All posts by icdppc-update

This article was published by the International Association of Privacy Professionals (IAPP) on 25 August 2020.

By Jennifer Bryant at IAPP

While the COVID-19 pandemic has necessitated using data to analyze and map its origins and spread, Philippines National Privacy Commissioner and Chairman Raymund Liboro said “our data subjects need us now more than ever.”

During the pandemic, data privacy professionals play an important role in protecting data, fostering privacy rights, and earning and maintaining the trust of those they serve, Liboro recently told fellow privacy commissioners, privacy officers in the corporate sector and members of the Global Privacy Assembly, a global forum for data protection and privacy authorities.

During a webinar hosted by the GPA in collaboration with the Centre for Information Policy Leadership, “Data Protection Reimagined: Digital Acceleration, New Emerging Issues and the Role of Privacy Regulators in the COVID-19 Era,” Liboro said, “We must let them know that we are their guide in all matters related to privacy and data protection. That we are here to guide them with the most relevant guidelines and best practices.”

Liboro is chair of the GPA’s COVID-19 Response Task Force, created by the GPA Executive Committee last spring as it recognized the similar challenges data protection and privacy authorities around the world are facing in addressing the crisis. The group has met every two weeks since May, working to “consolidate efforts, maximize voice, gather expertise, and assist GPA members and observers in addressing the emerging data privacy issues posed by the spread of the virus worldwide,” he said.

The task force comprises members from Europe, Asia, North America, the Middle East, Australia and New Zealand, as well as international organizations serving as observers, including the International Committee of the Red Cross and Organization for Economic Co-operation and Development.

“What we hope to accomplish, the primary role of the task force, is to coordinate and help drive the GPA’s practical responses to the privacy challenges coming from COVID-19, inform positions on related topics, and enhance capacity and capability for the GPA privacy community,” Liboro said.

Privacy has never faced a challenge of such a global nature as COVID-19, he continued, with authorities and communities around the world tackling issues like collecting and sharing data among health authorities, government agencies and law enforcement, handling children’s data associated with online learning, privacy in the workplace and work-from-home environments.

“The pandemic has necessitated all of government, all of society’s response, and I personally believe as data protection authorities we also have to respond to this as a community,” Liboro said. “For data protection authorities, we are all bound in our responsibilities and we need to cooperate with one another to advance the goals of our own authority, but also link arms with the rest of the privacy community and really emphasize that data protection and privacy in the time of COVID-19 is tantamount to saving lives.”

As part of its work, the GPA COVID-19 Response Task Force launched the COVID-19 Response Repository, a website with the latest statements from authorities, resources, research content and events related to the pandemic and the task force’s work. It also kicked off a series of webinars in collaboration with various privacy networks and organizations, thus far discussing contact-tracing applications with representatives from Apple and Google, examining the role of data protection authorities in COVID-19 response.

Looking forward, Liboro said the task force will compile a resource of various jurisdictional experiences and responses to the pandemic that will not only be useful now as the world responds to COVID-19, but also in the future as a reference for data protection and privacy authorities.

“It’s very important that we not only provide inspirational guidance to our fellow data protection authorities, but also the actual opportunities they can use and deploy within their own jurisdictions. Our members have a ready toolbox where they can draw out any reference or resources that can be useful to them,” he said. “We’re also documenting and making sure that future authorities would have a resource reference that they can pool knowledge from.”

With more than 22 million confirmed COVID-19 cases worldwide, Liboro said the work of data protection and privacy authorities, as well as the GPA COVID-19 Task Force, is “far from over.”

The group will continue to share knowledge, content and engagement opportunities and anticipates publishing guidelines this fall on the best practices in COVID-19 response, incorporating what has been learned over the past months.

“It will be learnings, best practices and approaches from different networks, regions and associations across the world,” Liboro said. “The DPAs, the authorities, how are we functioning in the trenches? We really want to draw that out.”

In leading the task force, Liboro said he turns to his experience as the privacy commissioner in the Philippines, taking the approach that data protection and privacy authorities serve as both “enablers and protectors” of citizens’ personal data.

“We need to enable jurisdictions and organizations to implement best practices, to learn from one another,” he said. “We are all in the same boat that is this pandemic, and we are all reeling from the impacts. The response of governments all over the world will always touch on the processing of personal data. So it’s really a matter of as authorities we have to look at this holistically, we have to look at this in a practical way and where governments, and generally the whole population, will view us as part of the solution.”

The Conference Report of the 41^st International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Tirana, Albania is now available.

View the report.

The United Nations Special Rapporteur on the right to privacy, Joe Cannataci, is examining the privacy rights of children and how this right interacts with the interests of business, governments, parents/guardians, and others. An important part of the work, given the international scope of the mandate is understanding the various views from around the world, and a particular interest is the work and experiences of Data Protection Authorities.

A key question is how the right to privacy affects the evolving capacity of the child for autonomy, and what privacy-related factors enhance or constrain this development.

More information can be found at: https://www.ohchr.org/EN/Issues/Privacy/SR/Pages/CFI_Privacy_and_Children.aspx

Submissions should be received by 30 September 2020. Please contact Elizabeth Coombs if this timeframe poses difficulties, or for any other queries.

The Global Privacy Assembly’s COVID-19 Taskforce is hosting its 2^nd webinar for the GPA membership on Enablers and Protectors: The Role of DPAs Confronting COVID-19 – Contact Tracing and the Recovery Response on Thursday 23 July 2020, 11:00-12:30 (UK Time). 

This is the second webinar in the Taskforce Webinar Series that seeks to address some of the critical issues currently facing the data protection and privacy community, thereby enabling capacity building for the GPA membership community.

The Webinar will adopt a thematic approach to the discussion, addressing two themes: the role of DPAs in ensuring a Privacy by Design approach is taken to developing contact tracing and other digital solutions in addressing the pandemic; and, the role of DPAs as enablers and protectors, to ensure privacy is considered in the practical responses to recovery.

View the Agenda.

GPA members and observers can sign-up to the webinar by contacting the GPA Secretariat at secretariat@globalprivacyassembly.org

Speakers

Raymund Enriquez Liboro, Privacy Commissioner and Chairman, Philippines National Privacy Commission, and Chair of the GPA COVID-19 Taskforce

Raymund was appointed the Philippines first Privacy Commissioner and Chairman at the Philippines National Privacy Commission (NPC) in March 2017. A seasoned ICT convergence, communications and public administration professional, he previously served as the former Assistant Secretary of the Department of Science and Technology for Climate Change Adaptation and Disaster Risk Reduction and was concurrently the OIC director of the Science and Technology Information Institute, the country’s leading Science and Technology Institute.

Prior to joining government in 2010, he was involved in spearheading award-winning government IT and media platforms, most notable of which was the DOST’s Project Noah (Nationwide Operational Assessment of Hazards), cited by the United Nations Program Office on Governance (UNPOG) as one of the most advanced e-governance tools in disaster prevention.

Raymund is an alumnus of the University of the Philippines – School of Economics.

Raymund was elected to the GPA Executive Committee at the 40th annual conference in October 2018, and is Chair of the GPA COVID-19 Taskforce.

Moderator: Angelene Falk, Information and Privacy Commissioner, Office of the Australian Information Commissioner, Australia

Angelene Falk was appointed Australian Information Commissioner and Privacy Commissioner in August 2018. She leads the Office of the Australian Information Commissioner (OAIC) in fulfilling the office’s functions across privacy, freedom of information (FOI), and government information management.

Angelene has held senior positions in the OAIC since 2012. These include Deputy Commissioner since 2016 and acting Australian Information Commissioner and acting Privacy Commissioner from March 2018.

Over the past decade, she has worked extensively with Australian Government agencies, across the private sector and internationally, at the forefront of addressing regulatory challenges and opportunities presented by rapidly evolving technology and potential uses of data.

Angelene holds a Bachelor of Laws with Honours and a Bachelor of Arts from Monash University and a Diploma in Intellectual Property Law from Melbourne University.

Angelene was elected to the Executive Committee at the 40^th annual conference in October 2018, she is Chair of the GPA Strategic Direction Sub-Committee and is co-chair of its Digital Citizen and Consumer Working Group.

Tony Chik-ting LAM, Deputy Privacy Commissioner, Office of the Privacy Commissioner for Personal Data, Hong Kong

Tony Lam is currently the Deputy Privacy Commissioner for Personal Data, Hong Kong SAR, and has a strong public sector background. He served in the civil service for about two decades straddling 1997, after which he joined a public organization on technology development as a C-level executive. Prior to becoming the Deputy Privacy Commissioner, Mr Lam was a Senior Advisor to a private sector firm specialising in public policy consultancy.

Over the years, Mr Lam has been involved in public policy formulation and implementation in a very wide range of areas. His portfolio covered mostly trade, industry, innovation, and technology. He served as the cabinet secretary for two Chief Executives of the HKSAR Government and he also played a part in implementing Hong Kong-Mainland cross-boundary mega-size transport projects. His international exposure included being stationed in Washington, D.C. US as a government representative on economic and trade affairs straddling 1997, and post-graduate training in public administration at Oxford University.

Wojciech Wiewiórowski, European Data Protection Supervisor

Wojciech Wiewiórowski was appointed by a joint decision of the European Parliament and the Council on 5 December 2019, for a term of five years.

Before his appointment, he served as Assistant European Data Protection Supervisor from 2014 to 2019, and as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority, a position which he had held since 2010. He was also Vice Chair of the Working Party Article 29 Group.

In 1995, he graduated from the Faculty of Law and Administration of the University of Gdańsk, and in 2000, he was awarded the academic degree of Doctor in constitutional law.

Eduardo Bertoni, Director of the National Access to Public Information Agency, Argentina

Eduardo Bertoni (PhD, Buenos Aires University) is the Director of the National Access to Public Information Agency and the former Director of the National Data Protection Authority in Argentina.

He was the founder and the first director of the Center for Studies on Freedom of Expression and Access to Information (CELE) at Palermo University School of Law, Argentina. He was the Executive Director of the Due Process of Law Foundation (DPLF) until May 2006. Previously, he was the Special Rapporteur for Freedom of Expression of the Inter-American Commission of Human Rights at the Organization of American States (2002-2005).

Teaching Fellow at the Human Rights Institute at Columbia University School of Law (2001). Reagan-Fascell Democracy Fellow (2012-13) at the National Endowment for Democracy (NED). Former member of the advisory boards of the Human Rights Initiative (Open Society Foundations), the Media Legal Defence Initiative, the Freedom of Information Advocates Network (FOIAnet), among others. Bertoni has also worked as an advisor to the Department of Justice and Human Rights in Argentina.

He is an Argentinean lawyer and holds a Masters in International Policy and Practice from the Elliot School of International Affairs, George Washington University. Bertoni currently teaches at Buenos Aires University School of Law and New York University School of Law (Global Clinical Professor).

He published several opinion pieces on democracy and human rights in leading newspapers in the Americas and has written several publications on judicial reforms, international criminal law, and human rights & Internet.

Patricia Adusei-Poku, Executive Director of the Ghana Data Protection Commission

Patricia Adusei-Poku is a seasoned privacy practitioner, program manager, information governance and risk expert in the public, private and non-profit sectors globally.

Some of her recent appointments include the Head of Data Protection at the London 2012 Olympic Games and Global Director for Data Protection & Privacy at World Vision International.

Currently the Co-Chair (with UK ICO Commissioner, Elizabeth Denham) on the Common Thread Network (CTN) of Commonwealth Data Protection Commissioner and the Vice President of the African Network of Data Protection Authorities.

Patricia holds a Master of Business Administration (MBA – Project Management & Consultancy), MSC-International Public Policy, BSc (Hons) Computing Science, A Certified Information Privacy Manager (CIPM) issued by the globally recognized International Association of Privacy Professionals (IAPP), Certified Practitioner in European Union General Data Protection Regulation (EU GDPR).

John Edwards, Privacy Commissioner, Office of the Privacy Commissioner, New Zealand

John Edwards was first appointed to the position of Privacy Commissioner of New Zealand in February 2014, and was re-appointed for a further five-year term in February 2019. Prior to this he practiced law for over 20 years.

John has degrees in law (LLB) and public policy (MPP) from Victoria University of Wellington, NZ and has advised and represented a wide range of clients from the public and private sector. He provides independent comment on significant personal information policies and issues.

John chaired the New Zealand Law Society Privacy and Human Rights Committee and was Contributing Editor of Brookers Human Rights Law and Practice and has published widely on human rights and privacy matters.

In addition to a practice specialty in the field of information and privacy law, he held warrants as a district inspector for mental health, and as district inspector for intellectual disability services and has provided legal services to the Kingdom of Tonga.

In October 2014, John was elected Chair of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners and completed his three-year term in October 2017.

The Global Privacy Assembly’s COVID-19 Taskforce is hosting a webinar for the GPA membership on contact tracing and the Google-Apple technology on 6 July 2020 at 08:00 – 09:30 PST (16:00 – 17:30 UK Time).

In this first GPA webinar, technical experts from Apple and Google will present their contact tracing framework and discuss the implications of the technology with a group of data protection and privacy authorities. The panel will also discuss the development and functioning of the API technology and the steps taken to safeguard people’s privacy.

This webinar aims to help the GPAs members and observers whose countries are at the exploratory or decision-making stage of the process on the adoption or roll out of contact tracing applications.

View the Agenda.

GPA members and observers can sign-up to the webinar by contacting the GPA Secretariat at secretariat@globalprivacyassembly.org

Speakers

Raymund Enriquez Liboro, Privacy Commissioner and Chairman, Philippines National Privacy Commission, and Chair of the GPA COVID-19 Taskforce

Raymund was appointed the Philippines first Privacy Commissioner and Chairman at the Philippines National Privacy Commission (NPC) in March 2017. A seasoned ICT convergence, communications and public administration professional, he previously served as the former Assistant Secretary of the Department of Science and Technology for Climate Change Adaptation and Disaster Risk Reduction and was concurrently the OIC director of the Science and Technology Information Institute, the country’s leading Science and Technology Institute.

Prior to joining government in 2010, he was involved in spearheading award-winning government IT and media platforms, most notable of which was the DOST’s Project Noah (Nationwide Operational Assessment of Hazards), cited by the United Nations Program Office on Governance (UNPOG) as one of the most advanced e-governance tools in disaster prevention.

Raymund is an alumnus of the University of the Philippines – School of Economics.

Raymund was elected to the GPA Executive Committee at the 40th annual conference in October 2018, and is Chair of the GPA COVID-19 Taskforce.

Ali Shah, Head of Technology Policy, Information Commissioner’s Office, UK

Ali Shah is Head of Technology Policy at the ICO, and responsible for ensuring the ICO can respond to complex societal challenges presented by emerging technology developments. Since joining the ICO, he has provided technology leadership on AI and data science, adtech, and privacy by design initiatives. Most recently during COVID-19, Ali has led the ICO technical response to contact tracing, evaluation of the Google and Apple Exposure Notification system, and assessment of future challenges to privacy through his leadership of Operation Foresight. Prior to joining the ICO, Ali was Head of Emerging Technology and Strategic Direction at the BBC where he combined his expertise in AI, data, and emerging technology, with a passion for understanding how technology can be used for innovation to drive social good.

Erik Neuenschwander, Director of User Privacy, Apple

Erik is in charge of privacy engineering efforts across Apple’s products and services. The User Privacy team focuses on privacy by default, including data minimization, technical limits on data use, application of data protection, on-device processing, and privacy-preserving technologies. His organization also supports Apple’s outreach to governments, regulators, and civil society.

Erik has over seventeen years of experience in software technology including roles at Casio, Microsoft, and Apple. He holds a B.S. in Symbolic Systems and an M.A. in Philosophy from Stanford University and was a Teaching Fellow in Stanford’s Computer Science department.

Gary Davis, Global Director of Privacy & Law Enforcement Requests, Apple

Gary joined Apple in February 2013, where as part of the global team he heads up the EMEIA group and helps lead Apple’s world-wide approach to privacy across all product and services. Previously he served as Ireland’s Deputy Data Protection Commissioner for seven years and as a civil servant worked in the Irish Prime Minister’s Office for ten years.

