Data Protection Day 2024

Discover the activities that our members will carry out in commemoration of Data Protection Day 2024.

Don’t miss the chance to participate and stay informed about the latest developments in data protection!

ABU DHABI GLOBAL MARKET

The ADGM Office of Data Protection (“ODP”) will conduct the following activities:

  1. On the 28th of January, a promotional slogan will be displayed in the Atrium area of the main building of ADGM. Taking into account that all public authorities in ADGM are situated in this building, the Atrium is the central point were public authorities’ staffs cross their daily paths, hence visibility is ensured.
  2. Public authorities in ADGM will be target again through a special communication distributed via Microsoft Teams, e-mail and intranet. The message aims at recalling the importance of this day and the raise awareness on the responsible and ethical processing of personal data.
  3. Private sector in ADGM will likewise receive a special communication from the ODP on that day. A message will be sent to all entities in ADGM through the central Registry Solution of companies, recalling their obligations in the area of personal data protection pursuant to the ADGM Data Protection Regulations 2021.
  4. The ODP will participate in a Commissioners’ panel at the event hosted by the Data Protection Office (“DPO”) of Qatar Financial Centre (“QFC”) on January 28th in Doha. This event will be held around the theme of “Data Protection in the Age of AI”.

Website for more information: https://www.adgm.com/

BOSNIA AND HERZEGOVINA

As part of the celebration of the European Data Protection Day in Bosnia and Herzegovina on January 26, an invitation will be delivered to all print and electronic media in Bosnia and Herzegovina along with an appropriate press release on the holding of the press conference. The press release will also be posted on the Agency’s website www.azlp.ba

The Personal Data Protection Agency in Bosnia and Herzegovina is organizing four day professional training on personal data protection in the period from January 22 to 25, 2024 at the Foreign Trade Chamber of BiH. The target groups that will attend the trainings are private and public health institutions, non-governmental organizations, and private and public universities.

The Personal Data Protection Agency in Bosnia and Herzegovina is organizing a press conference for the media on Friday, January 26, on the occasion of the European Data Protection Day in Bosnia and Herzegovina at the Foreign Trade Chamber of BiH. During the press conference, the management will present the work of the Agency in the past 2023, as well as the activities and plans for 2024, and answer various inquiries from journalists. On this occasion, also press kit was prepared for the Conference participants and journalists.

Website for more information: www.azlp.ba

BRAZIL

“The National Data Protection Authority (ANPD) will be hosting an online seminar on January 30 to celebrate Data Protection Day. The event will be broadcast live on ANPD’s YouTube channel, accessed at https://www.youtube.com/@anpdgov”.

Website for more information: https://www.youtube.com/@anpdgov

CANADA

  • The Information and Privacy Commissioner of Ontario will be hosting a Privacy Day event on January 24.

Website for more information: https://www.ipc.on.ca/event/modern-government-artificial-intelligence-in-the-public-sector/

  • “For the OPC-Canada, this year’s theme for Data Privacy Week is “Take Control of Your Data.” You can find more information on the OPC’s Data Privacy Week campaign web page. During the week, we invite you to engage with content on social media, including tips and resources, using the #DPW2024 hashtag”. 

Website for more information: : https://www.priv.gc.ca/en/

CROATIA

Data Protection Day 2024: “Entrepreneurs and New Technologies”

On January 26th, 2024, the Croatian Personal Data Protection Agency marks the 18th consecutive celebration of Data Protection Day—an annual event dedicated to promoting awareness of the fundamental human right to the protection of personal data and privacy.

In honor of this momentous occasion, the Croatian Personal Data Protection Agency is hosting a conference titled “Entrepreneurs and New Technologies,” designed primarily for small and medium-sized enterprises. The conference is scheduled for January 26th, 2024, at the Ericsson Nikola Tesla, located at Krapinska 45, Zagreb.

This year’s European Data Protection Day is particularly noteworthy as it introduces “Olivia,” a web tool crafted as a virtual teacher and assistant for GDPR compliance. Entrepreneurs can leverage this tool to grasp their fundamental obligations, assess their knowledge, and generate essential documents showcasing compliance with personal data protection regulations.

During the first segment of the European Data Protection Day event, participants will be able to test Olivia’s new features and seek guidance from mentors who are experts in data protection.

The second segment of the event will showcase a panel discussion on the exciting opportunities presented by artificial intelligence.

Participation in this event is complimentary and exclusively reserved for micro, small, and medium-sized entrepreneurs, as well as craftsmen.

