GPA Annual Meeting Host Authorities announced for 2022 and 2023

The GPA Executive Committee is delighted to announce that the Turkish Personal Data Protection Authority (KVKK) has agreed to take on the role of GPA Annual Meeting Host 2022.

The President Commissioner of the Turkish Personal Data Protection Authority, Prof. Faruk BİLİR, “would like to thank the Executive Committee for the opportunity, and looks forward to the responsibility of hosting this important meeting in 2022.”

The Executive Committee is very thankful to the authority for their flexibility and willingness to host at a shorter than usual notice.

The Executive Committee is also delighted to announce that the GPA Annual Meeting will take place in Bermuda in 2023, hosted by the Office of the Privacy Commissioner of Bermuda.

The Executive Committee is looking forward to working closely with both authorities and is confident that they will both deliver a conference that will guarantee overall delegate satisfaction.

Members may recall that New Zealand had been selected by the Executive Committee to host the GPA Annual Conference in 2021, but that this was pushed to 2022 due to the coronavirus pandemic.

The Office of the Privacy Commissioner of New Zealand has recently informed the Executive Committee that it has with great regret decided to withdraw from hosting in 2022. This is due to the present uncertainty about the degree to which borders will be open for in-person attendance by members and the time-zone for virtual attendance being inconvenient for so many member authorities.

Solving the billion-dollar question: how do we build on the foundations of convergence?

Elizabeth Denham, UK Information Commissioner and outgoing Chair of the Global Privacy Assembly, delivered the following speech at the 43rd Global Privacy Assembly conference, hosted digitally by INAI, Mexico.

I’m here to discuss convergence and international standards. I want to talk about three foundations for convergence that already exist. And then I want to talk about three ways we can build on those foundations in the future.

First, let’s briefly discuss why convergence has a role to play.

Our digital world is international. Data flows around the world in a heartbeat. I open up my phone, check an app, and in a moment my data travels around the globe. Services like geolocation and cloud computing all rely on international data flows.

But the checks and balances on this data are domestic.

That brings problems.

It can mean that when a multinational company doesn’t follow the rules, or when there is an international data breach, the ability for regulators to work together across jurisdictions can be limited, as we try to match up our differing legal systems and approaches.

It can mean that businesses have to follow several sets of rules to reach a single customer base, spread across jurisdictions. Or that people are unsure what their protections are, or where to turn for help.

And it can mean a system for international data flows based on assessments of how other nations’ laws measure up to our own, no matter how many flaws we may be willing to acknowledge in our own systems.

The result is an international problem that could be costing economies around the world billions of dollars.

Convergence – through common standards and better architecture between our laws, could reduce those problems. But how do we achieve that? That is what I want to discuss today.

 

Mexico

Before I begin discussing the foundations for convergence that already exist, and how we can build on them, allow me a brief tangent.

We were, of course, originally scheduled to be discussing this topic in person, in Mexico City. I’ve been fortunate enough to attend a number of GPA and ICDPPC conferences, and been lucky enough to see some incredible parts of the world as a consequence – including Mexico back in 2011. And much as I love London, it isn’t the same as enjoying Mexican hospitality.

So while we can’t travel to Mexico, I’ve tried to bring a little of Mexico to us today. I’ve themed my speech today around some of the incredible historic sights the country has to offer. I hope one day I can again experience these sites in person.

 

Building on the foundations of convergence

Let’s begin with my next slide, the Pyramid of the Sun at Teotihuacan. A step pyramid built around 1,800 years ago, it is 75 metres high and more than 200 metres across.

Having climbed to the top myself, I can tell you that’s high.

It was built from two and half million tonnes of stone and earth, with each tier rested securely on the wider tier below.

This is how our moves towards greater international convergence must be constructed, if we are to reach the heights we aspire to. We must build on the carefully constructed work already completed.

The GPA has been central to the work in this area. The Assembly exists to bring together data protection and privacy authorities from around the world, and that international collaboration is the very first foundation of any convergence. What’s more, work by a GPA working group to analyse ten global frameworks from across the world showed strong commonalities. In particular, there were overlaps in the core principles and data subject rights, and also in requirements for independent supervisory bodies.

