Encryption Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to encryption.

Featured Resources


Homomorphic encryption: A game-changer shaping up

This article breaks down advancements in homomorphic encryption as it becomes more standardized, with the potential to change the way we manage and utilize personal data.
Read More


The EU’s temptation to break end-to-end encryption

The European Commission’s proposal to fight “child sexual abuse materials” has spurred controversy as it touches upon the issue of private interpersonal communications and might affect end-to-end encryption. This article discusses reactions to the proposal and the current state of play, its impact on end-to-end encryption, and the legislative process.
Read More


Decryption and Inspection and the Steps Needed for Privacy Compliance

This web conference provides an overview of the threat landscape and how attackers use encryption to their benefit and why the inspection of network traffic is necessary for privacy compliance.
Read More


How can homomorphic encryption address privacy in COVID-19 apps?

Husna Siddiqi and Dalia Khader explain how a cryptographic concept called “homomorphic encryption” may be able to help assuage privacy concerns around COVID-19 applications.
Read More


Encryption, redaction and the CCPA

This article dives into the differences between encryption and redaction and points to what privacy pros should be thinking about with consideration of the CCPA.
Read More


Encryption isn’t enough: Why conversational AI requires more

This piece covers why conversational AI solutions need to have a comprehensive security program in place to uphold privacy and maintain regulatory compliance, and why those AI providers cannot rely on encryption alone.
Read More

Additional News and Resources

Spain's AEPD releases encryption assessment tool

Spain's data protection authority, the Agencia Española de Protección de Datos, released a browser app to assess the security of online encryption systems. The tool is meant to give guidance on what encryption standards to look for while processing personal data and does not transmit any information back to the authority.Full story... Read More

UK government publishes E2E encryption, child safety guidance

The U.K. Home Office released guidelines on the interplay between end-to-end encryption standards and children's safety as it relates to the recently passed U.K. Online Safety Bill. The office explained the overlap between the two topics, Meta's leading example on the matter, and current techniques and technological solutions being used. Notably, the guidance also lays out the application of the Online Safety Bill in the encryption-child safety context.Full story... Read More

Facebook Messenger expands encryption trials

Meta announced millions of Facebook Messenger accounts will be able to trial end-to-end encryption standards for individual and group chats. Meta is working to finalize default encryption standards by year's end and maintains it is on track to do so. The company said default encryption will "enhance the security we already provide and give people additional confidence that their personal messages will remain private."Full story... Read More

Apple to expand encryption in its cloud backups, halts CSAM rollout

Apple announced Wednesday a suite of data security improvements it plans to roll out in the coming months that aim to protect consumer data and ward off hackers.  The three data security features include iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. In a company announcement, Apple Senior Vice President of Software Engineering Craig Federighi said the new features will provide users with "three powerful new tools to further protect their ... Read More

Multiparty computation as supplementary measure and potential data anonymization tool

Privacy-enhancing technologies like secure multiparty computation, homomorphic encryption, federated learning, differential privacy, secure enclaves, zero-knowledge proof or synthetic data are becoming increasingly relevant in practice and considered by regulators. Approaching the challenging trade-off between data privacy and data utility for a vast variety of use cases, privacy-enhancing technologies embed important privacy-by-design principles in the data life cycle. They aim at enabling inc... Read More

FPF: Strong Data Encryption Protects Everyone

The Future of Privacy Forum released “Strong Data Encryption Protects Everyone,” a visual guide to data encryption. The interactive tool outlines how encryption works, where it is used and potential risks. “The infographic illustrates how strong encryption protects individuals, enterprises, and the government. View Visual Guide View Infographic (PDF) ... Read More

Measuring how encryption impacts potential liability under CCPA

In the last decade, California has suffered twice as many data breaches as any other state, with roughly 1,493 breaches affecting nearly 5.6 billion records. Where California’s privacy laws apply to an organization, encrypting customer data will provide immunity from the private right of action under the California Consumer Privacy Act and limit obligations of notification in the event of a data breach under California’s data breach notification law. Santa Clara University School of Law's Solima... Read More

Finding encryption's place in privacy law

In a piece for CMSWire, Securiti.ai Product Lead Anas Baig provides a breakdown of how encryption meshes with privacy regulations around the world. Baig goes into detail on what privacy laws in the U.S., EU, Canada, Brazil and others say about the deployment of encryption. Additionally, Baig lays out the fines associated with encryption while offering best practices for companies implementing it into their systems. "In this era of data privacy, encryption is no longer an option, but rather a nec... Read More

Australia’s anti-encryption collision with GDPR sub-processing

On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More

Why the 'encryption exception' may be over used

How familiar are you with the “encryption exception” in the EU General Data Protection Regulation and some U.S. state laws? It can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised. The GDPR identifies the exception in Article 34(3)(a), stating that the breach notification of Article 34(1) is not required if “the controller has implemented appropriate technical and organisational protection measures, … ... Read More

Encryption and Globalization

This article by Peter Swire and Kenesa Ahmad offers a short history of wiretaps for phone and Internet data; highlights key lessons learned from the U.S. crypto wars of the 1990s; proposes reasons why effective encryption becomes even more important when the debate shifts from one country to a globalized setting, and synthesizes the key reasons supporting effective encryption in today’s globalized world. Read More