Website for more information: https://azop.hr/european-data-protection-day-2024-entrepreneurs-and-new-technologies/

EUROPEAN UNION

(EUROPEAN DATA PROTECTION SUPERVISOR)

Planned activities

  • CPDP Data Protection Day will take place on 25th January, in Brussels. This one-day conference, co-organised by the Council of Europe, CPDP and the EDPS, will be the main event of the Data Protection Day celebrations. The conference will focus on the latest developments and challenges happening in the data protection world, such as: Data retention and national security, Global data flows, Digital Governance, Regulating AI, Harmonising of GDPR procedures.
  • Podcast with the EDPS Data Protection Officer will be recorded, published on the EDPS website and Spotify account and promoted on the EDPS social media channels at the end of January. Our DPO will present the role of a Data Protection Officer in EU institutions, share some practical information regarding his function and raise awareness on the work of the EDPS and importance of the data protection in an everyday life.
  • Articles are planned for internal publications/newsletters of the EU institutions, bodies, offices and agencies, to raise their employees’ awareness on data protection and the role of the European Data Protection Supervisor. These articles will be published during the week preceding data protection day.
  • A cartoon portraying, in a humoristic way, data protection challenges in the digital age, to be published on 28th January on our social media channels. 
  • An infographic, titled “Your data, your rights”, reminding our audience of their fundamental data protection rights, to be published on 26th January.
  • A series of informational documents will be sent to the data protection officers of the EU institutions, bodies, offices and agencies, as their supervisory authority. These documents aim to help them raise awareness on data protection and promote the Data Protection Day.

Website for more information: https://cpdp-dataprotectionday.eu/

GEORGIA

In celebration of Data Protection Day, the Personal Data Protection Service of Georgia plans to hold an event that will be dedicated to the new Law of Georgia on Personal Data Protection, considering that it will enter into force this year.

Apart from that, the following activities will be held in the scope of the event:

  • Presentation of the activities conducted by the PDPS with an aim of implementation of the new law;
  • Presentation of the core legal novelties introduced by the new Law of Georgia on Personal Data Protection;
  • Presentation of a concept of the PDPS’s training-course: “General Course on Personal Data Protection Law“;
  • Presentation of the handbook: “Guide to Personal Data Protection of Minors: Theory and Practice” prepared based on the practice of PDPS concerning juveniles’ data protection;
  • Presentation of the next issue of the scientific, periodic, bilingual publication of the PDPS: “Journal of Personal Data Protection Law” (https://journal.pdps.ge/?leng=eng);
  • Presentation of the video-podcasts prepared by the PDPS for raising public awareness with respect to the new Law of Georgia on Personal Data Protection.

The event is public and can be attended by the data subjects, data controllers and processors, and other interested parties.

Website for more information: https://personaldata.ge/en

GERMANY

“In Germany the Conference of Independent Federal and State Data Protection Supervisory Authorities (in short: Data Protection Conference (German abbreviation: DSK)) is organizing an event on 29 January 2024 to celebrate the Data Protection Day. The event will take place in Berlin. More information can be found here (German only): https://www.datenschutzzentrum.de/artikel/1470-.html”.

Website for more information: https://www.datenschutzzentrum.de/artikel/1470-.html

On 29 January 2024 a central event for data protection supervisory authorities will take place in Berlin. It is prepared and hosted by the Data Protection Supervisory Authority of the federal state of Schleswig-Holstein (ULD – is also a sub-national member of the GPA), which served as chair of the permanent “Conference” of Data Protection Supervisory Authorities in Germany for the calendar year 2023. The current chair, for 2024, is the supervisory Authority of the federal state of Bremen.

You may find more information in the press release which was published on the central event on 29 January 2024 by the conference mentioned above; you can find it at https://www.datenschutzkonferenz-online.de/media/pm/24_01_17_DSK_Pressemitteilung_Europaeischer_Datenschutztag.pdf  (available in German language only).

GIBRALTAR

“For Data Protection Day 2024, the Gibraltar Regulatory Authority (the “GRA”), as the Information Commissioner, will be publishing an awareness-raising audio-visual, highlighting key information relating to deceptive design patterns in online platform interfaces (the “Video”).

The Video will offer practical guidance on how to assess and avoid deceptive design patters which so regularly influence users’ online journeys by misleading them into making unintended, unwilling, and potentially harmful decisions, which consequently hinder their ability to effectively protect their personal data.The Video will be made available on the GRA’s website and social media platforms”.

GREECE

The Hellenic Data Protection Authority is holding a hybrid event (both in-presence and live streaming) on the 30th of January to honour the 18th Data Protection Day. The event is entitled “Topical data protection issues – recent developments” and is dedicated to Professor Spiros Simitis, a distinguished scholar and expert in the field of data protection, who passed away in March 2023.

The former Greek Prime Minister C. Simitis, the Minister of Justice G. Floridis and the President of the Hellenic DPA K. Menoudakos will address the conference.

Presentations-speeches will be delivered by members and experts of the Authority.