Those findings should perhaps come as no surprise. The development of data protection legislation in the last decade has seen a model of building ‘best of breed’ laws, with the newest privacy laws, such as those in Brazil and California, standing firmly on the shoulders of other existing laws.

That’s a sensible approach, as common features across laws bring a greater ability to share expertise and even work together on investigations, as well as increasing the potential for free flow of data between countries.

That free flow of data was a central motivation for the recent meeting of G7 data protection and privacy authorities, another part of the pyramid we can build upon. The meeting grew from the ambition of ‘data free flows with trust’, a central part of the 2019 G20 in Japan. We discussed at our G7 meeting how we could better work together on topics like AI, cookies and national security. The focus was on where we could commit to making progress that would have a positive impact for each of us domestically.

It is clear that we have a considerably wide base with which to build further convergence. I’ve not touched on the Council for Europe’s work in this area, for instance. But it is clear too that our work only goes so far. There are no easy answers here – if there were, we would already have taken them.

 

Image by Vlad Tchompalov on Unsplash

Respecting cultural differences

I’ll move now to my next historic sight of Mexico, and the UNESCO protected Cozumel reef. The reef is part of the second largest system in the world, which is home to more than a thousand marine species, living side by side.

That respect for one another’s cultures and approaches is another key foundation for convergence.

I think this is an important point. Historically, convergence has too often been seen as a shorthand for ‘why don’t you converge with my approach, or my law’. And that hasn’t worked.

Convergence has to be a meeting in the middle, and I think there’s a much better appreciation of that now. Our countries all have different legal structures, different administrative setups, and different cultures built on different histories.

Convergence must not mean leaving those differences behind. Instead, it needs to be about finding ways to join together these differences, and to weave a meaningful safety net of protections that work globally.

As an aside, that respect for another’s cultures has been one of the real impressive aspects of our conference this week.

For someone who has worked in data protection as long as I have, hearing so many bright minds engaged in discussing privacy is so positive. There has always been expertise in this field, but the diversity of knowledge now is what stands out. We have the brightest minds in academia, business, in law and in the regulatory and policy space all wanting to work on privacy issues. And we have the international diversity too – the Global Privacy Assembly really does bring voices together from all parts of the world. That diversity gives us so much collective wisdom.

 

Image by Diego Delso, delso.photo, License CC-BY-SA

Our response to the pandemic

Which brings me on to the third foundation of convergence

This is the Hospital de Jesus Nazareno in Mexico City. It is said to be the oldest hospital on the continent, and to have been built at the behest of controversial Spanish Conquistador Hernán Cortés.

It remains in operation today, and like most hospitals around the world, has spent the past couple of years facing the challenges of the COVID-19 pandemic.

The pandemic has brought a great number of challenges to our community.

But it has shown the value of privacy too, and how we benefit from our shared expertise.

I saw this first hand in the UK. When the UK government wanted to develop a contact tracing app, it considered data protection at an early stage, and it consulted with my office. The government understood that answering the questions we posed on transparency, legality and fairness would help to develop an app trusted by more people.

The advice my office provided government was informed by conversations we had with colleagues across the Global Privacy Assembly network. Regulators across the world were facing similar challenges, and we all  benefited from the shared wisdom of the Assembly.

Crucially – and this goes back to my conference opening yesterday – I saw our community asking the right questions. Do we understand how people feel? And how can we make sure our input is providing practical value?

When I look now through the ICO’s opinion on contact tracing apps, and through the GPA’s Compendium of Best Practices, I think the benefits of focussing on those two questions shines through. Privacy remained relevant.

And if you’ll allow me just a moment’s reflection, I believe the success of our community’s response to COVID-19 was built on the modernisation of the GPA.

We are now a year round assembly, able to respond quickly to challenges that arise between conferences, such as the COVID-19.

We are more collaborative than ever, able to share our expertise and to speak with one voice, as we did when we emphasised the importance of continued protections for people’s data rights during the pandemic.

