Entries submitted
A1- Entry by:Autoridade Nacional de Poteção de dados (ANPD)
Description of the initiative:
The Danilo Doneda Award, established in 2023, pays tribute to the legacy of Danilo César Maganhoto Doneda, a distinguished jurist and professor recognized for his significant contributions to data protection and public policy studies, both in Brazil and around the world. The aim of the competition is to promote reflection and scientific discussion in the field of privacy and data protection, thus expanding the frontier of knowledge on these topics. Submissions must meet all the requirements described in the notice and on the ANPD website, including formatting rules and relevance to the ANPD’s 2023-2024 Regulatory Agenda or 2024-2025 Priority Themes Map. Eligible participants include university students enrolled in any undergraduate course at institutions recognized by the Ministry of Education, as well as recent graduates. Submissions are evaluated by a judging panel which selects the three best based on technical and scientific quality. The winners receive certificates and their work is published. The 2024 edition features several new improvements, including cash prizes: R$8,000 (around 1,400 euros) for first place, R$5,000 (around 870 euros) for second place and R$3,000 (around 520 euros) for third place. To wider participation, the deadline between the candidates’ graduation and the announcement of the competition has been extended. In addition, entries can now be coauthored by up to two people, and the prize money will be split between them.
Why the initiative deserves to be recognised by an award?
The Danilo Doneda Award deserves recognition for several compelling reasons. First, it honors Professor Danilo César Maganhoto Doneda, a global key figure in data protection, ensuring his contributions are remembered. By fostering interdisciplinary knowledge in the data protection field, the award addresses a critical issue in the digital age, encouraging better policymaking, best practices, and safeguards for personal information.
The award targets undergraduate students and recent graduates, stimulating academic interest and stimulating academic interest and nurturing young researchers in their pursuit of data protection studies. The inclusion of cash prizes incentivizes excellence and ensures impactful submissions. The focus on themes relevant to the ANPD’s Regulatory Agenda and Priority Themes ensures that the research contributes directly to policy development. Also, the end goal is to foster the emergence of a diverse new generation of scholars that are going to build Brazil’s future on data protection and privacy.
Allowing co-authored papers fosters collaboration and broadens participation, enriching the pool of ideas and solutions presented. Extending the eligibility window increases accessibility, attracting a diverse range of participants. The publication and dissemination of winning papers raise public awareness about data protection issues, educating a broader audience.
Finally, the award aligns with the ANPD’s mission to build a culture of data protection in Brazil, reinforcing its commitment to this crucial area. Overall, the Danilo Doneda Award effectively promotes academic excellence, policy development, and public awareness in data protection, making it a highly deserving recipient of recognition.
A2 – Entry by: Autoridade Nacional de Poteção de dados (ANPD)
Description of the initiative:
Although the National Data Protection Authority (ANPD) is a relatively young institution, with only three years of existence, it already demonstrates a significant commitment to expanding knowledge in personal data protection. This initiative is particularly impactful for senior federal public administration officials, reflecting the ongoing effort to strengthen data protection practices.
The project invites public sector entities to participate in the “ANPD Convida” program, which is carefully segmented by the nature of the entities, forming groups with similar practical experiences in personal data protection.
The program content, developed by ANPD specialists, is widely applicable to the public sector and covers crucial topics, including:
- The trajectory and mission of the ANPD, highlighting its main competencies;
- Fundamental concepts of privacy and data protection, legal bases, and the pillars of the LGPD;
- The interaction between the Access to Information Law (LAI) and the LGPD, focusing on the compatibility between these laws;
- The essential role of the Data Protection Officer in the public sector.
After approximately six hours of presentations at ANPD headquarters, the program dedicates time to an interactive question-and-answer session. Given the homogeneous composition of the groups, the questions raised by the officials reflect practical and real issues, facilitating the acquisition of clarifications that benefit all participants.
This engagement not only brings the ANPD closer to the challenges faced by public managers in adapting to the LGPD but also serves as a vital tool for improving the Authority’s actions aimed at the public sector.
Why the initiative deserves to be recognised by an award?
The LGPD entrusted the ANPD with the responsibility of promoting awareness of the rules, public policies, and security measures related to personal data protection within society.
The “ANPD Convida” initiative is strategic for fulfilling this institutional mission, as it focuses on the public sector as a personal data processing agent, thereby achieving a significant multiplier effect.
