Privacy Tech and Privacy By Design


Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy technology and privacy by design. The IAPP Resource Center includes separate topic pages for Artificial Intelligence and Cloud Computing, as well as a “Privacy Engineering Section,” which offers a range of programs, events, content and networking opportunities through which privacy pros working in IT and related fields can connect and advance.

Featured Resources

An Introduction to Privacy for Technology Professionals

In this IAPP textbook, leading minds in the field address how privacy and technology intersect and examine critical areas of concern in the industry.
Read More

Strategic Privacy by Design

Designed for both the individual who knows privacy by design and the individual who is just starting on their privacy journey, this book presents a methodology for building privacy into a product, service, or business process, and takes an unconventional approach to privacy by design.
Read More

Building the next gen of security and privacy pros

This white paper explores how the roles of privacy and cybersecurity professionals are becoming increasingly interdependent, and compares the challenges faced by both professions.
Read More

Latest News and Resources

Cybersecurity Law Fundamentals

Almost as swiftly as cybersecurity has emerged as a major corporate and public policy concern, a body of cybersecurity law has developed. The purpose of Cybersecurity Law Fundamentals is to give a coherent summary of this incoherent body of law. Read More

IAPP Privacy Tech Vendor Report

This year’s “Privacy Tech Vendor Report” finds the industry at a crossroads of sorts. As privacy has shifted from an afterthought to a necessity within the last decade, the conversation today regarding its place in product development has evolved from the abstract to the technical implementation of an array of solutions. Read More

Self-sovereign identity: a primer for privacy pros

In this LinkedIn Live event, IAPP Principal Technology Researcher Katharina Koerner, CIPP/US, co-founder and CEO Dominik Beron, Microsoft Senior Identity Standards Architect Kristina Yasuda and Identity Woman Kaliya Young discuss the idea of self-sovereign identity and its privacy implications. Read More

The latest in homomorphic encryption: A game-changer shaping up

Privacy professionals are witnessing a revolution in privacy technology. The emergence and maturing of new privacy-enhancing technologies that allow for data use and collaboration without sharing plain text data or sending data to a central location are part of this revolution. The United Nations, the Organisation for Economic Co-operation and Development, the U.S. White House, the European Union Agency for Cybersecurity, the UK Royal Society, and Singapore’s media and privacy authorities all r... Read More

Generative AI: Privacy and tech perspectives

Launched in November 2022, OpenAI’s chatbot, ChatGPT, took the world by storm almost overnight. It brought a new technology term into the mainstream: generative artificial intelligence. Generative AI describes algorithms that can create new content such as essays, images and videos from text prompts, autocomplete computer code, or analyze sentiment. Many may not be familiar with the concept of generative AI; however, it is not a new technology. Generative adversarial networks — one type of gene... Read More