And we are more outward facing than ever before, working with so many of you, including the likes of the OECD, the UN and the WHO, to make sure the advice we offered through the pandemic is rooted in practical benefit.

Our teamwork, across the privacy community, showed that we can work together, no matter our differing laws and cultures.

The pandemic showed how convergence could work.

 

Image by Mario La Pergola on Unsplash

Building common principles

But it showed too that we still have further to travel, if we are to truly benefit from the potential of convergence.

I will now set out the three areas where our experience shows that more must be done, to build on the foundations of convergence already in place.

The Kukulcán is a step pyramid in the south of Mexico. Across its four sides, the pyramid has a total of 365 steps, one for each day of the Mayan year.

Early separation of the year into formal calendars gave a framework for Mayan society, and was important for trade, agriculture and religion.

As we look to the next stage of international convergence, we need to find our own framework. We need recognisable common principles that can translate across borders.

Aspects like transparency and fairness are not specific to a single law or regulatory approach, and so can act as a bridge to better international collaboration and cooperation.

This is work that is already underway within the GPA. Our Global Frameworks and Standards Working Group has focused this year on key principles that members can agree on, touching on aspects including the independence of data protection authority, international transfer mechanisms and government access to data. The latter has resulted in a resolution we’ll discuss in the closed session later this week.

The Council of Europe’s work around C108 and C108+ has also looked to set common principles. And there is potential too for further exploration of how codes and certifications, including those led by business and trade groups, could assist in this area.

But it is clear that there is room for further progress.

 

Image by Charlie Marchant on Flickr

Architecture to join our laws

Let’s move to our next sight.

The Copper Canyon is a network of canyons covering 65,000 square kilometres. The Canyons are linked by the Chihuahua al Pacifico, a railway passing over 37 bridges and through 86 tunnels.

The architecture needed to join the different canyons is a neat analogy for the second area where we need to build on the foundations for convergence.

It is accepted that the flow of data, from individual to organisation, from organisation to organisation, from country to country, is integral to digital innovation.

It is accepted – I hope – that such data flows rely on the public trust earned through sensible data protection regulation.

And yet we continue to consider those protections domestically.

We do have systems to transfer data internationally, of course. CBPRs enable data flows in parts of the world, while elsewhere adequacy agreements have their place.

But it remains the case that we are working with a series of bridges, rather than a single railroad.

What we need is better architecture to join together our world, and to allow different laws to work side by side. We need a railroad through the canyons.

 

A new approach

Which brings me to our final Mexican historic site. The Temple of San Agustin is a 16th century church. A beautiful white stone building built as a convent, with an eye-catching bell tower and historic murals.

But it is also abandoned. The convent was built near a lake, and flooding in the 17th and 18th century kept washing away the friars’ work. Eventually, they gave up fighting the waters, and moved away.

There is a lesson there for today. We are all proud of our domestic laws, built with good intentions. But if the waters of international digital innovation keep washing away our work, at what point do we need to move to a new approach?

It is my view that there is a real urgency to this work. The pace of acceleration in digital uptake, and the increasing use of data in innovation brings those flood waters ever closer.

We are not making quick enough progress in our response. Talk of convergence has, for too long, stalled around a sense of us needing to pick a favoured legislative approach or scheme, and insist it is extended to all four corners of the world. As our community spends time focusing on faults with one another’s regime, businesses are left with unwieldy processes that increasingly make privacy and data protection feel like too heavy a burden.

To put is simply, we risk all of our good work being washed away.

It is my own view that fresh thinking is needed. What is needed is a Bretton Woods for data, repeating the 1944 conference that brought together 730 delegates from almost 50 countries to consider how the world could rebuild from war. Delegates came from diverse cultures, and brought diverse ideas, but with a united understanding: the old system had failed, and a new one, built on international cooperation, was needed.

A Bretton Woods conference could provide the melting pot of ideas needed to take this forward, something I have spoken about recently at Oxford University.

That could be in the shape of a global data protection accord. An accord that found common ground between nation’s data protection regimes would enable member nations to better work together, and could allow for the transfer of low risk data to countries who were fellow members.

But that’s only one idea – we need more ideas, and more discussion.

I know the data protection community stands ready to be part of the solution. I see that in my work with the GPA. I see the ambition when I talk with my G7 colleagues.

But that challenge must now go further.

The challenge must go to governments and international organisations like OECD, Council of Europe and WTO, bodies with the convening power to make a Bretton Woods conference for data happen.

And then the challenge must go further afield. Data is such a broad, cross societal issue that impacts every facet of our lives. And so the solutions must come from the bright minds across society from think tanks, academia, from civil society, from businesses and from the people whose trust so much relies on.

 

Conclusion

I want to be clear. My view is that finding a solution here – building on our existing foundations, and finding a way for international convergence – is achievable. We can make this happen.

But we must decide to do this. As a community, regulators, business, civil society, and especially policy makers, must commit to making it happen.

  • That will mean compromise.
  • It will mean conversation.
  • It will mean accepting that there is not a perfect solution.

If we get it right, there is no limit to how high we can build our pyramid.

Winner announced for the first GPA Giovanni Buttarelli Award

The Global Privacy Assembly’s (GPA) Chair and Executive Committee are delighted to announce Shoshana Zuboff as the first winner of the Giovanni Buttarelli Award.

Dr. Zuboff, Professor Emerita at Harvard Business School and author of The Age of Surveillance Capitalism, has been recognised for her exceptional contribution to international data protection and privacy.

Elizabeth Denham, outgoing GPA Chair and UK Information Commissioner, said: “Shoshana’s work as an academic and an author has revolutionised the way we look at data and data protection. The Executive Committee and I could not have been more excited about this choice. Many congratulations!”

The inaugural GPA Giovanni Buttarelli Award was presented at the Open Session of the 43rd Global Privacy Assembly Conference on 19 October 2021.

The Award was created by the GPA Executive Committee in 2021 in memory of Giovanni Buttarelli, former European Data Protection Supervisor and Executive Committee Member. It aims to recognise Giovanni’s invaluable contribution to the international data protection and privacy community as a leader and as a passionate advocate for international collaboration.

Ms. Denham said: “Giovanni was an inspiring leading figure in the GPA community. He understood that the only way to face today’s challenges was by working together. Most important of all, Giovanni had a vision to ensure a fairer digital future for all. This Award will help to carry on his legacy in the years to come.”

Mr. Wojciech Wiewiórowski, European Data Protection Supervisor, said: “Professor Zuboff’s ideas and forward-looking vision have captured the general public attention on how digital market dynamics are deeply affecting societies, freedoms, and rights. Her ideas have inspired a wider change on how the privacy-specialised community approach these topics.”

Dr. Zuboff said: “I shall not rest until the digital lives in democracy’s house… a world in which we all benefit from new knowledge, where data collection is tethered to fundamental rights, and data use is defined by public service and democratic flourishing. This is the future that the world yearns for and deserves.”

Watch the Award acceptance video below.

The GPA Executive Committee would also like to sincerely thank the Buttarelli family for their support and for endorsing this Award.

For more information on the GPA Giovanni Buttarelli Award visit: https://globalprivacyassembly.org/news-events/giovannibuttarelliaward

Highlights from the Global Privacy Assembly Closed Session 2021

Ce communiqué de presse est disponible en français.

Este comunicado de prensa está disponible en español.

Privacy is getting increasingly important in the digital age, so what can data protection and privacy authorities do to further uphold people’s fundamental rights?

These were central issues under discussion as the Global Privacy Assembly joined together for their 43rd Closed Session (20-21 October).

The virtual conference was hosted by National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), Mexico, and brought together more than 90 members and observers to consider key data protection challenges. It followed an open session earlier in the week.

Opening the session, Elizabeth Denham CBE, outgoing GPA Chair and UK Information Commissioner, praised the work of the privacy community through the pandemic, calling for the Assembly to continue to be impactful.

Ms Denham said: “We were already in a data-driven age, even before the pandemic supercharged that acceleration of digital growth. Now data-driven innovation is helping us through health crises, and influencing every facet of society.

“Our community’s work is central to that, ensuring people trust that innovation. But we cannot assume that privacy will always have a seat at the table. Our input into discussions on key societal issues is dependent on an understanding that data protection and privacy supervisors bring a valuable insight, a practical mindset and we can respond promptly.”

Resolutions were discussed and agreed at the conference, giving a shared view on a range of important current topics:

  • Data sharing for the public good;
  • Children’s digital rights;
  • Government access to data; and
  • The future of the Global Privacy Assembly

Other topics discussed in detail included international enforcement cooperation and regulatory sandboxes.

The Assembly also adopted a strategic plan for the next two years, committing to a continued focus on advancing global privacy, maximising the GPA’s influence and building capacity for members.

The Global Privacy Assembly brings together more than 130 members and observers from around the world. At the closed session, the following new members and observers were welcomed:

New members:

  • Commissioner of Data Protection, Abu Dhabi Global Market
  • Office of the Queensland Information Commissioner, Australia

New observers:

  • National Data Protection Authority (ANPD), Brazil
  • Saudi Data and Artificial Intelligence Authority, Saudi Arabia
  • Ministry of Transport and Communication, Qatar
  • Data Protection Office, Qatar Financial Centre
  • Privacy and Civil Liberties Oversight Board, United States
  • Consumer Financial Protection Bureau, United States
  • Asia Pacific Privacy Authorities (APPA) Forum
  • Inter-American Institute of Human Rights (IIHR)

The results of the GPA Executive Committee election were also announced:

  • Marguerite Ouedraogo Bonane, from Burkina Faso’s Commission for Information Technologies and Civil Liberties, stood down having completed her second two year term; and
  • Morocco’s National Commission for the control and the protection of Personal Data (CNDP), was elected to the Executive Committee for a two year term.

Commissioner Besnik Dervishi, from Albania’s Information and Data Protection Commissioner also stood down from the GPA Executive Committee after serving an additional year as Past Host Authority.

President Commissioner Blanca Lilia Ibarra Cadena, of Mexico’s INAI, was elected as Chair of the Assembly. She replaces Elizabeth Denham CBE, UK Information Commissioner, who has completed her three year term.

Welcoming her successor, Ms Denham thanked the Secretariat and the Executive Committee for their support.

President Commissioner Blanca Lilia Ibarra Cadena responded: “The GPA is alive and flourishing thanks to our interactions and exchanges.

“Our partnership is deepening, with our cooperation covering issues that concern society as a whole, achieving a growing impact.

“The ideas expressed at this conference invite us to rethink and draw new horizons on the incorporation of best practices in the handling of personal data.”

For more information, visit globalprivacyassembly.org

Elizabeth Denham’s opening remarks at the Open Session of the 43rd Global Privacy Assembly 2021

Hello. I’m Elizabeth Denham, the UK Information Commissioner, and chair of the Global Privacy Assembly.

On behalf of the GPA, I would like to welcome you all to this year’s open session.

We are able to benefit from this conference thanks to the fantastic work of our Mexican hosts. On behalf of the GPA, I would like to formally thank President Commissioner Blanca Lilia Ibarra Cadena for hosting us.

Blanca – I am very grateful for your warm welcome. On a personal note, I am so disappointed that circumstances prevent us enjoying your country’s hospitality in person today. But I know too that hosting a successful digital event is a real achievement.

And I extend a particular thanks to Commissioners Francisco Javier Acuña Llamas and Josefina Roman Vergara and their hard working staff, for making this event a reality.

As many of you will know, we were unable to hold an open session conference last year, and so this is my first opportunity to speak as GPA chair to many of you for some time.

It would be nice to begin today by talking about our achievements.

It is three years since I became chair of the Global Privacy Assembly, and this conference will be my last as chair. I would love to reflect back on how we have modernised our Assembly, given it a year-round voice, and engaged with you, the broader privacy community, more than ever before.

But as a community, reflecting on our successes is a luxury we do not have time for.

It is two years since we last held the open session in Tirana. I would love to reflect back on our successes since then. How our community responded to the COVID-19 pandemic, working together more than at any time in our history.

