Elizabeth Denham’s opening remarks at the GPA 21 Open Session

Hello. I’m Elizabeth Denham, the UK Information Commissioner, and chair of the Global Privacy Assembly.

On behalf of the GPA, I would like to welcome you all to this year’s open session.

We are able to benefit from this conference thanks to the fantastic work of our Mexican hosts. On behalf of the GPA, I would like to formally thank President Commissioner Blanca Lilia Ibarra Cadena for hosting us.

Blanca – I am very grateful for your warm welcome. On a personal note, I am so disappointed that circumstances prevent us enjoying your country’s hospitality in person today. But I know too that hosting a successful digital event is a real achievement.

And I extend a particular thanks to Commissioners Francisco Javier Acuña Llamas and Josefina Roman Vergara and their hard working staff, for making this event a reality.

As many of you will know, we were unable to hold an open session conference last year, and so this is my first opportunity to speak as GPA chair to many of you for some time.

It would be nice to begin today by talking about our achievements.

It is three years since I became chair of the Global Privacy Assembly, and this conference will be my last as chair. I would love to reflect back on how we have modernised our Assembly, given it a year-round voice, and engaged with you, the broader privacy community, more than ever before.

But as a community, reflecting on our successes is a luxury we do not have time for.

It is two years since we last held the open session in Tirana. I would love to reflect back on our successes since then. How our community responded to the COVID-19 pandemic, working together more than at any time in our history.

We must reflect on the pandemic to inform our future, and make sure we are well equipped for what comes next. But again, we not have time to rest on our laurels.

We must instead turn our attention forwards. The digital world has always turned quickly, but the pandemic has accelerated the uptake of services, the pace of innovation and the desire of organisations to look for data-driven solutions to their problems.

As a community, we have to keep pace if we’re to protect people’s privacy rights.

When someone sees the opportunity to use AI to improve healthcare, it is our job to ask whether people’s information is being treated fairly.

When someone sees the opportunity to use an app to improve COVID contact tracing, it is our job to ask whether people’s information is being used transparently.

And when someone sees the opportunity to use facial recognition technology to improve security, it is our job to ask whether people’s information is being used proportionately.

That is why the theme of this conference is a human centric approach.

We have a fantastic and varied agenda, covering a diverse range of topics: mass data processing, vaccine passports, AI,  surveillance, data ethics… so many sessions to look forward to.

But no matter what topic we discuss, we must stay focused on responding to the pace of change, with people at the centre of our thoughts.

And so I want us to keep in mind two key questions in every discussion during our conference.

We must ask:

  • ‘do we understood how people feel?’

And we must ask

  • ‘how does privacy stay relevant?’

The digital world turns quickly, and our community only has a seat at the table for as long as we earn it.

Firstly, we do that by representing people’s views. What does data use look and feel like to the people whose data is being used? That is crucial, if we’re are to help maintain people’s trust in data-driven innovation.

And we then need to turn that insight into practical value. Our input has to mean something, beyond legal boxticking. We successfully showed our relevance during COVID. We must continue to show our relevance moving forward.

I’ll bring my comments to a close there. We have a busy two days ahead of us at this open session. Let’s make the most of that time.

And let’s keep in mind those two questions.

  • ‘Do we understood how people feel?’


  • ‘How does privacy stay relevant?’

GPA Newsletter September 2021 now available

The GPA September 2021 Newsletter is now published and available on the GPA website.

This Edition of the Newsletter features the upcoming highlights of the GPA 2021 Conference, as well as our regular editorial from some of the leading representatives of the GPA community. The Newsletter provides the latest insight and updates on important issues impacting the international data protection and privacy landscape today.

This GPA September 2021 Newsletter is the final edition to be produced by the current UK, ICO GPA Secretariat and we would like to sincerely thank all the contributors to the Newsletter during our tenure over the past three years.

View Newsletter here.

Global Privacy Assembly (GPA) ‘Giovanni Buttarelli Award’ is launched

The Chair and Executive Committee of the Global Privacy Assembly (GPA) are delighted to announce the launch of a new GPA Award in 2021 in memory of Giovanni Buttarelli, former European Data Protection Supervisor and Executive Committee Member.

This Award aims to recognise Giovanni’s invaluable contribution to the international data protection and privacy community as a leader and as a passionate advocate for international collaboration.