Mozilla Android unveils ‘Total Cookie Protection’
(IAPP, March 2023)
PrivTech Talks: Privacy tech in health care and medical research
(IAPP, March 2023)
Standardization landscape for privacy: Part 3 — W3C and IEEE
(IAPP, March 2023)
Standardization landscape for privacy – Article Series
(IAPP, March 2023)
Federated learning: Supporting data minimization in AI
(IAPP, February 2023)
EU policymakers have adtech in sight for future regulation
(IAPP, February 2023)
‘Neurorights’ and the next flashpoint of medical privacy
(IAPP, February 2023)
NIST’s Reva Schwartz on the new AI Risk Management Framework
(IAPP, February 2023)
Web Conference: Five ways to build a bulletproof PBD program with your security partners
(IAPP, February 2023)
US NIST publishes AI Risk Management Framework 1.0
(IAPP, January 2023)
U.S. National Institute of Standards and Technology (NIST) – Resources
(NIST, January 2023)
Data clean rooms: An adtech privacy solution?
(IAPP, January 2023)
EDPB’s Meta decisions explained: Resolving the adtech dispute
(IAPP, January 2023)
Web Conference: Shining a Light on Dark Patterns – Good Marketing vs Consumer Manipulation
(IAPP, January 2023)
Unpacking DPC Ireland’s Meta decisions: AdTech and beyond
(IAPP, January 2023)
Security & Privacy by Design Principles (S|P)
(Secure Controls Framework, January 2023)
Model Written Information Security Program
(VLP Law Group, January 2023)
Irish DPC fines Meta 390M euros over legal basis for personalized ads
(IAPP, January 2023)
CNPD fines National Institute of Statistics 4M euros
(IAPP, December 2022)
Report explores global cookie review
(IAPP, December 2022)
Are cookies a new currency for the online world?
(IAPP, November 2022)
Synthetic data a key to privacy by design practices in new Canadian smart city partnership
(IAPP, November 2022)
Data transfers: Could a technical solution be the future?
(IAPP, November 2022)
The FTC’s rapidly evolving standards for MFA
(IAPP, November 2022)
Is GPC the new ‘do not track’?
(IAPP, October 2022)
Non-Fungible Tokens – Privacy and Cybersecurity Risks
(Alan Moore, Keith Pham, Tylar Jaspan, September 2022)
White Paper – Self-sovereign identity as future privacy by design solution in digital identity?
(IAPP, August 2022)
Where is my personal data bill of materials?
(IAPP, August 2022)
Reed Smith – Guide to the Metaverse, Second Edition
(Reed Smith, August 2022)
Guide on Personal Data Protection Considerations for Blockchain Design
(Singapore PDPC, July 2022)
What does the newest U.S. privacy bill mean for cybersecurity?
(IAPP, June 2022)
Web Conference: Privacy Technology Evolution: From Point Solutions to Data Governance
(IAPP, May 2022)
Web Conference: Privacy Engineer Your Operations for Excellence
(IAPP, May 2022)
Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
(IAPP, 2022)
Standardization landscape for privacy: Part 2 — ISO/IEC
(IAPP, 2022)
Exceptions in new US state privacy laws leave data without security coverage
(IAPP, May 2022)
Talking Strategic Privacy by Design with R. Jason Cronk
(IAPP, March 2022)
Privacy Management Principles
(Security Controls Framework, March 2022)
Successful adoption of mobile ID hinges largely on protection of citizen privacy
(IAPP, March 2022)
Information Security Management – An Executive View
(Marcos Sêmola, March 2022)
Perkins Coie – 2022 Emerging Technology Trends
(Perkins Coie, February 2022)
LinkedIn Live: ‘How To Build An Effective Privacy Engineering Team’
(IAPP, February 2022)
CDT — Responsible Technology Training Series for Education Practitioners
(CDT, January 2022)
iOS App Report: Surveillance Marketing Still Going Strong
(URL Genius, January 2022)
Privacy and responsible AI
(IAPP, January 2022)
Age verification and data protection: Far more difficult than it looks
(IAPP, January 2022)
2022’s top-10 legal technology job market predictions
(IAPP, January 2022)
A look inside the robust privacy tech vendor market
(IAPP, January 2022)
Privacy as code: A new taxonomy for privacy
(IAPP, November 2021)
Brookings Glossary: Artificial intelligence and emerging technology
(Brookings Institution, October 2021)
The Privacy and Equity Implications of Using Self-Harm Monitoring Technologies: Recommendations for Schools
(Future of Privacy Forum, August 2021)
The Privacy and Equity Implications of Using Self-Harm Monitoring Technologies: Recommendations for Schools
(Future of Privacy Forum, August 2021)
Web Conference: More than Face Value: Facial Recognition Technology & Privacy
(IAPP, July 2021)
Web Conference: Understanding Machine Learning Technology and Developing A Risk-Based Approach
(IAPP, June 2021)
Web Conference: LBS — IAPP CIPT: Technology Innovation and the Need for the Privacy Technologist
(IAPP, June 2021)
KPMG — Privacy Technology: What’s next?
(KPMG, May 2021)
Privacy Tech’s Third Generation: A Review of the Emerging Privacy Tech Sector
(Future of Privacy Forum, Privacy Tech Alliance, May 2021)
Web Conference: Marketing Technology 101 for Privacy Officers
(IAPP, February 2021)
World Economic Forum — Future Series: Cybersecurity, emerging technology and systemic risk
(World Economic Forum, November 2020)
EY-NASCIO Report — How will the power of emerging technology help reframe your future?
(EY-NASCIO, October 2020)
White Paper – The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
(IAPP, October 2020)
Infographic – How to get started in privacy engineering
(IAPP, August 2020)
White Paper – The Skill Set Needed to Implement the NIST Privacy Framework
(IAPP, August 2020)
ePrivacy and Data Protection: The Complex Web of Data Privacy and its Influence on AI Ethics, Competition and Tech Evolution
(Citi GPS, July 2020)
Privacy 2020: 10 Privacy Risks and 10 Privacy-Enhancing Technologies to Watch in the Next Decade
(Future of Privacy Forum, March 2020)
Enhancing Privacy Education with a Technical Emphasis in IT Curriculum
(Kennesaw State University, February 2020)
White Paper – The Skill Set Needed to Implement a Global Privacy Standard: ISO/IEC 27701 alignment with IAPP CIPM and CIPP/E certifications
(IAPP, November 2019)
White Paper – Talking Tech for Privacy Pros: The Organic Chemistry of Computer Science
(IAPP, November 2019)
White Paper – Talking Tech for Privacy Pros: Coming Down from the Cloud
(IAPP, October 2019)
How Privacy Tech Is Bought and Deployed
(IAPP, June 2019)
White Paper – Check or Mate? Strategic Privacy by Design
(IAPP, October 2017)
The Ransomware Epidemic – Article Series
(IAPP, September 2016)
View More Resources

Privacy Engineering

Web Conference: Privacy Engineer Your Operations for Excellence

Original broadcast date: 12 May 2022 In this web conference, panelists explain how to avoid ripple effects from immature privacy practices, but also clearly show how privacy controls can contribute to better data quality, lower storage costs, and an overall business strategy of trust. Founders, product managers, engineers, and legal privacy professionals alike will walk away from this web conference with a better understanding of the essential building blocks of applying privacy principles in practice, why it makes sense to invest in privacy-by-design when building and maintaining products and systems, and how to get one’s team up to speed. Read More

Infographic – How to get started in privacy engineering

Published: August 2020Click To View (PDF) Privacy engineering is a rapidly growing field in our increasingly data driven world. This infographic offers advice on how to jump start a career in this dynamic profession. It offers tips for pursuing a cross-disciplinary education, searching for career opportunities beyond Big Tech, writing about privacy issues, networking with other professionals, becoming an expert in your own privacy, earning privacy credentials, staying informed about privacy i... Read More

Privacy engineering is evolving daily: Join the conversation about its future

Regulations and policies alone won’t get us to a world that effectively respects privacy. To get there, we need multiple things: (1) systems we can trust to robustly implement policy, (2) technology that enables better choices than the ones we have today and (3) a deep understanding of the wide spectrum of humans who interact with our systems. In short, we need privacy engineering. Organizations’ understanding of privacy engineering and their need for it is evolving rapidly alongside new techno... Read More

Privacy engineering: Comprehensible access control lists

When a user is taking an action, they need to know who, what and where. But what happens once they’ve taken that action? When a user shares something with another user, like a photo or a document, they need to know who, why and how to make it stop. First, let me differentiate sharing and sending. Sending is when someone transmits data to another entity and that data passes into the possession of that entity. For example, if you were to send me an email, that email goes into my inbox. You can’t ... Read More