Website for more information: https://www.dpa.gr/el/enimerwtiko/ekdiloseis/18i-eyropaiki-imera-prostasias-prosopikon-dedomenon

ISLE OF MAN

Our office is holding some outreach drop-in sessions for the public at various locations across our island next week in the run up to Data Protection Day.We’ve posted a notice on our website with the dates/times/locations, and we’re also putting up regular posts on our site throughout the week to point individuals to our website’s guidance in relation to their rights”.

Website for more information: https://www.inforights.im/organisations/latest-news-updates/2024/jan/data-protection-week-2024/

ITALY

The event organised by the Italian DPA for 2024 Data Protection Day.

The Garante will organize the conference  «Violenza della rete, violenza nella rete».

This year’s theme concerns the various forms of manifestation of online violence and, more generally, the relationship between the web and violence.

The title, playing on the distinction between the violence of and on the web, aims at underlining not only the place of violence (on the web, precisely) but also, often, one of its driving factors, the peculiarity of the web, capable of profound implications on society and individuals (network violence).

The internet is indeed also a driving force for violence and a condition for the realization of some of its very peculiar forms. Two paradigmatic examples in this sense are revenge porn and filmed abuses – very often concerning young people – which fall under the competence of the Garante.

The conference will take place in Rome, at the Chamber of Deputies, it will be mostly aimed at institutions, stakeholders, media and will be covered by press releases to be issued to all media, radios and TVs and social media.

JERSEY

This year’s Data Protection Day (Week) celebrations here in Jersey will see us reaching organisations via a ‘Let’s Go DPO session’ focusing on surveillance and we’ll also be running a ‘Breakfast with the Information Commissioner’ session which will see Commissioner Vane talk through our Jersey Office of the Information Commissioner (Jersey Data Protection Authority) mandate and thinking regarding regulating for outcomes and the range of regulatory tools we have available plus how and when they are used.

For the Jersey community, our team will be heading to schools, youth and activity clubs as well as spending time with community groups to support islanders to understand how to best protect their personal information.

Our office also has an information pop-up stand at our local Jersey Library.

Events:

‘Let’s Go DPO – The Dos and Don’ts of Employee Surveillance’ – Jersey Office of the Information Commissioner – Let’s Go DPO – The Dos and Don’ts of Employee Surveillance (jerseyoic.org)

‘Breakfast with the Information Commissioner – Talking Data Protection Enforcement’ – Jersey Office of the Information Commissioner – Breakfast with the Information Commissioner – Talking Data Protection Enforcement (jerseyoic.org)

Join the Jersey Office of the Information Commissioner at Jersey Library! – Jersey Office of the Information Commissioner – Join us at Jersey Library! (jerseyoic.org)

Website for more information: www.jerseyoic.org

LATVIA

The Latvian Data State Inspectorate is organizing an online seminar for all interested parties, particularly entrepreneurs, on privacy policies. During this seminar, we will offer practical advice on establishing effective privacy policies. Additionally, our regular feature, ‘DSI Explains,’ will include an explanatory article on a significant data protection topic for Data Protection Day. We also aim to highlight the importance of Data Protection Day on our social media platforms through various updates. Furthermore, we plan to enhance awareness by preparing an opinion article emphasizing the crucial need to protect personal data.

REPUBLIC OF NORTH MACEDONIA

Concerning the celebration of the 18th Data Protection Day, the Personal Data Protection Agency of the Republic of North Macedonia is planning two activities that will take place on the 26th and the 29th of January, 2024:

  • European Data Protection Day event “Empowering Judiciary and Safeguarding Youth in the Digital Age”, organized by the Personal Data Protection Agency, Center for Legal Research and Analysis, Macedonian Young Lawyers Association and the Delegation of the European Union and it will be held in Hotel “Solun”, Skopje, Republic of North Macedonia, on the 26th of January, 2024. The activity will be aimed at representatives of Courts, Public prosecutor offices, NGO’s, Ministries, University students etc.
  •  Workshops in high schools named “Privacy lessons” to advise on the privacy of children and young people in the world of information technologies (Internet and social networks) in order to educate young people about the importance and respect for privacy. The activity will take place in two high-schools in the Republic of North Macedonia, on the 29th of January, 2024 and it will be aimed at high school students.

Both events will be covered by the media (social media, digital media, newspapers, television).

MEXICO

INAI Mexico is organizing to commemorate the International Personal Data Protection Day a series of events whose thematic theme is Neuro-rights.

The title of the event is: ” Safeguarding the Mind: Neurorights and Personal Data in the Digital Age”.

The objective of the event is to reflect on the importance of the human right to the protection of personal data in the face of the implementation of neurotechnologies, with the intention of generating awareness among the developers of these, as well as among those responsible for implementing them and entitled persons who make use of them.