We must reflect on the pandemic to inform our future, and make sure we are well equipped for what comes next. But again, we not have time to rest on our laurels.

We must instead turn our attention forwards. The digital world has always turned quickly, but the pandemic has accelerated the uptake of services, the pace of innovation and the desire of organisations to look for data-driven solutions to their problems.

As a community, we have to keep pace if we’re to protect people’s privacy rights.

When someone sees the opportunity to use AI to improve healthcare, it is our job to ask whether people’s information is being treated fairly.

When someone sees the opportunity to use an app to improve COVID contact tracing, it is our job to ask whether people’s information is being used transparently.

And when someone sees the opportunity to use facial recognition technology to improve security, it is our job to ask whether people’s information is being used proportionately.

That is why the theme of this conference is a human centric approach.

We have a fantastic and varied agenda, covering a diverse range of topics: mass data processing, vaccine passports, AI,  surveillance, data ethics… so many sessions to look forward to.

But no matter what topic we discuss, we must stay focused on responding to the pace of change, with people at the centre of our thoughts.

And so I want us to keep in mind two key questions in every discussion during our conference.

We must ask:

  • ‘do we understood how people feel?’

And we must ask

  • ‘how does privacy stay relevant?’

The digital world turns quickly, and our community only has a seat at the table for as long as we earn it.

Firstly, we do that by representing people’s views. What does data use look and feel like to the people whose data is being used? That is crucial, if we’re are to help maintain people’s trust in data-driven innovation.

And we then need to turn that insight into practical value. Our input has to mean something, beyond legal boxticking. We successfully showed our relevance during COVID. We must continue to show our relevance moving forward.

I’ll bring my comments to a close there. We have a busy two days ahead of us at this open session. Let’s make the most of that time.

And let’s keep in mind those two questions.

  • ‘Do we understood how people feel?’

And

  • ‘How does privacy stay relevant?’

GPA Newsletter September 2021 now available

The GPA September 2021 Newsletter is now published and available on the GPA website.

This Edition of the Newsletter features the upcoming highlights of the GPA 2021 Conference, as well as our regular editorial from some of the leading representatives of the GPA community. The Newsletter provides the latest insight and updates on important issues impacting the international data protection and privacy landscape today.

This GPA September 2021 Newsletter is the final edition to be produced by the current UK, ICO GPA Secretariat and we would like to sincerely thank all the contributors to the Newsletter during our tenure over the past three years.

View Newsletter here.

Global Privacy Assembly (GPA) ‘Giovanni Buttarelli Award’ is launched

The Chair and Executive Committee of the Global Privacy Assembly (GPA) are delighted to announce the launch of a new GPA Award in 2021 in memory of Giovanni Buttarelli, former European Data Protection Supervisor and Executive Committee Member.

This Award aims to recognise Giovanni’s invaluable contribution to the international data protection and privacy community as a leader and as a passionate advocate for international collaboration.

Elizabeth Denham, UK Information Commissioner and GPA Chair, said:

“Giovanni Buttarelli was the European Data Protection Supervisor, a truly inspiring figure in the international data protection and privacy community, and a friend. Giovanni brought his long experience and deep-felt humanity to bear in steering the work of the Global Privacy Assembly as a member of our Executive Committee, and we miss his guiding hand. This Award ensures that his legacy and advocacy for international collaboration continue.”

The Award will be presented annually at the Global Privacy Assembly Open Session.

Eligible candidates will be individuals who have demonstrated exceptional leadership or have promoted collaboration and/or partnership at a regional or international level in the field of data protection and privacy, and have helped move towards Giovanni Buttarelli’s vision for a fairer digital future for all.

The individual could have demonstrated these characteristics either throughout a certain period of time, such as when leading a particular project, or throughout their career.

The demonstration of these credentials could be, for example, through:

  • The fostering of new or innovative types of international or regional partnerships or the promotion of new collaboration methods amongst regulators, organisations and fields, such as partnerships between data protection authorities.
  • Leading on a project that has led to the development of innovative concepts or practices, which have significantly impacted the thinking in the (international) data protection and privacy community.

