Elizabeth Denham’s opening remarks at the Open Session of the 43rd Global Privacy Assembly 2021

Hello. I’m Elizabeth Denham, the UK Information Commissioner, and chair of the Global Privacy Assembly.

On behalf of the GPA, I would like to welcome you all to this year’s open session.

We are able to benefit from this conference thanks to the fantastic work of our Mexican hosts. On behalf of the GPA, I would like to formally thank President Commissioner Blanca Lilia Ibarra Cadena for hosting us.

Blanca – I am very grateful for your warm welcome. On a personal note, I am so disappointed that circumstances prevent us enjoying your country’s hospitality in person today. But I know too that hosting a successful digital event is a real achievement.

And I extend a particular thanks to Commissioners Francisco Javier Acuña Llamas and Josefina Roman Vergara and their hard working staff, for making this event a reality.

As many of you will know, we were unable to hold an open session conference last year, and so this is my first opportunity to speak as GPA chair to many of you for some time.

It would be nice to begin today by talking about our achievements.

It is three years since I became chair of the Global Privacy Assembly, and this conference will be my last as chair. I would love to reflect back on how we have modernised our Assembly, given it a year-round voice, and engaged with you, the broader privacy community, more than ever before.

But as a community, reflecting on our successes is a luxury we do not have time for.

It is two years since we last held the open session in Tirana. I would love to reflect back on our successes since then. How our community responded to the COVID-19 pandemic, working together more than at any time in our history.

We must reflect on the pandemic to inform our future, and make sure we are well equipped for what comes next. But again, we not have time to rest on our laurels.

We must instead turn our attention forwards. The digital world has always turned quickly, but the pandemic has accelerated the uptake of services, the pace of innovation and the desire of organisations to look for data-driven solutions to their problems.

As a community, we have to keep pace if we’re to protect people’s privacy rights.

When someone sees the opportunity to use AI to improve healthcare, it is our job to ask whether people’s information is being treated fairly.

When someone sees the opportunity to use an app to improve COVID contact tracing, it is our job to ask whether people’s information is being used transparently.

And when someone sees the opportunity to use facial recognition technology to improve security, it is our job to ask whether people’s information is being used proportionately.

That is why the theme of this conference is a human centric approach.

We have a fantastic and varied agenda, covering a diverse range of topics: mass data processing, vaccine passports, AI,  surveillance, data ethics… so many sessions to look forward to.

But no matter what topic we discuss, we must stay focused on responding to the pace of change, with people at the centre of our thoughts.

And so I want us to keep in mind two key questions in every discussion during our conference.

We must ask:

  • ‘do we understood how people feel?’

And we must ask

  • ‘how does privacy stay relevant?’

The digital world turns quickly, and our community only has a seat at the table for as long as we earn it.

Firstly, we do that by representing people’s views. What does data use look and feel like to the people whose data is being used? That is crucial, if we’re are to help maintain people’s trust in data-driven innovation.

And we then need to turn that insight into practical value. Our input has to mean something, beyond legal boxticking. We successfully showed our relevance during COVID. We must continue to show our relevance moving forward.

I’ll bring my comments to a close there. We have a busy two days ahead of us at this open session. Let’s make the most of that time.

And let’s keep in mind those two questions.

  • ‘Do we understood how people feel?’


  • ‘How does privacy stay relevant?’

Global Privacy Assembly (GPA) ‘Giovanni Buttarelli Award’ is launched

The Chair and Executive Committee of the Global Privacy Assembly (GPA) are delighted to announce the launch of a new GPA Award in 2021 in memory of Giovanni Buttarelli, former European Data Protection Supervisor and Executive Committee Member.

This Award aims to recognise Giovanni’s invaluable contribution to the international data protection and privacy community as a leader and as a passionate advocate for international collaboration.

Elizabeth Denham, UK Information Commissioner and GPA Chair, said:

“Giovanni Buttarelli was the European Data Protection Supervisor, a truly inspiring figure in the international data protection and privacy community, and a friend. Giovanni brought his long experience and deep-felt humanity to bear in steering the work of the Global Privacy Assembly as a member of our Executive Committee, and we miss his guiding hand. This Award ensures that his legacy and advocacy for international collaboration continue.”

