LATEST NEWS
Submission deadline: 1 December 2026
Publication: July/August 2027
The EU General Data Protection Regulation (GDPR) was adopted by the European Parliament and the Council of the European Union in 2016 and has, over the last decade, become a “gold standard” for data protection worldwide. It has especially contributed as a global benchmark for strong and comprehensive data privacy by strengthening the fundamental data subject rights of individuals and enhancing accountability and the level of compliance for data controllers and processors, both within and outside Europe, that target customers or track individuals in the EU. Also, other countries outside Europe, including, for instance, Brazil, South Africa, or China, have, partly to achieve compliance with the GDPR and/or to keep up with new technical and societal developments, revised or adopted new data protection laws. Another example is the California Consumer Privacy Act (CCPA) of 2018, which is one of the strongest state privacy laws in the US.
The GDPR has notably promoted the field of privacy-enhancing technologies and other privacy engineering and management approaches by specifically mandating Data Protection by Design and by Default, and by promoting the advantages of standardized privacy icons for enhancing usable transparency, as well as certification in data protection and requirements for conducting data impact assessments.
Despite the important new rules and opportunities that the GDPR has contributed to improving data protection, challenges persist in the area of data protection – both in practice and in research. Particularly, Data Protection by Design is often not systematically implemented on a broad scale in practice, privacy notices, cookie banner and consent forms are still lacking usable transparency, data protection standardization efforts are not well considered and utilized in practice, there is often a lack of efforts put into systematically conducting Data Protection Impact Assessments (DPIAs), and the EU-US data privacy framework for enabling transatlantic data transfers is criticized by privacy experts due to issues with GDPR compliance. Moreover, in our current time of political crisis, an increasing number of cybersecurity attacks have resulted in serious data leaks and breaches.
In addition, emerging technologies as well as modern tracking and online profiling technologies provide serious privacy and data protection threats, and foremost, the recent AI revolution have posed challenges for data protection and for implementing GDPR and ethical principles related to data protection, data governance, data accuracy, transparency, human oversight, and fairness. This has also led to debates and proposals for weakening GDPR principles that are difficult for AI systems, such as Large Language Models (LLMs), to comply with.
Further efforts are needed to develop robust and trustworthy AI technologies, including privacy-enhancing technologies for AI, as well as utilizing AI technologies in a privacy-enhancing manner to improve usable privacy.
This Special Issue is dedicated to the 10th Anniversary of the GDPR. We invite articles providing a critical appraisal of the implementation of the GDPR, and/or of other novel data protection or privacy legal frameworks, including CCPA, from other parts of the world, in practice. We particularly also seek articles addressing challenges for upholding privacy principles despite geopolitical barriers and/or rapid technical changes and issues, including, but not limited to,
For author information and guidelines on submission criteria, please visit the Author Information page. As stated in the Author Information, peer-reviewed articles should run between 4,900 to 7,200 words, including all main body, abstract, keyword, bibliography, biography, and table text. The word count should include 250 words for each table and figure. There should be no more than 15 references. The abstract word limit is 50 words. Please submit full papers through the IEEE Author Portal system, and be sure to select the special-issue or special-section name. Manuscripts should not be published or currently submitted for publication elsewhere. Please submit only full papers intended for review, not abstracts, to the IEEE Author Portal. All submitted manuscripts will undergo a single-anonymous peer review.
In addition to submitting your paper to IEEE Security & Privacy, you are also encouraged to upload the data related to your paper to IEEE DataPort. IEEE DataPort is IEEE's data platform that supports the storage and publishing of datasets while also providing access to thousands of research datasets. Uploading your dataset to IEEE DataPort will strengthen your paper and will support research reproducibility. Your paper and the dataset can be linked, providing a good opportunity for you to increase the number of citations you receive. Data can be uploaded to IEEE DataPort prior to submitting your paper or concurrent with the paper submission. Thank you!
For more information about the focus, contact the guest editors:
