CLOSED – Call for Papers: GDPR: A Year On

Call for Papers for IEEE Security & Privacy
Share this on:
Submissions Due: 1 March 2019

Final submissions due: 1 March 2019
Publication date: November/December 2019

Often called the most important legal reform in a generation, Europe’s General Data Protection Regulation (GDPR)—a massive legal instrument that applies to the very core of our digital society, the flow of personal data—has now been in place for almost a year. As data-driven technologies ranging from autonomous vehicles and smart home devices to blockchains, quantum computing, machine learning and AI proliferate, GDPR applies to an ever growing range of business models and factual scenarios. How will the regulatory framework address these new technologies on the ground? Several months after the implementation deadline, regulators are still gearing up for enforcement and companies hone their compliance strategies. What should policymakers, courts, and industry players expect in the months and years to come?

How do GDPR’s numerous obligations translate to corporate implementation and regulatory oversight? Is GDPR future – or even present-proof? What is GDPR’s effect on competition and its relative implications for online platforms and for nimble start-ups? Does GDPR impede or perhaps rather foment European innovation? Have the new requirements of data deletion and portability been tested and deployed? Do European residents and consumers feel anything has changed in terms of the way public authorities and businesses approach their personal data? What are the best practices emerging around data protection by design and by default? Has GDPR remained in the realm of lawyers or regulators or has it also impacted engineering and design shops? What are some of the technologies being developed to comply with GDPR? Has the influx of GDPR-clone legislation, in countries ranging from Brazil to India, fundamentally changed the architecture of the Internet and global data flows?

In this special issue, IEEE Security & Privacy seeks articles from scholars and practitioners from various disciplines and countries to examine GDPR: A Year On. Successful submissions will address (among other topics) the GDPR’s:

  • position at the intersection of law and technology;
  • global impact;
  • implications for global multinationals and for small and medium size enterprises;
  • implementation by engineers, economists, and lawyers;
  • potential macroeconomic and competitive impact; and
  • effect on debates about ethics beyond the law.


Guest Editors

Omer Tene, International Association of Privacy Professionals (lead editor)
Katrine Evans, Hayman Lawyers
Bruno Gencarelli, European Commission
Gabe Maldoff, Bird & Bird
Gabriela Zanfir-Fortuna, Future of Privacy Forum


Submission Guidelines

All submissions must comply with rules on what we publish.

Submissions will be subject to the peer-review methodology for refereed papers. Articles should run between 4,900 to 7,200 words, with a maximum of 15 references. Articles should be understandable to a broad audience of people interested in security and privacy. The writing should be down to earth, practical, and original. Authors should not assume that the audience will have specialized experience in a particular subfield. All accepted articles will be edited according to the IEEE Computer Society style guide. As this is not a research journal, please do not submit research papers.

Submit manuscripts here, or email the guest editors at for more information.