Category Archives: Other

The GPA Reference Panel welcomed applications between 22 January 2021 and 19 February 2021, these applications are now being assessed and we will be in touch with all applicants as soon as we can.

What is the Global Privacy Assembly?

Established in 1979, the GPA is an international forum of data protection and privacy authorities which seeks to provide leadership at the international level by connecting the efforts of more than 130 data protection and privacy authorities from across the globe. If you wish to know more about the GPA’s current priorities, please refer to our Strategic Plan (2019 – 2020) and Policy Strategy.

What is the GPA Reference Panel?

The GPA Reference Panel will be a contact group involving a variety of external stakeholders which the GPA is seeking to establish in order to provide expert knowledge and practical expertise on data protection and privacy, as well as on data protection related issues and developments in information technology.

Who can respond to the call?

The call for interest is aimed at representatives of relevant civil society organisations, academic institutions, think tanks, non-privacy supervisory authorities, representatives of public authorities such as law enforcement authorities, and representatives of the private sector who have an interest in the vision and mission of the GPA.

If you have any questions regarding the application process and the GPA Reference Panel, please contact the GPA Secretariat email.

The Global Privacy Assembly’s (GPA) application process for new members and observers is now open for the 2021 cycle.

The GPA’s vision is to be an environment in which privacy and data protection authorities around the world are able effectively to act to fulfil their mandates, both individual and in concert, through diffusion of knowledge and supportive connections.

Since its foundation in 1979, the GPA has been continually growing and now includes more than 130 authorities from across the globe. Each year, the GPA welcomes new applications from authorities who wish to become members and from public entities or international organisations that wish to participate in the GPA as observers.

If you wish to apply for membership to the GPA, you may do so by filling in the online application form. Applications for membership will remain open until end of day, Sunday, 18 July 2021.

International organisations and public entities who wish to join as observers may do so by filling in the appropriate online application form. Applications for observer status will remain open until end of day, Sunday, 22 August 2021.

However, aspiring applicants are encouraged to submit their application as early as possible to ensure their applications are in a timely manner. Applicants are also strongly encouraged to read the information available on the Become a Member page or the Become an Observer page before submitting their application.

If you are an existing Observer whose status is due to expire in 2021, please renew your status by filling in the renewal form.

If you have any questions concerning any of the above, please contact the GPA Secretariat at secretariat@globalprivacyassembly.org.

The 2020 Census is open from the 1st December 2020 – 12th February 2021, and we look forward to your responses. The link to complete the Census has been provided to the membership for completion, if you have any queries please contact the secretariat@globalprivacyassembly.org.

The Global Privacy Assembly Census is designed to give a detailed ‘snapshot’ of privacy and data protection authorities across the globe, as well as contributing to the aims of the Resolution on developing new metrics of data protection regulation which include to:

• Develop internationally comparable metrics in relation to data protection and privacy; and
• Support the efforts of other international partners to make progress in this area.

This is the second time we have run a census in our membership, the last one taking place in 2017. We plan on presenting the full results at the latest at the 2021 annual global conference next October and several Working Groups will be invited to contribute to the analysis.

The text of the survey form used in the 2020 census (in PDF form) is available in English, Spanish and French.

The Census Privacy statement can be found here.

Information on the 2017 Census can be found here.

The 42nd Global Privacy Assembly Closed Session took place virtually on 13-15 October, with more than 100 members and observers joining together to consider key data protection and privacy challenges.

Opening the session, Elizabeth Denham, GPA Chair and UK Information Commissioner, highlighted the value of the Global Privacy Assembly’s work in raising data protection and privacy standards around the world through regulatory co-operation, and how the GPA work continued despite the COVID-19 pandemic.

Ms Denham said: “It is important that the GPA continues to modernise. It is important we continue to find ways to collaborate, so our collective wisdom can help us take better action individually. We are outward looking and have found new ways to connect with the outside world – from partnering with key international organisations such as OECD to engaging with tech companies on data protection by design. Our approach to engagement is modern and dynamic, making new ground this year.”

That theme ran through the three-day conference.