Dave Burke, VP of Engineering Android Platform & Pixel Software, Google

Dave Burke is Vice President of Engineering at Google where he leads engineering for the Android platform. Dave joined Google UK in 2007, becoming an engineering site lead and later moving to California in 2011. Prior to Google, Dave co-founded and was CTO of an internet/telecoms voice start-up and helped define related Web and Internet standards. Dave holds a BE, MEngSc, and PhD in Electronic Engineering from University College Dublin, Ireland.

William Malcolm, Director, Privacy Legal, Google

William leads Google’s international privacy legal function, managing a team across London, Hamburg, Paris, Dublin, and Singapore. During his time at Google, William has worked on multiple CJEU data protection cases and regulatory matters and has represented Google with global policy makers. William has helped Google product and compliance teams formulate internal policies and compliance plans on a wide range of issues including GDPR, right to be forgotten, AI/ML, cloud privacy and international data transfers and is a frequent speaker/panellist at conferences and industry events on data protection and privacy issues.

Zee Kin Yeong, Assistant Chief Executive (Data Innovation and Protection Group) of the Infocomm Media Development Authority of Singapore (IMDA) and Deputy Commissioner of the Personal Data Protection Commission (PDPC)

In his capacity as Assistant Chief Executive (Data Innovation and Protection Group), Zee Kin oversees IMDA’s Artificial Intelligence and Data Industry development strategy. This is one of four frontier technology areas IMDA has identified for its transformational potential for a Digital Economy. The other three are cybersecurity, the Internet of Things, and immersive media. In his role as an AI and data analytics champion, Zee Kin’s work includes developing forward-thinking governance on AI and data, driving a pipeline of AI talent, promoting industry adoption of AI and data analytics, as well as building specific AI and data science capabilities in Singapore.

As the Deputy Commissioner of PDPC, Zee Kin oversees the administering and enforcement of the Personal Data Protection Act (2012). His key responsibilities include managing the formulation and implementation of policies relating to the protection of personal data, as well as the issuing of enforcement directions for organizational actions. He also spearheads the public and sector-specific educational and outreach activities, to raise both awareness and compliance in organizations and individuals in personal data protection

Dr. iur. Daniel Dzamko-Locher, Head of the Data Protection Unit and Taskforce on the Corona app, Federal Data Protection and Information Commission, Switzerland

Daniel is a lawyer and has been Head of Data Protection since 1st February 2019. During these last months, he headed the FDPIC’s Corona taskforce. Before joining the FDPIC, he was Head of Legal at the Tax Administration of the Canton of Berne. He was a lecturer at the Universities of Lucerne and Basel in the field of tax law and a member of the Bar Examination Commission of the Canton of Berne.

Elizabeth Denham, Chair of the Global Privacy Assembly and UK Information Commissioner, will speaking at the Data Protection in the Time of COVID-19 online event hosted by the International Committee of the Red Cross (ICRC) on 3 June 2020.

For the release of the ICRC’s second edition of the Data Protection Handbook for Humanitarian Action, the ICRC has convened a panel of experts to discuss how, in today’s technological landscape, data protection is a more essential concern than ever. As the COVID-19 pandemic continues to impact societies worldwide, contact tracing apps are being developed in a bid to contain the spread of the virus. While arguably effective in this sense, such technologies also pose important questions regarding the relationship between public health, data protection and privacy.

The event brings together specialists from the humanitarian, new tech, academic, legal, data protection and health sectors. The objective is to look at the dilemmas that an increasing digitalization of the COVID-19 crisis can bring, and at what measures can be taken to ensure that technology is a relevant contributor to the fight against the pandemic, not an additional risk factor.

For more information, visit the ICRC’s website.

As countries begin to ease their coronavirus (COVID-19) restrictions, data protection and privacy authorities across the world are faced with a fundamental question: how can we enable governments’ responses to the pandemic and subsequent recovery whilst continuing to protect  citizens’ personal data and privacy? 

Recognising this challenge, the Global Privacy Assembly (GPA) has launched a COVID-19 Taskforce to drive practical responses to privacy issues emerging from the pandemic, as well to assist its membership with insight and best practices. 

Raymund Liboro, Privacy Commissioner of the Philippines National Privacy Commission and GPA’s Executive Committee member, will chair the GPA COVID-19 Taskforce. 