The specific objectives of the event are:

  • To analyze the mechanisms of minimization of personal data that are processed by neurotechnologies.
  • To learn about the mechanisms of governance of neural data and the establishment of transparent rules for the protection of fundamental rights.
  • Reflect on transparency in neurotechnologies to avoid abuses, biases and discrimination.

Identify measures for the protection of transmitted and stored data, taking into account the processing of neural data from which further details of the data subjects can be inferred.

Website for more information: https://eventos.inai.org.mx/diainternacionalpd2024/

The State of Mexico Transparency, Public Information Access and Personal Data Protection Institute of Estado de México and municipalities, INFOEM will hold the Master Conference: “Artificial intelligence and the protection of personal data”.

Website for more information: https://www.infoem.org.mx/

NIGERIA

With the passing of the Nigeria Data Protection Regulation 2019 and the establishment of Nigeria Data Protection Authority, the Data Protection Day has been celebrated annually in Nigeria with a week-long activity such as press conference, youth and teen empowerment program, webinars and capacity building workshops aimed at creating awareness on data privacy and protection.

Similarly, with the passage of the Nigeria Data Protection Act (NDPA) 2023 which established the Nigeria Data Protection Commission (NDPC) to implement the NDPA and foster the understanding of data privacy and protection in Nigeria, the Commission has resolved to hosting the 2024 edition of National Privacy Week with the theme: “Shaping Tomorrow’s Privacy Landscape”.

Events for 2024 National Privacy Week:

28/01/24 – Press Conference: This prestigious event serves as the official inauguration of Privacy Week, gathering media representatives, stakeholders, and officials from the Nigeria Data Protection ecosystem among others. It provides a platform to unveil significant initiatives, announce partnerships, and emphasize the critical role of data privacy in today’s digital landscape. It would also include keynotes from prominent figures, presentations on upcoming strategies, and insightful discussions on the importance of protecting personal information as well as traction in implementing the NDPA in Nigeria.

29/01/24 – Webinar: The NDPC in partnership with Professional Evaluation and Certification Board (PECB) is bringing together Data Protection Authorities across Africa in celebration of the privacy week 2024. the objectives of the virtual roundtable include knowledge sharing, harmonization of standards, policy development and collaborative solutions. The theme of the webinar is: Data protection in African Nations: Policies, Trends, Roles and Challenges Confronting Authorities

30/01/24 – Adopt-a-School: This seeks to improve the level of awareness for Data Protection and Privacy in Nigerian schools. In 2023, the Commission embarked on the adoption of a school program where sixty six  schools across Nigeria were visited to educate their students about Data Protection and Privacy. This year, the event would focus on students from Nigeria Tertiary Institutions.

31/01/24 – Capacity Building Workshop: These workshops and training sessions are designed as immersive learning experiences. Geared towards individuals, enterprises, and government bodies, they cover a wide array of topics such as understanding data protection laws, implementing privacy-by-design principles, managing data breaches, and fostering a culture of responsible data handling. The aim is to equip participants with actionable strategies and tools for robust data protection practices.  This event is in line with pillar three of Nigeria Data Protection Strategic Roadmap and Action Plan.

1/02/24 – Policy Dialogue: this event focuses on digitialisation and entrepreneurship with the aim to improve the capacity of the Nigerian economy to utilize digital innovations for growth and improve the innovation ecosystem. The objective is to facilitate a policy dialogue on the Nigeria Data Protection Act in order to create awareness of the Act, promote its importance and develop an adoption strategy for organisations.

2/02/24 – Privacy Hackathon: In a world where data is invaluable, ensuring its privacy and security at every stage is paramount. The code4Privacy hackathon seeks to foster creativity, collaboration, inclusivity, and a culture of data   privacy. Students from Nigeria Tertiary institutions with relevant skills set in coding, design, software development, project management etc. are encouraged to come up with project ideas that enhance the privacy of data subjects and incorporate privacy by design. This event is in line with pillar five of the Nigeria Data Protection Strategic Roadmap and Action Plan.

4/02/24 – Anniversary Dinner: To mark the signifance of the establishment of the Nigeria Data Protection Authority, the National Privacy Week culminates with the anniversary dinner/ awards.

Website for more information: www.ndpc.gov.ng

NORWAY

The Norwegian DPA organise a commemorative event. The information about our event is available in Norwegian: Personverndagen 2024: Kunstig intelligens møter personvern | Datatilsynet.

Website for more information: https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2023/personverndagen-2024-kunstig-intelligens-moter-personvern/

POLAND

The Day celebrations organised by the Personal Data Protection Office (UODO) will begin as early as 8 January 2024.