Elizabeth Denham, UK Information Commissioner and GPA Chair, said:

“Giovanni Buttarelli was the European Data Protection Supervisor, a truly inspiring figure in the international data protection and privacy community, and a friend. Giovanni brought his long experience and deep-felt humanity to bear in steering the work of the Global Privacy Assembly as a member of our Executive Committee, and we miss his guiding hand. This Award ensures that his legacy and advocacy for international collaboration continue.”

The Award will be presented annually at the Global Privacy Assembly Open Session.

Eligible candidates will be individuals who have demonstrated exceptional leadership or have promoted collaboration and/or partnership at a regional or international level in the field of data protection and privacy, and have helped move towards Giovanni Buttarelli’s vision for a fairer digital future for all.

The individual could have demonstrated these characteristics either throughout a certain period of time, such as when leading a particular project, or throughout their career.

The demonstration of these credentials could be, for example, through:

  • The fostering of new or innovative types of international or regional partnerships or the promotion of new collaboration methods amongst regulators, organisations and fields, such as partnerships between data protection authorities.
  • Leading on a project that has led to the development of innovative concepts or practices, which have significantly impacted the thinking in the (international) data protection and privacy community.

To be eligible for the Award, individuals must be nominated by at least one individual they have closely worked with belonging to an organisation in the field of data protection or privacy.

Details of the nominated individual’s contribution should be outlined on the application form. This form is available on the GPA website to download and complete by the given deadline.

Further information on this award can be found here.

The GPA is deeply grateful to Giovanni Buttarelli’s family for endorsing this Award.

For general and media enquiries, please contact the GPA Secretariat: secretariat@globalprivacyassembly.org.

Shortlisted entries announced for the 2021 Global Privacy and Data Protection Awards

The GPA Executive Committee has shortlisted entries for the 2021 Global Privacy and Data Protection Awards.

Now in its fourth year, the Awards celebrate the achievements of the GPA community and shine a light on good practice.

The shortlisted Award entries are:

Education and public awareness



Dispute resolution and enforcement

GPA members will receive instructions on how to vote for this year’s shortlisted entries.

The winners will be announced at the Global Privacy Assembly 2021, Mexico.

GPA 2021 Mexico: A message from INAI Commissioners

As the INAI, Mexico is a committed guarantor body for compliance of fundamental rights, and Host of the Global Privacy Assembly 2021, we have decided the central theme of the GPA 2021 to be Privacy and Data Protection: A Human Centric approach. It is crucial to highlight the role individuals play in the decision making involved in data processing, regardless of the technology used for that purpose.

This year’s edition will be held in a hybrid scheme both online and in-person on 18-21 October 2021, which will allow us to have high-security standards and facilitate cooperation without physical or virtual barriers.

For the in-person part, diverse venues will be considered in order to provide the appropriate care for the safety of the attendees, maintaining safe distance protocols, mandatory use of face masks, and reduced forums. As for the virtual part, we will have a friendly platform that will allow digital interaction among participants.

With great excitement, we would now like to present the Agenda for the Open Session, which is mainly focused on the coexistence between the development of new information technologies and human rights. This will feature keynote lectures, panels and parallel sessions in which international and national experts will address their best practices on technological evolution and human intervention in massive data processing; Privacy and the Pandemic; Vaccine Passports and Similar Certificates; Data Flows with Trust; Internet of Things; and artificial intelligence, digital rights and inclusive policies are among others topics that will also be reviewed. The Agenda for the Closed Session has also been published.

As host authority of this year’s edition, INAI intends to generate opportunities for an open dialogue allowing leaders to discuss and to exchange knowledge and ideas to propose solutions for emerging issues in the field.

We are looking forward to your attendance at the Assembly, see you soon in Mexico City!

INAI’s Commissioners
Host Authority, GPA 2021

‘Privacy, People and the Pandemic’ workshops by OECD, GPA and UN Special Rapporteur on the Right to Privacy

The OECD Working Party on Data Governance and Privacy in the Digital Economy (WPDGP), the Global Privacy Assembly (GPA) and the mandate of the UN Special Rapporteur on the Right to Privacy are hosting two workshops that will be spread across three days 21-23 June 2021.

The workshops will offer complementary – and sometimes challenging – points of view of the impact of the COVID-19 pandemic with a special focus on privacy and data governance. The topics follow on from two previous workshops held in April 2020 and September 2020.

