Entries submitted

 

D1: European Data Protection Board -EDPB
D2: Office of the Privacy Commisioner of Canada – OPC
D3: The Israeli Privacy Protection Authority.
D4: Office of the Privacy Commissioner for Personal Data, (Hong Kong), Office of the Privacy Commissioner of Canada, Norwegian Data Protection Authority (Datatilsynet), and the Superintendence of Industry and Commerce (Colombia)
D5: Spanish Data Protection Agency -AEPD

D1- Entry by: European Data Protection Board -EDPB  

Description of the initiative:

On top of the one-stop-shop and the dispute resolution mechanism as the formal ways of enforcement cooperation between DPAs in the EU, the EDPB has the important role of promoting enforcement cooperation in a general sense.

The Vienna statement marked EU DPAs’ clear commitment to strengthen their cooperation.  A series of initiatives was launched to enhance the consistent application of GDPR enforcement and to combine national expertise.

 Why the initiative deserves to be recognised by an award?

The entry into application of the GDPR signalled an increase in enforcement responsibilities for a majority of DPAs and the need to cooperate closely through a new mechanism. 5 years after GDPR became applicable, EU DPAs have developed an operational and integrated network of cooperation on enforcement.

In addition to ensuring that the one-stop-shop mechanism was operational and functional since day 1, the EDPB and DPAs invested energy and resources in developing a true culture of structured enforcement cooperation to optimise the use of their limited resources.

View more information

D2- Entry by: Office of the Privacy Commisioner of Canada – OPC

Description of the initiative:

During the Pandemic, the Office of the Privacy Commissioner of Canada (“OPC Canada”) investigated complaints relating to the Public Health Agency of Canada’s (“PHAC”) collection and use of Canadians’ mobility data to combat the COVID crisis.  After analysis of the mobility data de-identification process, the OPC Canada found that the data had been successfully deidentified, such that no personal information was collected by PHAC for their COVID tracking purposes.

Why the initiative deserves to be recognised by an award?

The digital economy and society is shaped and driven by the blinding fast pace of technological innovation and its use of personal data for novel public and private sector purposes.  A key challenge in this landscape for both governments and organizations around the Globe, is how to successfully de-identify and/or anonymize data.

Similarly, DPAs and Privacy Experts have been working to both provide advice and solutions, such that the power of data may be harnessed in a manner that respects the privacy and data protection right of individuals.  It is both a complex and technologically challenging endeavour, especially when one considers how anonymization becomes more difficult over time with advancement in re-identification techniques.

The analysis and findings of this investigation demonstrate that despite the challenge, de-identification can indeed be successful, such that we can realize a substantial public good (i.e. the fight against COVID) while promoting and protecting the privacy rights of individuals.  In other words, Privacy and Innovation can, and do, work in support of each other.

Mindful of the importance of this global issue (anonymization and de-identification), the OPC Canada ensured the most rigorous of technological investigations and crafted the Investigation Report in a manner that would highlight best practices of successful de-identification, such that it could be used as an example to promote compliance with organizations in Canada and around the world.

View more information.

D3- Entry by: The Israeli Privacy Protection Authority

Description of the initiative:

A unique criminal investigation conducted by the Israeli Privacy Protection Authority (PPA) focused on the sharing and use of medical data, one of the most sensitive cases that the Authority encountered: the fact that a woman made an appointment at a clinic in order to have an abortion.

Why the initiative deserves to be recognised by an award?

The case is unique and important for a number of reasons: the sensitivity of the data, the emphasis on the obligations, which apply on those who have access to sensitive medical data, the fact that even in the absence of a personal or financial reward to the offender, a serious offense of sharing personal data can occur.

View more information.

D4- Entry by: Office of the Privacy Commissioner for Personal Data, (Hong Kong), Office of the Privacy Commissioner of Canada, Norwegian Data Protection Authority (Datatilsynet), and the Superintendence of Industry and Commerce (Colombia)

Description of the initiative:

The “Transnational Case Map” seeks to identify all the cases that IEWG members have had with transnational implications. Such cases can go from Administrative fines from a DPA, Administrative orders or any other kind of enforcement tool that any of IEWG members have used with implications beyond its borders.

Why the initiative deserves to be recognised by an award?

The Transnational Cases Map should be rewarded not only for its innovative way of making information on enforcement tools available to the community, but also for being an ideal tool for teaching personal data protection authorities about each other.

The Transnational Case Map is a constantly evolving product. This is due to the fact that it is intended to be updated year by year with transnational cases. In this way, enforcement tools are being taught, analyse and compared year by year.

The interactive method of the map helps the privacy community to embrace another source of primary information on relevant topics such as:

  • Transnational data protection investigations.
  • Data protection convergence.
  • Cooperation between Data Protection Authorities.
  • Enforcement tools.

View more information.

D5- Entry by: Spanish Data Protection Agency -AEPD

Description of the initiative:

The Spanish Data Protection Agency (AEPD) has set up a Priority Channel to deal with requests for urgent removal of sexual or violent online content (images, audios), when they include personal data without the consent of those affected.

It´s an instrument for communicating the unlawful dissemination of sensitive content that causes serious harm and damage to those affected and to offer a rapid response to those affected in exceptional situations that stops its dissemination.

Why the initiative deserves to be recognised by an award?

The Priority Channel has proven to be an effective instrument in situations where the physical and psychological integrity of the persons concerned is put at serious risk by the dissemination of videos, audios or other information that is posted and disseminated online and that constitutes digital violence, especially against women, children and vulnerable people. The Priority Channel aims to prevent as far as possible damage that is sometimes irreversible.

The year 2022 has been the year of consolidation of the Priority Channel after a continuous and laborious process of dissemination. During that year, the Priority Channel received 422 requests for removal which, once assessed, led to 60 urgent interventions for the removal of content with a 95% success rate. So far this year, 243 requests have been registered, confirming the importance that it has been acquiring since its implementation, as it has become known to society.

The purpose and effectiveness of the mechanism as a further guarantee of people’s rights and freedoms to protect them in exceptional situations that cause serious damage and harm, especially to particularly vulnerable people.

View more information