The course of the events organised by UODO is as follows:

•8 January 2024 at 10.00 a.m., seat of the Polish SA in Warsaw – Workshops for seniors on how to safely use new technologies in everyday activities.

•10 January 2024, 10.00-11.30 a.m., seat of the Polish SA in Warsaw – Workshop for students on “A safe way through cyberspace: from deepfakes to mobile application security”. https://www.uodo.gov.pl/en/553/1590

•16 January 2024, 10.00-13.30, University of Economics and Human Sciences in Warsaw – A series of debates on the protection of personal data in the health sector in the era of development of new technologies.

1st debate, at 10.00 – 11.00 Codes of conduct

2nd debate, at 11.15 – 12.15 Monitoring of employees

3rd debate, at 12.30 – 13.30 The use of new technologies in healthcare

•10 January 2024 – Open letter from the President of the Personal Data Protection Office sent to the participants of the 14th edition of the programme “Your data – Your concern” in connection with the celebration of the Data Protection Day in schools.

•19.01.2024 Toruń – Scientific conference at the Faculty of Law and Administration of Nicolaus Copernicus University in Toruń

•29.01.2024 – seat of the Polish SA in Warsaw, INTRACO ground floor room, 10.00-15.00 hours. Consultation points for Data Protection Officers and legal advice for citizens.

•30.01.2024 r. Online webinar in the series “Certification in data protection”

•31.01.2024 r. – #ODOlekcja #DataProtectionLesson – online class for secondary school students, entitled. “Deepfake: false reality online – are you ready for it?”.

•1.02.2024 Dąbrowa Górnicza – 10th Open Day of the Office for the Protection of Personal Data at the WSB University in Dąbrowa Górnicza, during which there will be a thematic conference combined with the promotion of good practices in the field of personal data protection.

•12.02.2024 r.- A field game “I care about data every day” for primary school pupils organised by scouts from the 200th Grunwald Warsaw Scouting Team “Leśnicy” in Warsaw and of the Personal Data Protection Office.

The calendar of events published on the website of the Personal Data Protection Office will be regularly supplemented and updated. We invite you to follow it and participate in these events: https://www.uodo.gov.pl/en/553/1591.

Website for more information: https://www.uodo.gov.pl/en/553/1591

SERBIA

Concerning the celebration of the Data Protection Day please note that the  Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia will organize a conference for Data Protection Day. This year’s topic will be the current state of personal data protection in the Republic of Serbia and the region. In addition to the representatives of foreign delegations in the Republic of Serbia for the introductory presentation, we will also have the director of the Bosnian Personal Data Protection Agency

SPAIN

Here you can see the panel that Catalan Data Protection Authority will organise on February, 24 in the framework of the Data protection day.

As part of the International Data Protection Day celebrations, the Catalan Data Protection Authority is organizing the conference ‘New rules for processing personal data with the United States’, in order to deepen the new framework of privacy in the exchange of personal data between Europe and the United States, which affects both companies and public administrations.

Website for more information: https://apdcat.gencat.cat/en/sala_de_premsa/agenda/activitatagenda/Jornada-transferencies-internacionals

AEPD (Data Protection Commissioner):

DATA PROTECTION DAY

CNMC Assembly Hall C/ Alcalá, 47 Madrid

January 29, 2024

10:00-10:10. Aperture: Ms. Mar España Martí, Director of AEPD and Ms. Cani Fernández Vicién, President of the National Commission on Markets and Competition.

10:10-10:20. Presentation of the AEPD Strategy on Child Protection, Digital Health and Privacy: Ms. Mar España Martí, Director of AEPD.

10:20-10:45. Interventions: Mr Emilio Puccio, Secretary-General of the European Parliament’s Intergroup on the Rights of the Child; Mr José Manuel Bar Cendón, Secretary of State for Education; and Ms Mayte Ledo Turiel, Secretary of State for Digitalisation and Artificial Intelligence.

10:45-11:00. Closure: Mrs. Sira Rego. Minister for Youth and Children; and Mr. Félix Bolaños García. Minister of the Presidency, Justice and Relations with the Courts

11:00-12:30. Spanish Data Protection Agency Awards Ceremony 2023: At the end of the event, attendees will be offered a Spanish wine.

SWITZERLAND

To mark Data Protection Day, the Swiss Federal Data Protection and Information Commissioner is organizing a public conference on “Data protection and vulnerability”, in collaboration with the University of Lausanne’s Faculty of Law, Criminal Sciences and Public Administration, the University of Geneva’s Centre universitaire d’informatique and ThinkServices. This event will take place in French in Lausanne. Details can be found: Journée de la protection des données 2024 – FDCA UNIL.