The Award will be presented annually at the Global Privacy Assembly Open Session.

Eligible candidates will be individuals who have demonstrated exceptional leadership or have promoted collaboration and/or partnership at a regional or international level in the field of data protection and privacy, and have helped move towards Giovanni Buttarelli’s vision for a fairer digital future for all.

The individual could have demonstrated these characteristics either throughout a certain period of time, such as when leading a particular project, or throughout their career.

The demonstration of these credentials could be, for example, through:

  • The fostering of new or innovative types of international or regional partnerships or the promotion of new collaboration methods amongst regulators, organisations and fields, such as partnerships between data protection authorities.
  • Leading on a project that has led to the development of innovative concepts or practices, which have significantly impacted the thinking in the (international) data protection and privacy community.

To be eligible for the Award, individuals must be nominated by at least one individual they have closely worked with belonging to an organisation in the field of data protection or privacy.

Details of the nominated individual’s contribution should be outlined on the application form. This form is available on the GPA website to download and complete by the given deadline.

Further information on this award can be found here.

The GPA is deeply grateful to Giovanni Buttarelli’s family for endorsing this Award.

For general and media enquiries, please contact the GPA Secretariat: secretariat@globalprivacyassembly.org.

41st ICDPPC Conference: Early bird registration now extended to 4 October

The early bird deadline for the 41st ICDPPC Conference has been extended to 4 October 2019.

The annual conference will be held in Tirana, Albania on 21-24 October 2019, and this year’s theme is: ‘Convergence and connectivity: raising global data protection standards in the digital age.’

View the conference’s full programme and register today.

For latest updates, follow @ICDPPC2019.

Statement following the passing away of Giovanni Buttarelli

Chair Elizabeth Denham and her colleagues on the Executive Committee of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) express their sadness on the news of Giovanni Buttarelli’s death.

Mr Buttarelli, the European Data Protection Supervisor, was a truly inspiring figure in the international privacy community. A renowned legal scholar, he paved the way towards establishing strong standards of personal data protection, first in his home country through his pivotal role in the drafting of Italian privacy law, and subsequently through his outstanding work on the international stage.

Mr Buttarelli brought his long experience and deep-felt humanity to bear in steering the work of the ICDPPC as a member of its Executive Committee. Nowhere was this more evident than in his role as co-host of the fantastic 40th ICDPPC Conference in October 2018, where he presided over an in-depth and creative examination of dignity and respect in data driven life. His sure guiding hand will be sorely missed, but his legacy will never be forgotten.

The Executive Committee would like to express its deepest sympathies to Mr Buttarelli’s family, friends and colleagues.

Updates from the Executive Committee


In addition to ad hoc update messages from the Chair, and information shared through the new ICDPPC Newsletter, the Executive Committee has decided, in the interests of transparency and open communication with members, to publish on the website a short summary of the discussion at each Executive Committee meeting. These summaries will start with the 51st Executive Committee meeting held on 2 May 2019.

Executive Committee meeting: 19 June 2019

The Executive Committee held its 52nd meeting on 19 June 2019 by teleconference.

The key focus of this meeting was to review the consultation responses on the Policy Strategy, progress on planning for the next Annual Meeting and next steps on the new name and logo to recommend to the Conference.

The Executive Committee noted that the 35 responses from members received to date, from a wide range of countries and jurisdictions, indicated broad support for the proposed policy priorities, with helpful indications for how the proposals could be further refined and prioritised. In light of some requests for an extension of the consultation period, related to the later circulation of the French and Spanish versions of the documents, the Executive Committee agreed to extend the current consultation until 8 July. Committee members would continue to seek out opportunities to engage with members at regional and other gatherings.

The Executive Committee thanked hosts Albania and the Programme Advisory Committee for their excellent work on the Open Session programme and noted that details including the timetable, panel topics and keynote speakers would be published shortly on both the host and the ICDPPC websites. The Committee discussed a draft agenda for the Closed Session; the broad outline was agreed with further work needed on some elements.

The Executive Committee thanked Mexico for proposing some options for a new name and a new logo, reflecting the helpful and creative input from members during the earlier consultation. These will form the basis for a further consultation with the membership over the summer. The Committee highlighted the importance of selecting a name which appropriately reflects the shift from an annual conference to a permanent body.

