Call for interest to the GPA Reference Panel extended for applicants from South America, Asia and Africa

While we have received a number of applications to the GPA Reference Panel so far, applicants from South America, Asia and Africa are underrepresented.

In recognition of the GPA’s principle of cultural, geographical and legal diversity, the deadline for applying has been extended until 15 May 2020 for applicants from South America, Asia and Africa. This will make sure we achieve greater diversity among applicants.

If you are from one of those regions, please download the relevant form here and submit your nomination.

Established in 1979, the GPA is an international forum of data protection and privacy authorities which seeks to provide leadership at the international level by connecting the efforts of more than 130 data protection and privacy authorities from across the globe. If you wish to know more about the GPA’s current priorities, please refer to our Strategic Plan (2019 – 2020) and Policy Strategy.

What is the GPA Reference Panel?

The GPA Reference Panel will be a contact group involving a variety of external stakeholders which the GPA is seeking to establish in order to provide expert knowledge and practical expertise on data protection and privacy, as well as on data protection related issues and developments in information technology.

Who can respond to the call?

The call for interest is aimed at representatives of relevant civil society organisations, academic institutions, think tanks, non-privacy supervisory authorities, representatives of public authorities such as law enforcement authorities, and representatives of the private sector who have an interest in the vision and mission of the GPA.

How do I apply?

Download the call for interest form and return it along with your cover letter by 15 May 2020 to the GPA Secretariat at secretariat@globalprivacyassembly.org

Please note that this extended deadline applies only if you are a stakeholder from South America, Asia and Africa. Applications from other regions will not be considered in this phase.

In order to ensure a well-balanced cultural, geographic and legal diversity in the Panel’s composition, the GPA Secretariat will be liaising closely with relevant GPA Regional and Linguistic Networks during the sifting and nomination process.

If you have any questions regarding the application process and the GPA Reference Panel, please contact the GPA Secretariat at secretariat@globalprivacyassembly.org

Statement by the GPA Executive Committee on the Coronavirus (COVID-19) pandemic

The Executive Committee of the Global Privacy Assembly (GPA) recognises the unprecedented challenges being faced to address the spread of Coronavirus (COVID-19).

Addressing these challenges requires coordinated responses at national and global levels, including the sharing of personal information as necessary by organisations and governments, as well as across borders.

We are confident that data protection requirements will not stop the critical sharing of information to support efforts to tackle this global pandemic. The universal data protection principles in all our laws will enable the use of data in the public interest and still provide the protections the public expects. Data protection authorities stand ready to help facilitate swift and safe data sharing to fight COVID-19.

Health data is considered sensitive across many jurisdictions, but work between data protection authorities and governments means we have already seen many examples of national approaches to sharing public health messages; of using the latest technology to facilitate safe and speedy consultations and diagnoses; and of creating linkages between public data systems to facilitate identification of the spread of the virus.

We issue this statement today to set out our support for public bodies and health practitioners to be able to communicate directly with people, and scientific and government bodies to coordinate nationally and globally, to tackle the current COVID-19 pandemic.

Our data protection and COVID-19 resources page provides the latest guidance and information from GPA members.

– GPA Executive Committee

Elizabeth Denham CBE, GPA Chair and UK Information Commissioner

Marguerite Ouédraogo Bonané, President of CIL, Burkina Faso

Angelene Falk, Information Commissioner and Privacy Commissioner, Office of the Australian Information Commissioner

Raymund Enriquez Liboro, Privacy Commissioner and Chairman, Philippines National Privacy Commission

Eduardo Bertoni, Director of the National Access to Public Information Agency, Argentina

Besnik Dervishi, Information and Data Protection Commissioner, IDP Albania

Francisco Javier Acuña Llamas, President Commissioner, National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), Mexico

John Edwards, Privacy Commissioner, Office of the Privacy Commissioner, New Zealand

Update from the Working Group on Data Protection Metrics

The Global Privacy Assembly (GPA) membership is organised into Working Groups that concentrate on the most significant GPA initiatives identified by the membership, deriving their mandate and direction from the annual conference, typically leading from Resolutions. Learn more about the GPA Working Groups.

