About the IAPP

Cobun Zweifel-Keegan, CIPP/US, CIPM

IAPP

Managing Director, D.C.

Cobun Zweifel-Keegan is the Managing Director of IAPP, Washington, D.C. Through this role, Cobun works to integrate the diverse voices of privacy professionals into the evolving tech policy conversation, engaging with business representatives, civil society, congressional leaders, and federal government stakeholders.

Prior to returning to IAPP, Cobun served as Deputy Director of Privacy Initiatives at BBB National Programs, where he advised independent mechanisms that bring accountability and transparency to business privacy practices through voluntary—but enforceable—frameworks like Privacy Shield and the Cross-Border Privacy Rules. Through this work, Cobun also facilitated the development of new programs to clarify best practices in emerging areas such as youth privacy and artificial intelligence.

Cobun first worked at IAPP as a Westin Research Fellow, focusing his research on the global spread of uniform data privacy norms with the advent of the privacy profession. On this topic, in collaboration with IAPP President and CEO J. Trevor Hughes, Cobun published a chapter in the Cambridge Handbook of Consumer Privacy, “Enter the professionals: organizational privacy in the digital age.”

Cobun is a graduate of the University of Colorado School of Law where he served as Executive Editor of the Colorado Technology Law Journal. While in law school, Cobun sought a broad range of privacy and communications law perspectives, interning at Hogan Lovells, the Federal Trade Commission, the Colorado Technology Association, and AT&T.

Named after a creek in West Virginia, Cobun became fascinated with privacy when he realized his unique name made his online presence easily trackable. He earned his undergraduate degree in psychology at Colorado College. This background in social science further inspired his interest in the design of mechanisms that spread privacy norms.

Contributions by Cobun Zweifel-Keegan

• The U.S. Privacy Patchwork: Practical Considerations for GDPR Companies
  Speaker at IAPP Europe Data Protection Congress 2024
• AI’s impact on the language industry
  Web Conference Speaker
• US State AI Governance Legislation Tracker
  Westin Research Center
• Compliance Kaleidoscope: Adapting to Big Shifts in U.S. Privacy
  Moderator at IAPP Privacy. Security. Risk. 2024
• Fight, Flight, or Comply: What’s Next for Privacy Enforcers?
  Moderator at IAPP Privacy. Security. Risk. 2024
• U.S. State Privacy Crash Course: What Is New and What Is Next
  Speaker at IAPP Privacy. Security. Risk. 2024
• Implementing Trans-Atlantic Transfers
  Westin Research Center
• Fireside Chat on Updates to the Privacy and Security Regulatory Landscape
  Speaker at In-Person New York KnowledgeNet: 20 Aug. 2024
• What to expect when you’re acquiring data: New rules for data brokers
  Web Conference Speaker
• American Privacy Rights Act cheat sheet
  
• A view from DC: FCC geolocation orders show privacy's lost waypoint
  United States Privacy Digest
• FISA Section 702's Reauthorization Era
  The Privacy Advisor
• A view from DC: Will Maryland end the era of notice and choice?
  United States Privacy Digest
• A view from DC: The gossip test for sensitive data
  United States Privacy Digest
• Top takeaways from the draft American Privacy Rights Act
  The Privacy Advisor
• US Institutions Privacy Stakeholder Map
  
• Direct Insights from U.S. State Privacy Enforcers
  Moderator at IAPP Global Privacy Summit 2024
• A view from DC: The path to IAPP Global Privacy Summit 2024
  United States Privacy Digest
• A view from DC: Restoring privacy to the skies
  United States Privacy Digest
• A view from DC: US House ready to pass data broker bill 
  United States Privacy Digest
• A view from DC: Biden's State of the Union calls out children's privacy — yet again
  United States Privacy Digest
• A new era of US privacy policy? National security restrictions on personal data transactions
  The Privacy Advisor
• A view from DC: Is your privacy notice stuck in the '90s?
  United States Privacy Digest
• A view from DC: Kids Online Safety Act could pass — and it applies to you
  United States Privacy Digest
• A view from DC: FTC v. Kochava — License to litigate
  United States Privacy Digest
• A view from DC: Can the private sector catch up with government privacy assessments?
  United States Privacy Digest
• A view from DC: What if we had no word for privacy?
  United States Privacy Digest
• A view from DC: Updating the map of location privacy safeguards
  United States Privacy Digest
• A view from DC: Cyberspace was colonized; 2024 is AI's turn
  United States Privacy Digest
• Biased AI systems face the music: Analyzing the FTC's Rite Aid enforcement
  