Resolutions were discussed and agreed, giving a shared view on topics including:

• Facial recognition technology, recognising the importance of acting now, with a commitment to finding a common GPA position on a technology that can be privacy intrusive and discriminatory;
• Artificial Intelligence (AI), where GPA members are encouraged to work with organisations in their jurisdictions that develop or use AI systems to implement accountability measures; and
• Humanitarian aid, where the group committed to a renewed focus on safeguards to protect personal data in this area of international activity.

Resolutions were also agreed on the GPA’s voice – a modernisation of the rules and procedures that will allow the GPA to work as a ‘year-round’ organisation and make statements at the right time, and with greater impact. Commissioner Angelene Falk, Office of the Australian Information Commissioner (OAIC), introduced the resolution noting this “initiative is another way in which the GPA is pivoting to ensure that we are actively engaging on issues in a pragmatic and relevant way. It is the next step in our continued modernisation.”

The resolutions are published on the GPA website.

Commissioner Raymund Liboro, Philippines National Privacy Commission, led a detailed session on the work of the GPA COVID-19 Taskforce. Colleagues from PCPD Hong Kong, Dubai IFC, ICO (UK), and OAIC (Australia), updated members on shared best practices, capacity building activities, and common privacy risks and challenges during the pandemic. This included a Compendium of Best Practices in Response to COVID-19.

As the Chair of the Taskforce, Mr Liboro presented a resolution that proposed the creation of a temporary working group to continue the work of the Taskforce in building and strengthening the GPA’s collective capacity in responding to challenges arising from pandemic.

Mr Liboro said: “We have maximized the GPA’s voice and influence during this pandemic – this time when the world needed our guidance. In a short span of time, with all the other pressing matters that we had to deal with individually, in our own homes, our own organizations, our own jurisdictions, we found time to come together and collaborate with our GPA community.”

Commissioner Angelene Falk, OAIC and chair of the GPA Strategic Direction Sub-Committee, updated members on the progress on the GPA’s strategic plan and policy strategy. The GPA Working Groups, which make practical progress towards that strategy, shared their achievements and their plans for 2021.

Ms Denham extended her warm welcome to the following new GPA members and observer:

• Office of the Privacy Commissioner of Bermuda, Bermuda
• Cayman Islands Ombudsman, Cayman Islands
• Data Protection Commissioner, Dubai International Financial Centre
• Canton of Bern: Data Protection Commissioner (Datenschutzbeauftragter des Kantons Bern), Switzerland
• European Consumer Organisation (BEUC) – Observer

The results of the GPA Executive Committee election were announced:

• Raymund Liboro, Privacy Commissioner and Chairman, Philippines National Privacy Commission, stood down having completed his full two-year term;
• Angelene Falk, Australian Information Commissioner and Privacy Commissioner, Office of the Australian Information Commissioner, was re-elected for a further two years; and
• Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information (BfDI), Federal Republic of Germany, was elected to the Executive Committee for a two-year term.

Closing the online conference, Ms Denham said: “We needed to hold this year’s closed session for two reasons. Firstly, we simply could not lose our momentum on important work. Secondly, we needed to hold this year’s closed session because our community has never been more important.

“The adoption of digital technologies and innovations has accelerated faster than any of us could have predicted. And with this acceleration comes an enormous appetite for personal data. As data protection and privacy authorities, we must respond. We must respond to this growth in data gathering, and more sophisticated data processing. We must respond to state use of data in response to the pandemic. And we must respond to changing attitudes to data. We do so best as a modern, collaborative community.”

For more information on the GPA’s main achievements this past year, see the Annual Report of the GPA Executive Committee 2019-2020.

Looking ahead, the 43rd Global Privacy Assembly will be hosted by the National Institute for Transparency, Access to Information and Personal Data Protection (INAI Mexico), and will take place in Mexico City on 18-22 October 2021.

More information available at globalprivacyassembly.org

Opening remarks from Elizabeth Denham CBE, GPA Chair and UK Information Commissioner, on Tuesday 13 October at the GPA Closed Session 2020 – At your desk.

Hello, and welcome to the 42^nd Global Privacy Assembly closed session.

It’s my privilege as chair to welcome you today, to what promises to be an exciting and engaging three days.