Mr Liboro said: “We have seen that personal data and technology have become essential in helping governments respond to the COVID-19 pandemic. From contact tracing and location tracking applications, to COVID-19 testing as people start going back to the workplace, data protection and privacy have never been more important. 

“Our aim for this taskforce is to examine current privacy concerns, while finding the right balance between supporting innovation to combat the pandemic and ensuring people’s personal data and information rights are respected. We will draw on the expertise of our membership and stakeholders to provide useful insight on common challenges.” 

The GPA COVID-19 Taskforce, representing more than 30 organisations across all global regions, first met on 26 May 2020, coinciding with Privacy Awareness Week in the Asia-Pacific region.  

During its first meeting, the Taskforce discussed the most strategic and pressing privacy issues that will require in-depth examination over the next few months. Members agreed on an initial workplan, with a view to communicate regularly on progress and information on initiatives to the GPA membership community and wider audience.  

For more information and resources on data protection and COVID-19 visit globalprivacyassembly.org/covid19 

A statement by the Global Privacy Assembly’s Executive Committee.

Background

Data protection and privacy authorities around the world are working together with public bodies and commercial organisations to respond to and manage the global COVID-19 pandemic.  Our March 17, 2020 statement observed that GPA member authorities operate under data protection and privacy laws that enable the use of data to protect public health, while also protecting the public’s personal data in a way that the public expects.

GPA authorities are working to assist public bodies and organisations to understand what good practice looks like in a pandemic. We are therefore encouraged to hear that many member authorities have, since our March statement, been engaged by organisations and public bodies in a common effort to overcome COVID-19. This acknowledges the need to work constructively to ensure privacy is protected as we seek solutions to this public health crisis.

COVID-19 contact tracing and public trust

Many authorities are at this time advising, reviewing and consulting on contact tracing measures. The issues being considered around the world are similar and revolve around universal data protection and privacy principles.

Contact tracing has historically been a vital pandemic response tool. Many governments around the world wish to harness technology to automate traditional contact tracing methods, which may be labour-intensive.  Smart phone contact tracing apps are therefore being designed and rolled out globally.

We are issuing this statement about contact tracing measures being implemented around the globe because we recognise that public trust and confidence in the way personal information is handled and protected is a necessary precondition for their success. Whilst the public interest case is strong, protecting privacy and acting in accordance with public expectations is part of achieving the solution.

The success of contact tracing apps will depend on the trust of individual members of the public that their privacy will be protected appropriately and wider ethical considerations have been addressed.  Uptake may be higher if governments and organisations transparently demonstrate that privacy risks have been adequately addressed.  Authorities are playing their part in achieving fit-for purpose privacy protections, and wherever possible are prioritising consultation requests about COVID-related measures.

Privacy considerations in contact tracing design, implementation and operation

The value of privacy by design lies in  ensuring privacy is carefully considered when developing new technologies in the interests of protecting public health. The data and privacy protection work of GPA authorities not stand in the way of innovation, rather privacy by design is a key enabler for both ethical and lawful innovation and the protection of personal data.

Privacy and data protection impact assessments (DPIAs) help ensure public bodies and organisations take a privacy by design approach by documenting in advance what their intended use of data is and how this can inform limitation in data collection, identifying the risks that their use of data could create, and developing strategies to mitigate those risks to inform the design. In conducting this impact assessment, organisations may need to consult and engage with their intended user base and with regulators. DPIAs should also be clear about other possible current and future uses of the data, such as for research in the public interest.  A DPIA can also be iterative, updated as needed, and provide opportunities for further engagement and public debate when it is made available for wider scrutiny.

In the current circumstances of the pandemic, measures are being developed as a direct response to these extraordinary circumstances. Time limitation is therefore also critical in establishing public trust in these responsive measures.

The following questions are addressed to organisations and governments engaged in contact tracing measures and can inform the development of contact tracing apps to ensure personal information is protected and the impact on privacy is minimised:

• Have you adopted a privacy by design approach?
• Have you conducted an assessment of the privacy risks? Is this assessment up to date?
• Have you addressed the security, safeguards, and necessity of both centralised and decentralised models?
• Have you had open and constructive engagement with your data protection authority?
• Are you being transparent with users, including providing a clear privacy statement or notice where required by law?
• Are you being transparent in a way that facilitates public debate?
• Is your contact tracing app temporary and will data be deleted when no longer required?
• Do you intend to retain data for research in the public interest? If so, what privacy protections have been adopted and is anonymisation envisaged at design stage?
• Do you have a process in place to revisit privacy implications if features are proposed to change?