• A view from DC: Is protecting kids worth the tradeoffs?
  United States Privacy Digest
• Implications of the AI executive order for business
  Westin Research Center
• CPPA's draft automated decision-making rules unpacked
  The Privacy Advisor
• A view from DC: The fight over defining 'AI' is far from over
  United States Privacy Digest
• A view from DC: FTC v. Kochava – Never say never again
  United States Privacy Digest
• A view from DC: All the president’s ministers — an all-of-government AI response
  United States Privacy Digest
• What's Next for AI Accountability: From Policy to Practice
  Moderator at AI Governance Global 2023, an IAPP event
• A view from DC: State attorneys general allege addiction through data collection
  United States Privacy Digest
• A view from DC: Sectoral rules make US AI governance policy leader
  United States Privacy Digest
• Notes from the IAPP Managing Director, Washington DC, 6 Oct. 2023
  United States Privacy Digest
• The Future of Biometrics: Everything Everywhere All at Once
  Moderator at IAPP Privacy. Security. Risk. 2023
• The State of U.S. Privacy Law
  Speaker at IAPP Privacy. Security. Risk. 2023
• A view from DC: FTC prepares for commissioner appointments, potential bipartisanship
  United States Privacy Digest
• The Kids Are All Rights: The Conflict between Free Speech and Youth Privacy Laws
  Westin Research Center
• A view from DC: White House preps a 'bridge' to AI regulation
  United States Privacy Digest
• A view from DC: The professor and the politicos
  United States Privacy Digest
• A view from DC: US Senate is back in session, tackling AI
  United States Privacy Digest
• A view from DC: NIST proposes update to guidance on privacy learning programs
  United States Privacy Digest
• A view from DC: Can there be accountability for web scrapers?
  United States Privacy Digest
• A view from DC: Dramatic expansion of regulated consumer reports
  United States Privacy Digest
• A view from DC: California is going after cars first, everyone else next
  United States Privacy Digest
• A view from DC: Adtech is built on a privacy fault line
  United States Privacy Digest
• A view from DC: Congress sprints to the starting line before August recess
  United States Privacy Digest
• A view from DC: Senators audit tax prep privacy practices
  United States Privacy Digest
• A view from DC: Who should do something about voice cloning?
  United States Privacy Digest
• A view from DC: Celebrating privacy’s 50th birthday
  United States Privacy Digest
• A view from DC: US intelligence agencies are purchasing consumer data
  United States Privacy Digest
• A View from DC: Could the Senate act on AI before privacy?
  United States Privacy Digest
• A view from DC: The FTC says ‘Let It Go,’ don’t hold that data anymore
  United States Privacy Digest
• A view from DC: Sectoral privacy updates spread with strengthened student standards
  United States Privacy Digest
• A View from DC: The FTC says, if it can be biometric data, it already is
  United States Privacy Digest
• Web Conference Speaker
• A view from DC: A red wave of state privacy laws
  United States Privacy Digest
• A view from DC: Die Another Day: FTC v. Kochava
  United States Privacy Digest
• A view from DC: We need zero trust for privacy and AI
  United States Privacy Digest
• How should mobile apps prepare for California's privacy scrutiny?
  Westin Research Center
• A view from DC: Connecting the dots: The Global CBPR Forum grows
  United States Privacy Digest
• A View from DC: HHS takes action on reproductive privacy
  United States Privacy Digest
• Web Scraping: Understanding Compliance Risks and Hidden Costs
  Moderator at IAPP Global Privacy Summit 2023
• Oh, the Places We Might Go: US Privacy Law and Regulation
  Speaker at IAPP Global Privacy Summit 2023
• A view from DC: Should ChatGPT slow down?
  United States Government
• A view from DC: A recap of the TikTok hearing
  United States Privacy Digest
• A view from DC: Data deletion and the threat of ‘heinous crimes’
  United States Privacy Digest
• A view from DC: Scandalous locations and ‘the privacies of life’
  United States Privacy Digest
• A view from DC: In Utah, ‘parent over shoulder’ will be the new normal
  United States Privacy Digest
• A view from DC: Can scraping challenges help limit the idea of public data?
  United States Privacy Digest
• A view from DC: Crisis and compromise
  United States Privacy Digest
• A healthy dose of consent: Takeaways from the FTC’s GoodRx case
  The Privacy Advisor
• A view from DC: If you can’t beat social media, ban it?
  United States Privacy Digest
• A view from DC: From consumer protection to innovation and data
  United States Privacy Digest
• A view from DC: Equal data protection and the NTIA
  United States Privacy Digest
• A view from DC: All the President’s tech policy
  United States Privacy Digest
• A view from DC: Multilateralism is not dead
  United States Privacy Digest
• Takeaways from Epic Games settlement: Teen privacy arrives at the FTC
  The Privacy Advisor
• A view from DC: Elon Musk’s privacy lessons
  United States Privacy Digest
• Text comparison of principles for commercial transfers: From Privacy Shield to DPF
  