Our conference has come together annually for more than forty years. From Strasbourg to Sydney, from Marrakesh to Montreal, we’ve come together to share our expertise, our vision and our friendship.

And in 2020, in this strangest of years, we are holding our conference again.

And that’s so important.

Firstly, it means we can further the modernisation of our Assembly advanced in Tirana last year. This Assembly belongs to all of us. Today we will review the progress on our strategic plan and policy strategy, and discuss our plans for the coming year. Your voices and views are crucial.

Secondly, this conference allows us to collaborate. Tomorrow we will consider the impact COVID-19 has brought, and reflect on the pragmatic and considered response we have so far brought to the challenges of the pandemic.

And finally, this conference gives us an opportunity to speak as a community. On Thursday, we will consider the resolutions that set out where we stand, as a group and as a profession, on key issues. And we will elect those we wish to represent our community as members of our Executive Committee.

Continued modernisation. Collaboration. Community.

—

I look back on 2020 and I think ‘it would have been easy to push this Assembly’s work to one side’.

I don’t know about you but the phones in my office are ringing off the hook to respond to COVID-19. We were being asked to respond straight away and give our thoughts on contact tracing apps, immunity certificates and temperature testing.

It would have been easy to prioritise our domestic work, and postpone our GPA commitments for a year.

But that didn’t happen.

In fact, our Assembly has been busier than ever.

It feels like the GPA has really come to life over the past year, and is supporting members more than ever before.

What I am most proud of as chair is that we were ready for the challenge 2020 brought.

We have worked hard over the past few years: modernising the assembly, setting our strategic direction, and building our capacity.

And so we could respond to the challenges the pandemic brought.

—

I spoke last year about my ambition for an Assembly that can support one another year round.

The COVID-19 taskforce has shown we are that Assembly.

I want to thank Commissioner Chung, our colleague from Hong Kong for her team’s role in pulling together the Compendium of Best Practices,.

And I want to particularly highlight Raymond Liboro who took on the taskforce when he was so busy domestically. Thank you Raymund.

—

I want to talk about how we’ve engaged with those outside of our group.

I spoke last year about my ambition for an Assembly whose doors are open: open to new members, open to new ideas.

Our work with others this year showed me we are now that Assembly.

The GPA fails if it only engages members rather than influential organisations like governments, international bodies and those who represent business and consumers.

We brought big tech – Google and Apple – into our discussions on privacy design of their API.

And we worked alongside OECD on our COVID workshops. These events showed how we can work with others to influence the debate and guide governments, civil society, regulators and policymakers on key issues.

Thank you to everyone who helped organise the workshops, including the secretariat, my ICO colleague Steve Wood – who also has his OECD role, and Joe Cannataci, UN Special Rapporteur on Privacy, for his very thought provoking keynote.

—

It is clear that we meet at a time the likes of which none of us have experienced.

We have seen extraordinary times.

We’ve gone beyond a short-term crisis.

Data protection commissioners are being asked questions today that would have been unthinkable a year ago. About significant data collection. About a shifted relationship between state and citizen. About compromises on privacy that would have been previously unthinkable.

And none of this is going away.

The decisions our community makes now, shape the future.

And that includes the decisions we make to continue the evolution of our Assembly.

It is important that we continue to modernise.

It is important we continue to find ways to collaborate, so our collective wisdom can help us take better action individually.

And we must remember that our community has never been more important.

Continued modernisation. Collaboration. Community.

—

We move now to the business of the week.

I’m sure, like many of you, there’s a slight sense of sadness here.

We achieved so much last year in Tirana, but also wasn’t it fun? I’m going to miss the conversations in the coffee breaks and the opportunity to catch up with old friends. I’ll miss the hospitality of our hosts, and the fantastic awards ceremony. I’ll even miss the traditional dancing I enjoyed at the gala dinner, although I appreciate others might be grateful to not have to witness that again!

Such conferences will come again. I am really excited about 2021 in Mexico City, hosted by Francisco Javier Acuna Llamas and his fabulous team –  you will hear more about Mexico on Thursday.

But this year we are online, and bringing together more than a hundred member and observer authorities.

It’s incredible to think that this year, of all years, we have as many people in the virtual room today as we had in the conference room last year. That’s a similar number who came to Tirana last year.