Website for more information: https://www.unil.ch/fdca/JPD2024

TURKIYE

Within the scope of 28 January Data Protection Day, a Symposium will be organised in partnership with the Turkish Personal Data Protection Authority (KVKK) and the Turkish Justice Academy, which organises the pre-professional training and internship training of the judges in Turkiye. The Symposium will be held in two sessions; in the first session, crimes and misdemeanours in the field of personal data protection will be discussed, and in the second session, judicial processes against the decisions of the Personal Data Protection Board will be evaluated.

Academics from the law faculties of various universities, members of the higher judiciary and the experts working at the Turkish Personal Data Protection Authority will take part as speakers in the Symposium.

The Symposium, the majority of the participants of which are expected to be prosecutors and judges, aims to increase the knowledge and experience of the members of the judiciary in the field of personal data protection, which is a new field

UNITED KINGDOM

The UK ICO and International Data Protection Day activities

We’ll be running a social media-led approach, aimed at the public and Data Protection Officers: On our Twitter(X) and LinkedIn pages, we’ll be publishing simple steps that UK organisations can take to help their staff like refreshing training and reminding them to delete data.

Furthermore, we’ll be resharing some of our work aimed at the public from across the past year such as Mobile Text (SMS) pests, Smart tech tips etc. We’ll also be publishing a range of general data protection tips for the public throughout the day.

We’ll also be participating alongside the EDPS and others in the CPDP Data Protection Day 2024 which will take place on 25th January, in Brussels. At the CPDP, we’ll be talking about our Age-Appropriate Design Code, the recently updated Commissioner’s Opinion on Age Assurance, as well as the ICO’s perspective on ways to improve regulating data flows across borders, creating more regulatory certainty for organisations and better outcomes for individuals.  This one-day conference is co-organised by the Council of Europe, CPDP and the EDPS.

Interview with Prof. Dr. Dr. Lela Janashvili

President of the Personal Data Protection Service of Georgia;
Professor at Ivane Javakhishvili Tbilisi State University;
Visiting Professor at the Autonomous University of Barcelona.
 

Q1. Can you give us a brief history of Georgia´s Data Protection Law?

In Georgia, personal data protection is regulated by an overarching legislative act – Law of Georgia on Persona Data Protection, which was enacted in 2011. The Law regulates the processing of personal data by public, private institutions, and law enforcement bodies. In general, the Georgian model of personal data protection legislation is similar to the European one, where the domestic and international regulations envisage the functioning of the law applicable to all sectors under the so-called “umbrella” legislation. Furthermore, Georgia is a party to CoE “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”, also, to an “Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows”.

In 2022, the Personal Data Protection Service of Georgia conducted further research to examine the compliance of the Draft Law on Personal Data Protection with the international standards and guidelines in contemporary data protection and privacy. Just recently, in June, the Parliament of Georgia adopted it, which contributes to fulfilling Georgia’s international obligations and brings the existing legislation in the field of personal data protection closer to European standards.

In a nutshell, the adopted new law significantly enhances the rights of data subjects and expands guarantees for their protection. Important changes concern the rules of data processing for direct marketing purposes. The legal norms related to audio monitoring and the processing of the personal data of minors are introduced. Also, the data processing of deceased individuals is regulated in a new manner. Additionally, the new law ensures the prioritization of greater data protection as the default method before considering an alternative approach when creating a new product or service (data protection by design and by default). Besides, a significant novelty is that the new law introduces the institute of Personal Data Protection Officer, who should be appointed or designated by public institutions, insurance organizations, commercial banks, microfinance organizations, credit bureaus, electronic communication companies, airlines, airports, medical institutions, and by any person responsible for data processing or authorized for processing a large amount of data or implementing systematic and large-scale monitoring of data subjects’ behaviour. Furthermore, the new law also requires the prior assessment of the impact of data processing, should there be a high probability of a threat to fundamental human rights and freedoms, taking into account new technologies, data categories, scope, purposes, and means of data processing. It is worthwhile that the new law obliges the person responsible for data processing to notify the Personal Data Protection Service of Georgia of any incidents. Additionally, the introduced legal novelties concern the increased amount of administrative fines for violation of data protection legislation. The non-compliance with the legal requirement of the Service is now envisaged as a new offence, which is punishable by a fine. It is noteworthy that most of the obligations and legal novelties stipulated by the law will enter into force from March 1 of next year. In contrast, particular provisions such as Data Protection Impact Assessment, Personal Data Protection Officer and corresponding norms of administrative sanctions related to those obligations, will come into effect from June 1 of the following year.

It can be indeed said that a new era of personal data protection is beginning in Georgia, which will help the Personal Data Protection Service of Georgia to continue and strengthen personal data protection in the country based on European values. I would like to express my gratitude to everyone whose involvement made it possible to adopt mentioned new law.

 

Q2. How does Georgia work with international instances to ensure the data of her citizens is protected?

