of security and privacy professionals
  
• The future of youth privacy is here
  The Privacy Advisor
• A view from DC: Is purpose-built privacy possible?
  United States Privacy Digest
• A view from DC: What color are your patterns?
  United States Privacy Digest
• Scope of the draft American Data Privacy and Protection Act
  Privacy Bar Section
• A view from DC: The FTC eagerly awaits your comments
  United States Privacy Digest
• A view from DC: September brainstorms bring April panels
  United States Privacy Digest
• A view from DC: 'Dear Speaker Pelosi'
  United States Privacy Digest
• A view from DC: The Kochava Gambit
  United States Privacy Digest
• A view from DC: Is everything commercial surveillance?
  United States Privacy Digest
• A view from DC: Does privacy care about truth?
  United States Privacy Digest
• A view from DC: The US privacy trolley problem
  United States Privacy Digest
• A view from DC: Is that a mirage or a real-life bipartisan privacy compromise?
  United States Privacy Digest
• A view from DC: Don’t say anonymous unless you really mean it
  United States Privacy Digest
• A view from DC: Considering what is defined as genetic data
  United States Privacy Digest
• A view from DC: Reflections on federal privacy legislation, the Dobbs ruling, FTC rulemaking and more
  United States Privacy Digest
• A view from DC: A look at the updated American Data Protection and Privacy Act
  United States Privacy Digest
• Heard around DC — Reflection on the draft federal privacy legislation
  United States Privacy Digest
• Understanding the scope of the draft American Data Privacy and Protection Act
  The Privacy Advisor
• Heard around DC — Reflections on a potential US data privacy law
  United States Privacy Digest
• Heard around DC — The latest on federal privacy legislation, FTC activity
  United States Privacy Digest
• Heard around DC — FTC on edtech, federal legislation, biometrics and more
  United States Privacy Digest
• A view from DC: Roundup & reflections for May 13, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for May 6, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for April 29, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 22, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 14, 2022
  United States Privacy Digest
• Mapping a Path to Career Success in Privacy: Former IAPP Westin Fellow’s Insight
  Speaker at IAPP Global Privacy Summit 2022
• Heard Around DC — Roundup and reflections for April 8, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 1, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for March 25, 2022
  United States Privacy Digest
• Hidden privacy lessons in the FTC’s CafePress security enforcement
  The Privacy Advisor
• Heard around DC — Roundup and reflections for March 14, 2022
  United States Privacy Digest
• A globalized CBPR framework: Peering into the future of data transfers
  The Privacy Advisor
• Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond
  Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond
• Deal or No Deal: How Brexit Could Affect Data Adequacy
  Web Conference Speaker
• How independent dispute resolution fosters the exercise of data subject rights
  Privacy Perspectives