In this video, Privacy Commissioner John Edwards (Office of the Privacy Commissioner, New Zealand) gives an update on the GPA Working Group on Data Protection Metrics.

Call for proposals to host the GPA Annual Meeting in 2022

If you are a GPA member authority and are considering submitting a bid to host the 2022 Annual Meeting, consult the guidance for authorities intending to submit a proposal to host the 2020 Annual Meeting of the Global Privacy Assembly and return your bid to the GPA Secretariat at secretariat@globalprivacyassembly.org by the 24th of April.

The GPA Annual Meeting

The Global Privacy Assembly meets annually to provide member authorities with an opportunity to discuss matters relevant to the membership as a whole, such as considering proposed resolutions and declarations, the Assembly’s strategic direction as well as deciding on accreditation of new members to be admitted to the GPA.

Each year, the GPA Secretariat will invite member authorities to submit proposals to the Executive Committee to host a future annual meeting.

Who can respond to the call? 

Any accredited GPA member authority can submit a proposal for hosting the 2022 Annual Meeting. The Executive Committee will also accept a proposal made jointly by two member authorities.

How do I submit my Host Bid proposal? 

Host Bid proposal have to be sent to the GPA Secretariat at secretariat@globalprivacyassembly.org by the set deadline to be considered.

Before submitting your proposal, please ensure you have read the guidance for authorities intending to submit a proposal to host the 2022 Annual Meeting of the Global Privacy Assembly.

Are there any relevant documents I should consult before submitting my proposal?

Hosts should familiarise themselves with the Assembly’s Rules and Procedures, which outline aspects of the hosting role (e.g. in relation to language and simultaneous interpretation), and with the Assembly’s Resolution on the Conference’s Strategic Direction.

The proposal on the Relationship between the Closed and Open Sessions developed by the Working Group on the Future of the Conference, and endorsed by the 2019 Annual Meeting in Tirana, is also considered a helpful resource for Bidding Authorities when drafting their proposal.

Any other questions?

If you are considering to submit a bid to host the 2022 Annual Meeting and have doubts or queries in relation to the process, please do not hesitate to contact the GPA Secretariat at secretariat@globalprivacyassembly.org

Update from the Working Group on Digital Education

The Global Privacy Assembly (GPA) membership is organised into Working Groups that concentrate on the most significant GPA initiatives identified by the membership, deriving their mandate and direction from the annual conference, typically leading from Resolutions. Learn more about the GPA Working Groups.

In this video, Ms Marie-Laure Denis, President of the Commission Nationale de l’Informatique et des Libertés (CNIL), gives an update on the work of the Working Group on Digital Education.

GPA marks International Data Protection Day 2020

Happy International Data Protection Day from the Global Privacy Assembly!

Elizabeth Denham CBE, Chair of GPA and UK Information Commissioner, is speaking by video today at the International Data Protection Day 2020 event hosted by the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI) in Mexico City.

In her speech, Ms Denham says that the data protection world has perhaps never been a more challenging one. But that our international partnerships can bring solutions, with the GPA moving towards stronger regulatory co-operation, paving the way not only to sharing best practice but potentially sharing lines of enquiry – view the GPA Strategic Plan 2019-2021.

Ms Denham also says that one of the emerging areas of data protection right now is considering the human values that underpin privacy. And it’s welcome that our GPA conference in Mexico City later this year will take this emphasis on human values as a starting point for its theme, of ‘Privacy and Data Protection: A human-centric approach’.

You can read more about the GPA 2020 in Mexico City in our latest newsletter.

Application process for new members and observers now open

The Global Privacy Assembly (GPA) has re-opened the application process to welcome new members and observers into its community.

Established in 1979, the GPA community has continued to grow ever since, currently comprising more than 100 member authorities across the globe.

Each year, the GPA welcomes new applications for data protection authorities wishing to join as members, as well as for other public entities and international organisations having an interest to become GPA observers.

If you wish to become a Member, please complete the online application form. Membership applications will close on 10 July 2020, although prospective applicants are strongly encouraged to submit their application as early as possible to allow the Executive Committee to carefully examine the evidence submitted.