The provision of public services is a crucial area when it comes to exercising the right to the protection of personal data.
When considering the people who use public services as data holders, it is clear that the more the public sector aligns itself with best practices in data protection, the more likely it is that public services will also be in conformity.
In this regard, promoting educational actions on personal data protection among public sector officials is of crucial importance. With the advancement of its regulatory and supervisory agenda, the ANPD has been expanding its role in data protection education across various sectors of society.
“ANPD Convida” exemplifies a comprehensive, strategic, and high-impact approach well-suited for the Global South and Brazil. This program merits recognition for its contribution to promoting data protection best practices in Latin America.
A3- Entry by: Autoridade Nacional de Poteção de dados (ANPD)
Description of the initiative:
From its inception just under four years ago, the ANPD has prioritized public education and awareness on privacy and data protection. Even amidst the challenges of the pandemic and limited resources, the Authority has consistently strived to reconcile its regulatory efforts with providing clear guidance to society. This commitment is reflected in the publication of 12 guidelines and the organization of webinars following the release of regulations. These webinars, hosted on the ANPD’s YouTube channel, fostered public engagement by facilitating a question-and-answer format.
The ANPD recently published a privacy and data protection glossary, serving as a guiding document. This glossary aims to enhance the legal certainty, transparency, and clarity of ANPD-issued documents. It further serves to optimize understanding for personal data subjects, controllers, and processors. The glossary consolidates key concepts and definitions based on ANPD publications and standardized legislation.
Why the initiative deserves to be recognised by an award?
The ANPD recognizes the importance of its guiding and enforcement roles. By publishing guidelines and hosting webinars, the Authority demonstrates this commitment to fostering a data protection culture in Brazil. This focus is particularly relevant considering the nation’s relatively recent adoption of data protection regulations compared to European countries. The ANPD’s educational materials cater to diverse audiences, ranging from large data controllers to SMEs, Data Protection Officers (DPOs), and individual data subjects.
A4- Entry by:Catalan Data Protection Agency
Description of the initiative:
As part of the commemoration of the International Day of Data Protection (28/01/2023), the APDCAT, in collaboration with the Library Service of the Catalan Ministry of Culture, launched the program “Who are you? Data that speaks about you”, in order to raise awareness among citizens, through fun and educational activities, about the importance of taking control of privacy. Thus, during 2023, the network of public libraries in Catalonia hosted various itinerant activities to spread the culture of privacy and the protection of personal data, especially among children, who are particularly vulnerable to the risks of the internet and new technologies.
The goal is for them to grow up fully aware of the value of their personal data and the importance of protecting it, in order to mantain their autonomy, independence and freedom in an eminently digital world. Moreover, it is key that they learn how to protect themselves and who to turn to in case they consider their rights have been violated.
The project ”Who are you? Data that speaks about you” also includes activities for a young and adult audience, in order to activate critical thinking in the face of everyday situations that we may encounter with the use of technology, and establish warning and protection mechanisms against situations that may lead to data loss, beyond cyber attacks.
The range of designed activities includes games, stories, reading workshops and film forums. Specifically:
P@ssW0rd! magic show: designed for children between 6 and 12 years old, the show seeks to convey with magic tricks the importance of digital identity and privacy, dealing with various topics such as data destruction, geolocation, passwords, connected devices, etc.
Video story ‘An exciting journey’: for children up to 9 years old, includes the viewing of this story that reflects on Jana’s experiences in the virtual world.
Storytelling: it includes two stories, ‘La cotorra’ and ‘El tigre bondadós’, for children between 7 and 11 years old, whose protagonists help make children aware of the risks of sharing their data.
MemoriDada: this is a memory game for children up to 12 years old, with pairs of drawings that go into detail about the risks of the internet, mobile devices, smart toys, video games, voice memos, passwords, video surveillance, etc.
Online game ‘You choose!’: this is an interactive game for young people between 12 and 16 years old, where they will be presented with different challenges.
Reading clubs for young people and adults: with ‘Quality Land’, by Marc-Uwe Kling, and ‘The Vestigial Heart”, by Carme Torras, two science fiction novels to reflect on the impact of technology.
Film forums: with ‘Snowden’, ‘Catfish’ and ‘Ghost in the Shell 2.0’, three films to discuss technology and personal data, artificial intelligence, mass surveillance and relationships in the digital realm.
Why the initiative deserves to be recognised by an award?