• A view from DC: Privacy compromise: As seen on TV
  United States Privacy Digest
• A view from DC: 3 out of 5 attorneys general prefer data minimization
  United States Privacy Digest
• A view from DC: Lame ducks and safe kids
  United States Privacy Digest
• Perspectives on the Latest US Privacy Developments
  Moderator at IAPP Europe Data Protection Congress 2022
• A view from DC: Uncertainty reigns
  United States Privacy Digest
• A view from DC: The school of hard notices
  United States Privacy Digest
• A View from DC: The undiscovered country
  United States Privacy Digest
• Youth Privacy: Lessons from gaming and beyond
  Speaker at Virtual Washington D.C. KnowledgeNet: October 27, 2022
• Maximize your minimization and other takeaways from the FTC’s Drizly case
  The Privacy Advisor
• A view from DC: Privacy gets inclusive
  United States Privacy Digest
• The Day After Tomorrow: What’s Next for U.S. Consumer Privacy?
  Moderator at IAPP Privacy. Security. Risk. 2022
• Building the next generation of security and privacy professionals
  
• The future of youth privacy is here
  The Privacy Advisor
• A view from DC: Is purpose-built privacy possible?
  United States Privacy Digest
• A view from DC: What color are your patterns?
  United States Privacy Digest
• Scope of the draft American Data Privacy and Protection Act
  Privacy Bar Section
• A view from DC: The FTC eagerly awaits your comments
  United States Privacy Digest
• A view from DC: September brainstorms bring April panels
  United States Privacy Digest
• A view from DC: 'Dear Speaker Pelosi'
  United States Privacy Digest
• A view from DC: The Kochava Gambit
  United States Privacy Digest
• A view from DC: Is everything commercial surveillance?
  United States Privacy Digest
• A view from DC: Does privacy care about truth?
  United States Privacy Digest
• A view from DC: The US privacy trolley problem
  United States Privacy Digest
• A view from DC: Is that a mirage or a real-life bipartisan privacy compromise?
  United States Privacy Digest
• A view from DC: Don’t say anonymous unless you really mean it
  United States Privacy Digest
• A view from DC: Considering what is defined as genetic data
  United States Privacy Digest
• A view from DC: Reflections on federal privacy legislation, the Dobbs ruling, FTC rulemaking and more
  United States Privacy Digest
• A view from DC: A look at the updated American Data Protection and Privacy Act
  United States Privacy Digest
• Heard around DC — Reflection on the draft federal privacy legislation
  United States Privacy Digest
• Understanding the scope of the draft American Data Privacy and Protection Act
  The Privacy Advisor
• Heard around DC — Reflections on a potential US data privacy law
  United States Privacy Digest
• Heard around DC — The latest on federal privacy legislation, FTC activity
  United States Privacy Digest
• Heard around DC — FTC on edtech, federal legislation, biometrics and more
  United States Privacy Digest
• A view from DC: Roundup & reflections for May 13, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for May 6, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for April 29, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 22, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 14, 2022
  United States Privacy Digest
• Mapping a Path to Career Success in Privacy: Former IAPP Westin Fellow’s Insight
  Speaker at IAPP Global Privacy Summit 2022
• Heard Around DC — Roundup and reflections for April 8, 2022
  United States Privacy Digest
• Heard around DC – Roundup and reflections for April 1, 2022
  United States Privacy Digest
• Heard around DC — Roundup and reflections for March 25, 2022
  United States Privacy Digest
• Hidden privacy lessons in the FTC’s CafePress security enforcement
  The Privacy Advisor
• Heard around DC — Roundup and reflections for March 14, 2022
  United States Privacy Digest
• A globalized CBPR framework: Peering into the future of data transfers
  The Privacy Advisor
• Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond
  Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond
• Deal or No Deal: How Brexit Could Affect Data Adequacy
  Web Conference Speaker
• How independent dispute resolution fosters the exercise of data subject rights
  Privacy Perspectives