The Personal Data Protection Service of Georgia actively participates in international formats, and bilateral or multilateral meetings on behalf of Georgia, including the sittings and working groups operating in the field of personal data protection.

First of all, I would like to highlight the recent achievement of our Service. Recently, the European Data Protection Board (EDPB) members decided to accept the request of the Georgian data protection authority to become an observer to EDPB’s activities. The Board has taken note of the information provided on the PDPS and the Georgian law on the protection of personal data. The EDPB Secretariat has also consulted the European Commission to ensure homogeneity with the European Institutions, and the request has been evaluated by the EDPB members in the plenary meeting. Indeed, it is a significant milestone in the history of Georgian personal data protection law and, over the course of the existence of its supervisory authority to the extent that it further ensures the compliance of the activity of our Authority with European standards. To this end, I would like to thank our counterparts for their support and cooperation.

The Service is represented at the plenary meeting of the Consultative Committee established under the CoE “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”. The Service is an accredited member of the Global Privacy Assembly, a participant in the GPA Global Cross Border Enforcement Cooperation Arrangement (GCBECA), a Co-chair of the Data Protection Metrics Working Group, and a member of the several GPA working groups, in the scope of which we have excellent cooperation with the counterpart data protection authorities. The Service is also an accredited member of the European Conference of Data Protection Authorities, the so-called “Spring Conference”. We are a member of the Conference steering group, which is membered by the representatives from data protection supervisory authorities of Bulgaria, Cyprus, Hungary, Iceland, Latvia, Switzerland and the United Kingdom, who decided to select the Service as the coordinator of the working group. Last year, at the panel session of the 30th Spring Conference, I was honoured to give a speech regarding the mandate of our Authority and its strategy with respect to international cooperation. This year, at the 31st Spring Conference, I was delighted to chair and moderate one of the panels on judgement and decisions of the European Court of Human Rights and the Court of Justice of the European Union.

Moreover, the Georgian data protection authority is a member of the Global Privacy Enforcement Network (GPEN), the International Working Group on Data Protection in Telecommunications (IWGDPT) and the Central and Eastern European Personal Data Protection Authorities (CEEDPA), the 22nd annual conference of which we are pleased to host in next year. Since last year, the Service has held observer status at the International Conference of Information Commissioners (ICIC). Additionally, since December 2022, the Service has been represented by the delegate in the CoE Committee on Artificial Intelligence (CAI). Furthermore, this year, I was delighted to participate in the Privacy Symposium in Venice and gave a talk about the national legislation on personal data protection and the draft law; the international relations, as well as the international networks and platforms in which the Service actively participates.

Over the course of its existence, the Personal Data Protection Service of Georgia has established remarkable cooperation with the foreign counterpart data protection authorities. In 2022, Memorandums of Understanding, which aim to share the best practice and support other initiatives for continued cooperation, were concluded with the Croatian and Italian data protection authorities. Moreover, last year, in cooperation with our German colleagues, the Technical Assistance and Information Exchange (TAIEX) instrument of the European Commission was implemented, which aimed at sharing the best practice on inspection methodology in the field of data protection.

It is remarkable that last year, we hosted the European Case Handling Workshop (ECHW), which was participated by 50 delegates from the personal data protection authorities of 26 European countries. More than 25 speakers from 16 countries, including the representatives of the European Data Protection Supervisor (EDPS) and the International Committee of the Red Cross (ICRC) shared their practice and experience in the field of data protection.

We are committed to collaborating with our international partners to ensure the highest standards of data protection. From time to time, we host international conferences which are aimed at sharing the best practice and experience. For example, on March 1, the Service held an international scientific conference call – “The State of Personal Data Protection and its Legal Aspects in Georgia”, by which our Authority celebrated its establishment anniversary. The Conference was participated by the representatives of the judicial corps, academic circle, legal practitioners and was contributed by Mr. Leonardo Cervera-Navas — Director of the Office of the European Data Protection Supervisor (EDPS), as a special guest.

 

Q3. Tell us about your Authority’s most innovative initiatives.

The mission of our Authority is to advance a culture of respect for private life, raise public awareness, and uphold European standards for the protection of human rights and fundamental freedoms. To this end, we try to be innovative in our approach to cooperate with our stakeholders and enhance the state of data protection in the country. With the aim of advancing the effective application of the supervisory functions, last year, a branch office of our Authority was established in Batumi city and recently, a new unit — the Department of Planned Inspections, was created within the organizational structure of the Service.