Looking ahead to other COVID-19 measures and privacy

Some governments around the world are contemplating other pandemic responses involving personal information such as immunity passports, temperature checks and customer identification requirements. The principles set out in this statement also apply to these and other measures that may be considered, and further clarifying statements on those measures will be issued as required. The GPA will continue to listen to concerns from its member authorities to ensure our efforts address the most pressing issues being brought to the attention of GPA authorities by those working on COVID-19 measures.

– GPA Executive Committee

For more information and resources visit the GPA COVID-19 Response Repository.

The Executive Committee of the Global Privacy Assembly (GPA) recognises the significant impact the COVID-19 pandemic has had on our lives and in our membership’s jurisdictions in the past few weeks.

We would like to thank our membership for contributing positively in this extraordinary time by supporting Authorities with their expertise and guidance, which can be found on our website.

Building on our collective efforts, the Executive Committee met earlier this week to discuss the ongoing work of the GPA, including this year’s conference.

After careful consideration of the unprecedented global circumstances we are experiencing in 2020, the Executive Committee has accepted the INAI Mexico’s decision to postpone this year’s conference in Mexico. This means the GPA’s annual conference will be held in Mexico in 2021.

The Office of the Privacy Commissioner of New Zealand has also agreed to postpone its planned hosting of the GPA until 2022. This means the host bid process for 2022 will be suspended. As for the 2023 conference, we will be launching the host bid process in due course.

But 2020 must not be a lost year for the GPA. We should continue shaping the future of our Assembly, working on our Policy Strategy objectives and learning from the fantastic work already completed by our Working Groups. In that respect, both our annual forum and our continued work throughout the year have never been more important.

That’s why we have tasked the GPA Secretariat to explore options on how to carry out the essential elements of our annual conference this year, including finding a suitable, secure digital platform where members and observers will be able to meet virtually. More information will be available in due couse.

We are disappointed that we won’t see you in Mexico this year, but we must make the health and wellbeing of our membership a priority.

– GPA Executive Committee

The Executive Committee of the Global Privacy Assembly (GPA) recognises the unprecedented challenges being faced to address the spread of Coronavirus (COVID-19).

Addressing these challenges requires coordinated responses at national and global levels, including the sharing of personal information as necessary by organisations and governments, as well as across borders.

We are confident that data protection requirements will not stop the critical sharing of information to support efforts to tackle this global pandemic. The universal data protection principles in all our laws will enable the use of data in the public interest and still provide the protections the public expects. Data protection authorities stand ready to help facilitate swift and safe data sharing to fight COVID-19.

Health data is considered sensitive across many jurisdictions, but work between data protection authorities and governments means we have already seen many examples of national approaches to sharing public health messages; of using the latest technology to facilitate safe and speedy consultations and diagnoses; and of creating linkages between public data systems to facilitate identification of the spread of the virus.

We issue this statement today to set out our support for public bodies and health practitioners to be able to communicate directly with people, and scientific and government bodies to coordinate nationally and globally, to tackle the current COVID-19 pandemic.

Our data protection and COVID-19 resources page provides the latest guidance and information from GPA members.

– GPA Executive Committee

Elizabeth Denham CBE, GPA Chair and UK Information Commissioner

Marguerite Ouédraogo Bonané, President of CIL, Burkina Faso

Angelene Falk, Information Commissioner and Privacy Commissioner, Office of the Australian Information Commissioner

Raymund Enriquez Liboro, Privacy Commissioner and Chairman, Philippines National Privacy Commission

Eduardo Bertoni, Director of the National Access to Public Information Agency, Argentina

Besnik Dervishi, Information and Data Protection Commissioner, IDP Albania

Francisco Javier Acuña Llamas, President Commissioner, National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), Mexico

John Edwards, Privacy Commissioner, Office of the Privacy Commissioner, New Zealand