You may be sitting at your kitchen table, in your child’s bedroom or at the office.

Wherever you are, you are welcome. Please get involved, intervene, ask questions. We really want to hear what you’ve got to say – we are a global Assembly, and all the better for the wealth of different voices we hear.

I would like to thank our interpreters and our colleagues who helped make this conference a multilingual event through the translation of the conference documents: gracias to our friends at INAI Mexico, and merci to our friends at the AFAPDP.

I have to mention the time difference. The nature of a global event is that there isn’t a time that suits all. And so I’m very grateful to my friends who are giving up their evening to join us. And I’m very grateful to my friends, where it is early morning, and where I hope there is plenty of strong coffee.

On that note, our sessions this week are shorter than usual, in line with the constraints we face with this type of digital event. With that in mind, I must insist everyone keeps to time on their allocated slots. My colleagues in the secretariat will be watching the clock closely, and making sure we keep to our published agenda.

—

And so to the agenda.

The agenda is structured into three days, with a key focus each day to ensure we make real progress.

Day one: we’ll hear a report back on the strategy we agreed in Tirana. And we’ll ensure our future plans are still clear.

Day two we’ll cover the biggest challenge we all face: COVID-19, and consider how to continue supporting one another.

And then day three is a day of decision making, including voting on resolutions to ensure we have a formally agree direction.

The September 2020 edition of the Global Privacy Assembly’s Newsletter is available now.

Get the latest insight and updates from our members and observers on the international data protection and privacy landscape.

View newsletter.

The Global Privacy Assembly (GPA) Executive Committee and the GPA Secretariat are delighted to announce the Global Privacy Assembly 2020 Closed Session – At Your Desk on Tuesday 13 October, Wednesday 14 October and Thursday 15 October 2020, from 11:00-14:00 (UK time) for GPA Members and Observers only.

A unique event this year, the Global Privacy Assembly will bring together the GPA members and observers online for the very first time to engage in rich debate and high-level decision-making, from the comfort of your own home/office. The event will consist of three separate three-hour online sessions from 11:00-14:00 (UK time) hosted by the GPA Secretariat at the Information Commissioner’s Office (ICO) UK on the Microsoft Teams platform.

Our work involving both Members and Observers in shaping the Global Privacy Assembly this past year has been defining, and in these exceptional times, in a fast-paced environment, the GPA has played a positive role, demonstrating pragmaticism and enabling the critical sharing of information amongst the membership.

The Global Privacy Assembly 2020 Closed Session – At Your Desk will highlight the work of the GPA this year, have your say and get the latest information on the:

• GPA’s contribution to supporting our members with analysis of the most pressing priority policy matters at global level, and our progress against the GPA Strategic Direction;
• GPA’s impact in helping members to work with their governments to address the global COVID-19 pandemic, revealing the role and contribution of the GPA COVID-19 Taskforce; and
• Debate and influence the GPA’s core business, strengthening the GPA’s voice on the international arena.

For more information on the Closed Session and registration visit https://globalprivacyassembly.org/gpa2020

Please contact the GPA Secretariat if you have any queries: secretariat@globalprivacyassembly.org

Established in 1979, the GPA community has continued to grow ever since, currently comprising more than 100 member authorities across the globe.

Each year, the GPA welcomes new applications for data protection authorities wishing to join as members, as well as for other public entities and international organisations having an interest to become GPA observers.

The deadline for applying for GPA membership closed on 10 July 2020 and will re-open later this year.

If you wish to join the GPA community as an Observer, please complete the relevant application form. Applications for observer status will close on Sunday 9 August 2020, although prospective applicants are strongly encouraged to submit their application at an early stage.

For any questions related to the GPA Accreditation process for membership and observer status please get in touch with the GPA Secretariat at secretariat@globalprivacyassembly.org

This article was published by the International Association of Privacy Professionals (IAPP) on 25 August 2020.

By Jennifer Bryant at IAPP

While the COVID-19 pandemic has necessitated using data to analyze and map its origins and spread, Philippines National Privacy Commissioner and Chairman Raymund Liboro said “our data subjects need us now more than ever.”