I could furthermore mention some of the other initiatives. In 2022, in celebration of the 4th anniversary of the application of the “General Data Protection Regulation”, the “Journal of Personal Data Protection Law” was established as a bilingual, international scientific publication of the Service. It is intended to serve as a platform for legal experts, scholars, and practitioners to share their knowledge, research, and insights on personal data protection laws. The Journal aims to provide a legal analysis of pressing issues, highlight the best practices and raise public awareness. The Journal operates under the guidance of the international Editorial Board, which is membered by professors from Georgian and European universities, scientist-researchers of public law. The first issue of the Journal was published this year and was dedicated to International Data Protection Day.

Moreover, just recently, we launched the “Newsletter” series, which is issued once in four months and aims to cover the most profound activities of our Authority along with other trends of data protection and privacy.

Since last year, the Service has been holding public lectures and conducting a series of regional meetings with an aim to raise awareness towards personal data protection. To this end, we have also been running awareness-oriented public campaigns, such as #MakeaHabit Personal Data Protection, which lasted for a month and entailed the publication of illustrated cards giving significant advice with respect to data protection and privacy. Moreover, we also hold awareness-raising events for the children. Last year, the Service announced a blog contest for school students on the topic: “My Personal Data and Eyes Wide Open”. Additionally, this year, the Service collaborated with the Faculty of Law of Ivane Javakhishvili Tbilisi State University regarding a clinical legal education that provides Master’s program students with an understanding of the skills required for legal practice in the field of data protection and privacy.

 

Q4. Tell us about your experience as a GPA member.

As a GPA member, the Personal Data Protection Service of Georgia has advanced and fostered cooperation with its counterpart data protection authorities. The Assembly has provided us with a significant opportunity to contribute to the development of global data protection standards through knowledge-sharing and engaging in thematic discussions. As a member, the Service has gained access to worthwhile resources and knowledge from other GPA members. This has allowed our Authority to stay up to date with the latest trends and best practices in the field of data protection and privacy.

As we live in a data-driven age and in the era of increased technological progress where the protection of human rights and freedoms is of utmost importance, I am confident that data protection authorities stand united in dealing with emerging challenges. That again emphasizes the importance of international platforms that help the data protection authorities to improve their strategy policy of activities and implement the best standards for tackling common challenges. So, we are more than thankful for this opportunity and remain committed to the objectives and strategic goals of the GPA.

 

Urgent to promote measures to eradicate violations of the right to privacy in the digital age, which affect women

On Monday, March 6th, within the framework of the International Women’s Day commemoration,
the first edition of the GPA Dialogues took place, an activity organized by the Chair of the Global Privacy Assembly, with the purpose of opening spaces for public discussion on cutting-edge and common-interest issues regarding privacy and personal data protection.

Read more

GPA Dialogues

The plenary board of the Institute for Transparency, Access to Information and Personal Data Protection (INAI) as Chair of the GPA is pleased to invite you to the first edition of the GPA Dialogues where we will have an opportunity to listen to experts in the field of privacy data protection with a gender perspective. 

Read more

The European Case Handling Workshop, 2022 Accomplished In Tbilisi

The European Case Handling Workshop, 2022 organized by the Personal Data Protection Service of Georgia accomplished today in Tbilisi.

More than 50 delegates of personal data protection authorities from 26 countries attended the meeting.

The second working day of the forum, held on November 17-19, was devoted to the discussion of the following emerging topics: Data Protection in Social Media and Domestic Exemption; International Data Transfer; Personal Data and Artificial Intelligence; Data Breaches from Data Security

Read more

The Personal Data Protection Service Is Hosting The European Case Handling Workshop

The Personal Data Protection Service of Georgia is hosting the 2022 European Case Handling Workshop (ECHW).

The meeting is held in Tbilisi and more than 50 delegates of personal data protection authorities of 26 European countries are attending it. This year, the Workshop will address such significant topics as the stages of conducting inspections by data protection supervisory authorities; data protection in social media and domestic exceptions; international data transfers; personal data and artificial intelligence, etc.

Read more

Regulating the Digital Economy – Why Privacy and Competition Authorities Should Talk to Each Other

Data sits at the center of our digital economy and does not conform to regulatory or geographical boundaries. It is clear further understanding and collaboration by authorities across privacy, consumer protection and competition regulatory spheres is needed to achieve optimal regulatory outcomes. The Digital Citizen and Consumer Working Group (“DCCWG”) is focused on considering the intersections of, and promoting regulatory co‐operation between, the privacy, consumer protection and competition (also referred to as antitrust) regulatory spheres. In doing this, the DCCWG seeks to support “a global regulatory environment with clear and consistently high standards of data protection, as digitalisation continues at pace.” This article explores some of the key learnings of the DCCWG over the past 5 years. Ultimately, the DCCWG view is that collaboration between competition agencies and privacy agencies is becoming an imperative for any jurisdiction that seeks to achieve cohesive digital regulation.

By Melanie Drayton[1] & Brent Homan[2]

 

Read more