The next Executive Committee meeting will take place on 25 July 2019.

Executive Committee meeting: 2 May 2019

The Executive Committee held its 51st meeting on 2 May 2019 in Washington, DC, on the margins of the IAPP Privacy Summit, where several Executive Committee members were gathered.

A key focus of this meeting was taking forward the development of a policy strategy for the ICDPPC, following the adoption at the 40th conference last year of the Resolution on a Roadmap for the Future of the Conference. The Executive Committee reviewed draft proposals for key themes and policy priorities based on the initial discussion at the workshop which the Executive Committee held in London on 20/21 March. A member consultation on the strategy under development launched on 10 May, and will include raising awareness and gathering feedback from members in their regional/linguistic networks.

Arrangements were made for a Sub-committee of the Executive Committee to evaluate the two bids received for hosting the Conference in 2021 and make a recommendation to the Conference, in line with the ICDPPC Rules and Procedures.

The 2019 ICDPPC Host Authority from Albania provided an update on progress in the plans for the forthcoming conference with announcements including that the conference website is coming soon. News updates to members and observers about the programme and logistical arrangements will follow in due course.

The next meeting will take place on 19 June 2019.

Policy Strategy consultation extended

During the ICDPPC Executive Committee meeting held on the 19 June, the Executive Committee agreed to extend the consultation phase of the Policy Strategy.

The Secretariat is pleased to announce that the deadline for submitting your comments to the Policy Strategy is now Monday 8 July 2019 (close of business, UK time).

The ICDPPC’s Executive Committee launched a consultation for members on six policy areas, as well as proposals for policy priorities and actions for 2019-2021.

ICDPPC members will have received an email with more information about the policy strategy and how to respond to the consultation, which now closes on Monday 8 July 2019. If you have not received it, please email excosecretariat@icdppc.org.

Both French and Spanish versions of the documents are available.

Elizabeth Denham, Chair of the ICDPPC Executive Committee, said:

“At our 40th ICDPPC Conference in Brussels last October, we were proud to adopt the Roadmap Resolution, a clear clarion call to strengthen our committee’s core policy role and influence in advancing privacy and data protection at the international level.

“The next step is to identify the priorities to maximise that global impact. We need your expertise and insight.

“We all face the challenge of limited resources and an ever growing list of challenges that need our attention. In that context, it is crucial that we choose priorities that we all share, and we can all support to carry our goals through to fruition.

“It was with this intention that my fellow Executive Committee Members and I devoted two days at our recent meeting in London to explore the issues and to develop a proposal setting out policy priorities.

“We believe the approach we are proposing is one that will position us to remain relevant for the years ahead. But our vision must be a shared one. I hope I can rely on your input ahead of the 6 June deadline for views on this defining piece of work.”

All responses will be considered for a revised proposal for further consultation with the membership.

For further information, please email excosecretariat@icdppc.org.

Register now for ICDPPC – the general agenda themes and panels are now available!

The Chair and Executive Committee of the ICDPPC are excited to receive the news that the Host Authority 2019 has announced the general agenda and keynote speakers for ICDPPC 2019 in Tirana, Albania.

The keynote speakers, in order of appearance, are:

Jamie Bartlett, Senior Fellow, UK Demos

Brad Smith, President of Microsoft

Christopher Docksey, Honorary Director General of the EDPS

Preparations are in full swing for Tirana and registration is open.

Find out more about the annual forum where independent regulators on privacy, data protection and freedom of information meet at https://www.privacyconference2019.info.

Global Privacy and Data Protection Awards – 2019

Submit your entry by 29 July!

The ICDPPC Executive Committee is excited to announce that this year’s Global Privacy and Data Protection Awards nomination process is now open!

In its third year, the Awards celebrate the achievements of the entire ICDPPC community and shine a light on good practice.

Any member can apply. Submit your entry form by 29 July.

The award categories are:

  • Education and public awareness
  • Accountability
  • Dispute resolution and enforcement
  • Innovation
  • People’s Choice (shortlisted entries in all categories will automatically be entered for this Award)

We’ve made a minor update to the process to make it as easy as possible to vote for your favourite entries. Find out more on how to apply with the FAQs here.