The first session will provide an opportunity for policy makers and regulators to share perspectives one year later on the varying privacy and data governance frameworks that were developed in support of their response efforts.

This will lead onto two sessions on innovative insights on countries’ plans for the road to recovery with a specific focus on “Data privacy aspects in the workplace during the pandemic” and “Vaccination programmes and travel passports.”

The third and last day will be an intensive workshop organised by the UN Special Rapporteur on the Right to Privacy, also with the support of the GPA. It will be dedicated to a more in-depth evaluation of the evidence available on the impact of the pandemic on privacy across the world. The intensive sessions on this third day will also afford NGOs, academics and others, both within and outside OECD countries, with the opportunity to discuss similar issues as those presented during the first two day workshop or outside it.

View the workshops agenda.

GPA 2021 Resolutions – Call to GPA members

Do you have a resolution idea to table at the GPA 2021 Conference?

Are you looking to co-sponsor or contribute as a GPA member to this year’s Conference resolutions?

The GPA Executive Committee is aware that many members want to get as much as possible out of their membership of the GPA. Engaging with the development of the Conference Resolutions is a great way to get involved. As we start to prepare for this year’s Closed Session, members are reminded of the GPA approach, including the deadlines for submission, relating to resolutions.

Submission of Resolutions for the GPA 2021 Closed Session

  • Resolutions for 2021 will be adopted at the hybrid online and in-person Closed Session. Members considering submitting a resolution, please note that resolutions should:
    • be clear and concise;
    • address matters sufficiently related to the purposes of the GPA and invoke action on matters relating to data protection and privacy;
    • focus on a current strategic need of the GPA – In other words, resolution main sponsors should be able to easily explain how the resolution text contributes to the delivery of the GPA Strategic Direction adopted in Tirana, 2019.
  • Proposed resolutions must have at least four other co-sponsors (apart from the main sponsor), representing, insofar as possible, different cultural, geographic and legal backgrounds. Please note: it is the main sponsor’s responsibility to ensure that these four other co-sponsors have been obtained by the time of final submission of the resolution to the conference on 4 October at the latest, otherwise the Resolution may risk not to be considered valid.
  • It is the main sponsor’s responsibility to negotiate member amendments to a resolution. The Secretariat can receive amendments directly to the Secretariat central inbox to forward onto the main sponsor, but many main sponsors prefer to be contacted directly. In any case, please indicate which email address and name of official responsible for answering questions about the resolution the Secretariat should use for directing all resolution-related enquiries and amendments.
  • Proposed resolutions should be submitted either in English, or if the original is in another language, then please submit a copy in English simultaneously.


Proposed resolutions are subject to the following timelines in 2021: 

Action  Date 
Please notify the Secretariat of intention to table a resolution by:


11 June 2021
Deadline to table a draft complex/technical resolution
to the Secretariat
30 June 2021
Deadline to table a draft resolution (non-complex/technical)
to the Secretariat
30 July 2021


Proposed draft resolutions circulated to all GPA members:
consultation period launched, for comments and amendments 
16 August 2021


Final draft resolutions circulated to all GPA members in advance
of the Closed Session (complete with four other co-sponsors) 
4 October 2021

For your information, please see the link to the GPA Rules and Procedures and for all enquiries regarding the above and the upcoming Closed Session, please contact the GPA Secretariat: secretariat@globalprivacyassembly.org.

GPA 2021 Mexico – Save the Date

The Chair of the Global Privacy Assembly (GPA), its Executive Committee and conference hosts the National Institute for Transparency, Access to Information and Personal Data Protection (INAI), Mexico, are pleased to announce the 43rd Global Privacy Assembly 2021 will take place between 18-21 October 2021 in Mexico City, Mexico, as a hybrid event, available both in-person and online.

Registrations will open soon! With more details to follow.

Visit this year’s conference website, Twitter and LinkedIn for the latest information.

Launch of the GPA Global Privacy and Data Protection Awards 2021

The GPA Executive Committee is pleased to announce that this year’s Global Privacy and Data Protection Awards nomination process is now open!

Now in its fourth year, the Awards celebrate the achievements of the GPA community and shine a light on good practice.

Any member can apply. Submit your entry form no later than Wednesday 16 June 2021.

The award categories are:

  • Education and public awareness
  • Accountability
  • Dispute resolution and enforcement
  • Innovation
  • People’s Choice (shortlisted entries in all categories will automatically be entered for this Award)

Find out more information on how to apply.