If you wish to join the GPA community as an Observer, please complete the relevant application form. Applications for observer status will close on 9 August 2020, although prospective applicants are strongly encouraged to submit their application at an early stage.

For any questions related to the GPA Accreditation process for membership and observer status please get in touch with the GPA Secretariat at secretariat@globalprivacyassembly.org

Conference launches new name and logo

Today the International Conference of Data Protection and Privacy Commissioners has launched a new logo and a new name: Global Privacy Assembly (GPA).

Building on our 40-year history, the new logo and name represent the evolution of the conference and the current work to modernise it, including a new policy strategy which sets out a clear vision for the organisation.

Elizabeth Denham, GPA Chair and UK Information Commissioner, said: “Our new name feels hugely significant. Data protection and privacy is now too great an issue for this community to only have a role once a year. That’s why we took a step forward at last month’s conference in Tirana, when we agreed a set of strategic priorities that strengthen the group’s position as an effective and influential international forum. The new name reflects a group that supports one another year round, sharing knowledge and building stronger cooperation.”

Our colleagues from the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), México undertook the challenge to design options for our new logo and name, with the membership having the final say by voting for their preferred option. INAI is also hosting the next Global Privacy Assembly conference in Mexico City in October 2020.

Francisco Javier Acuña Llamas, President Commissioner of the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), México, said: “Thanks to the collaboration of our colleagues, we created a logo which represents the organisation’s main attributes: international cooperation, knowledge sharing, independence and leadership.

“These four concepts emerged from a consultation with the membership, and they were used as guiding concepts for the design of the logo and were translated into organic and iconic forms, in complementary and harmonious colours.

“The implementation of elements that point towards progress, such as the arrow, indicates the leadership of the representatives of each country, and the circular forms aspires to reflect the exchange of knowledge and the capacity for cooperation among the international authorities involved.

“For the name of the Conference, it was sought to recall, in an easy and short way, the nature of the Conference itself, but not with less strength. And with the intention of expressing modernity and balance together with the other elements of the logo, Global Privacy Assembly (GPA) was created.”

Over the next few weeks, the Assembly’s visual identity will start to align around its new direction. You’ll see changes on the website, social media and on stationery. It’s an evolution of our 40-year-old history. It’s a Global Privacy Assembly of data protection and privacy commissioners.

Blog: Accountability – an upward force?

Dr Andrea Jelinek

For protecting personal data today and in the future, accountability is key. There is no doubt about that. The International Conference has rightly placed the principle of accountability in the spotlight.

In the terms of the General Data Protection Regulation, accountability means two things: first, an accountable organisation must have appropriate measures in place to ensure compliance. And secondly, an accountable organisation must be able to demonstrate its compliance.

This might seem straightforward, but it actually is an important evolution. The incorporation of the accountability principle in the GDPR is a key change compared to the Data Protection Directive and is a fundamental shift in approach. It is a move away from red-tape and box-ticking exercises, such as the requirement to obtain authorisation from the regulator before launching a processing operation. Instead, organisations must now pro-actively define their approach to data protection and create a culture of commitment to this fundamental right. Organisations must understand the risks that they create for others with their data processing operations, and mitigate those risks by introducing internal measures, such as privacy management programmes.

It is important to remember that accountability is a process and not just a toolbox.  Demonstrating compliance is more than just a snapshot of processing operations during a certain moment in time. It is rather an increasing awareness and understanding of how an organisation processes data.

Can accountability contribute to overcoming differences between data protection regimes in various parts of the world?

It can certainly play a significant role. However, organisations must:

  1. assess local jurisdictions carefully;
  2. adapt their privacy management programmes accordingly and
  3. use the highest standard as a common denominator across all jurisdictions.

This is a tall order, but organisations are not alone on this journey. Regulators worldwide have been leading and supporting the discussion on how to reach consensus on accountability across jurisdictions.

For more information about ICDPPC 2019 visit www.privacyconference2019.info

Dr Andrea Jelinek, Chair of the European Data Protection Board, is the moderator of ‘Panel IV: Accountability – the global bridge to support high standards of data protection?’, Open Session, 41st International Conference of Data Protection and Privacy Commissioners, Tirana, Albania.