To be eligible for the Award, individuals must be nominated by at least one individual they have closely worked with belonging to an organisation in the field of data protection or privacy.

Details of the nominated individual’s contribution should be outlined on the application form. This form is available on the GPA website to download and complete by the given deadline.

Further information on this award can be found here.

The GPA is deeply grateful to Giovanni Buttarelli’s family for endorsing this Award.

For general and media enquiries, please contact the GPA Secretariat: secretariat@globalprivacyassembly.org.

Shortlisted entries announced for the 2021 Global Privacy and Data Protection Awards

The GPA Executive Committee has shortlisted entries for the 2021 Global Privacy and Data Protection Awards.

Now in its fourth year, the Awards celebrate the achievements of the GPA community and shine a light on good practice.

The shortlisted Award entries are:

Education and public awareness

Innovation

Accountability

Dispute resolution and enforcement

GPA members will receive instructions on how to vote for this year’s shortlisted entries.

The winners will be announced at the Global Privacy Assembly 2021, Mexico.

GPA 2021 Mexico: A message from INAI Commissioners

As the INAI, Mexico is a committed guarantor body for compliance of fundamental rights, and Host of the Global Privacy Assembly 2021, we have decided the central theme of the GPA 2021 to be Privacy and Data Protection: A Human Centric approach. It is crucial to highlight the role individuals play in the decision making involved in data processing, regardless of the technology used for that purpose.

This year’s edition will be held in a hybrid scheme both online and in-person on 18-21 October 2021, which will allow us to have high-security standards and facilitate cooperation without physical or virtual barriers.

For the in-person part, diverse venues will be considered in order to provide the appropriate care for the safety of the attendees, maintaining safe distance protocols, mandatory use of face masks, and reduced forums. As for the virtual part, we will have a friendly platform that will allow digital interaction among participants.

With great excitement, we would now like to present the Agenda for the Open Session, which is mainly focused on the coexistence between the development of new information technologies and human rights. This will feature keynote lectures, panels and parallel sessions in which international and national experts will address their best practices on technological evolution and human intervention in massive data processing; Privacy and the Pandemic; Vaccine Passports and Similar Certificates; Data Flows with Trust; Internet of Things; and artificial intelligence, digital rights and inclusive policies are among others topics that will also be reviewed. The Agenda for the Closed Session has also been published.

As host authority of this year’s edition, INAI intends to generate opportunities for an open dialogue allowing leaders to discuss and to exchange knowledge and ideas to propose solutions for emerging issues in the field.

We are looking forward to your attendance at the Assembly, see you soon in Mexico City!

INAI’s Commissioners
Host Authority, GPA 2021

‘Privacy, People and the Pandemic’ workshops by OECD, GPA and UN Special Rapporteur on the Right to Privacy

The OECD Working Party on Data Governance and Privacy in the Digital Economy (WPDGP), the Global Privacy Assembly (GPA) and the mandate of the UN Special Rapporteur on the Right to Privacy are hosting two workshops that will be spread across three days 21-23 June 2021.

The workshops will offer complementary – and sometimes challenging – points of view of the impact of the COVID-19 pandemic with a special focus on privacy and data governance. The topics follow on from two previous workshops held in April 2020 and September 2020.

The first session will provide an opportunity for policy makers and regulators to share perspectives one year later on the varying privacy and data governance frameworks that were developed in support of their response efforts.

This will lead onto two sessions on innovative insights on countries’ plans for the road to recovery with a specific focus on “Data privacy aspects in the workplace during the pandemic” and “Vaccination programmes and travel passports.”

The third and last day will be an intensive workshop organised by the UN Special Rapporteur on the Right to Privacy, also with the support of the GPA. It will be dedicated to a more in-depth evaluation of the evidence available on the impact of the pandemic on privacy across the world. The intensive sessions on this third day will also afford NGOs, academics and others, both within and outside OECD countries, with the opportunity to discuss similar issues as those presented during the first two day workshop or outside it.

View the workshops agenda.