During the pandemic, data privacy professionals play an important role in protecting data, fostering privacy rights, and earning and maintaining the trust of those they serve, Liboro recently told fellow privacy commissioners, privacy officers in the corporate sector and members of the Global Privacy Assembly, a global forum for data protection and privacy authorities.

During a webinar hosted by the GPA in collaboration with the Centre for Information Policy Leadership, “Data Protection Reimagined: Digital Acceleration, New Emerging Issues and the Role of Privacy Regulators in the COVID-19 Era,” Liboro said, “We must let them know that we are their guide in all matters related to privacy and data protection. That we are here to guide them with the most relevant guidelines and best practices.”

Liboro is chair of the GPA’s COVID-19 Response Task Force, created by the GPA Executive Committee last spring as it recognized the similar challenges data protection and privacy authorities around the world are facing in addressing the crisis. The group has met every two weeks since May, working to “consolidate efforts, maximize voice, gather expertise, and assist GPA members and observers in addressing the emerging data privacy issues posed by the spread of the virus worldwide,” he said.

The task force comprises members from Europe, Asia, North America, the Middle East, Australia and New Zealand, as well as international organizations serving as observers, including the International Committee of the Red Cross and Organization for Economic Co-operation and Development.

“What we hope to accomplish, the primary role of the task force, is to coordinate and help drive the GPA’s practical responses to the privacy challenges coming from COVID-19, inform positions on related topics, and enhance capacity and capability for the GPA privacy community,” Liboro said.

Privacy has never faced a challenge of such a global nature as COVID-19, he continued, with authorities and communities around the world tackling issues like collecting and sharing data among health authorities, government agencies and law enforcement, handling children’s data associated with online learning, privacy in the workplace and work-from-home environments.

“The pandemic has necessitated all of government, all of society’s response, and I personally believe as data protection authorities we also have to respond to this as a community,” Liboro said. “For data protection authorities, we are all bound in our responsibilities and we need to cooperate with one another to advance the goals of our own authority, but also link arms with the rest of the privacy community and really emphasize that data protection and privacy in the time of COVID-19 is tantamount to saving lives.”

As part of its work, the GPA COVID-19 Response Task Force launched the COVID-19 Response Repository, a website with the latest statements from authorities, resources, research content and events related to the pandemic and the task force’s work. It also kicked off a series of webinars in collaboration with various privacy networks and organizations, thus far discussing contact-tracing applications with representatives from Apple and Google, examining the role of data protection authorities in COVID-19 response.

Looking forward, Liboro said the task force will compile a resource of various jurisdictional experiences and responses to the pandemic that will not only be useful now as the world responds to COVID-19, but also in the future as a reference for data protection and privacy authorities.

“It’s very important that we not only provide inspirational guidance to our fellow data protection authorities, but also the actual opportunities they can use and deploy within their own jurisdictions. Our members have a ready toolbox where they can draw out any reference or resources that can be useful to them,” he said. “We’re also documenting and making sure that future authorities would have a resource reference that they can pool knowledge from.”

With more than 22 million confirmed COVID-19 cases worldwide, Liboro said the work of data protection and privacy authorities, as well as the GPA COVID-19 Task Force, is “far from over.”

The group will continue to share knowledge, content and engagement opportunities and anticipates publishing guidelines this fall on the best practices in COVID-19 response, incorporating what has been learned over the past months.

“It will be learnings, best practices and approaches from different networks, regions and associations across the world,” Liboro said. “The DPAs, the authorities, how are we functioning in the trenches? We really want to draw that out.”

In leading the task force, Liboro said he turns to his experience as the privacy commissioner in the Philippines, taking the approach that data protection and privacy authorities serve as both “enablers and protectors” of citizens’ personal data.

“We need to enable jurisdictions and organizations to implement best practices, to learn from one another,” he said. “We are all in the same boat that is this pandemic, and we are all reeling from the impacts. The response of governments all over the world will always touch on the processing of personal data. So it’s really a matter of as authorities we have to look at this holistically, we have to look at this in a practical way and where governments, and generally the whole population, will view us as part of the solution.”

The Conference Report of the 41^st International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Tirana, Albania is now available.

View the report.