The APDCAT offers resources to raise awareness on the culture of data protection to citizens, through the network of public libraries, which are easily accessible for everyone. The library network offers optimal spaces for the development of these fun and informative activities, with the protection of personal data as the protagonist.
This project brings forward the culture of privacy to libraries throughout Catalonia.
The initiative aims to highlight the protection of privacy through games, reading, debate and recreational activities, which the APDCAT has designed and made available to public libraries in Catalonia.
“Who are you? Data that speaks about you?” aims to raise awareness among citizens about privacy in the digital world with cultural events such as storytelling, trying to encourage critical thinking through readings (using, for exemple, science fiction), debates and colloquia, in optimal venues, such as the network of public libraries within the country. We back learning through games and culture!! We encourage debate and reflection!
A5- Entry by:Albania Data Protection Commissioner
Description of the initiative:
The Information and Data Protection Commissioner’s Office always pays great attention to strengthening cooperation with educational institutions, with the aim of raising awareness and expanding knowledge for the practical exercise of rights. The Office of the Commissioner has conducted several awareness-raising activities in various high schools across the country, also in the context of International Data Privacy Day on January 28, to increase awareness about personal data protection and privacy for the younger generation. Administrative investigations have also been conducted in the secondary education sector, involving both public and private controllers across the entire territory of the Republic of Albania, in cities such as Tirana, Durrës, Shkodra, Vlora, and others, with the aim of verifying compliance with the obligations derived from national legislation on personal data protection. During the inspections carried out on these controllers, several issues were identified regarding the legality of processing, the security and confidentiality of personal data, particularly during the use of social networks and technological platforms. At the conclusion of these investigations, the Office of the Commissioner issued a Unifying Recommendation, which comprehensively addressed the issues and the measures that need to be taken to remedy them.
In the context of the findings from the Unifying Recommendation, the Office of the Commissioner organized an event in cooperation with the Organization for Security and Co-operation in Europe (OSCE), with the presence of the Ministry of Education and Sports, and the participation of administrators, parents, teachers, students, and psychologists. This event reflected the current situation regarding the compliance with personal data protection legislation and provided guidelines for improving the implementation of these legal obligations.
Meanwhile, a training program has been developed, both in document format and as a PowerPoint presentation, which was presented during the event for the secondary education sector on personal data protection and privacy while browsing the internet. This program will assist teachers and students in using social networks, taking care of privacy protection, exposing private life on them, understanding the importance of security, and protecting personal data from online risks. This constitutes an educational program for the entire younger generation, introducing them to important terms and simultaneously helping teachers educate students on why privacy is important and how to protect their privacy online.
Why the initiative deserves to be recognised by an award?
We believe this initiative should be appreciated as it will serve to raise awareness among this age group about privacy management, thereby limiting the risks of its violation to ensure their safety in the digital environment. Technology, as an important part of our daily lives, predominantly involves the younger generation in its use. Despite the advantages technology brings, it is crucial that children/students under 18 years old are aware of the risks associated with internet browsing. Considering that the most severe consequences of online data publication affect a delicate age group such as children and minors, the Office of the Commissioner has undertaken this initiative to minimize privacy risks that include fraud, online harassment, bullying, and personal threats. Raising awareness through the issuance of recommendatory acts, activities, and the training program implemented by the Office of the Commissioner, will serve this age group to understand that, often, even though it may seem harmless, websites and applications collect personal data from users which can lead to serious consequences for individuals.
A6- Entry by: Albania Data Protection Commissioner
Description of the initiative:
The Commissioner’s Office has conducted several awareness activities within the framework of the International Privacy Day on January 28th, to raise awareness with regard to personal data protection and privacy. One of the initiatives of the Commissioner’s Office was the creation and distribution of an awareness video for public and private controllers through the contact point “Data Protection Officers (DPO)”, where each DPO was responsible for sharing the link to the video that was previously published on the official YouTube channel. This video was created with the main idea of reminding Controllers and every employee of the Controller regarding the security measures and care that must be taken during internet usage.
Why the initiative deserves to be recognised by an award?
On January 24, 2024, the Commissioner’s Office notified 175 public and private controllers via the DPO email, out of which 164 DPOs distributed the video to all employees. This demonstrates the prompt consideration and immediate cooperation in the framework of “International Privacy Day.” Within 4-5 days, the video reached 3,579 views, a considerable number given that Albania is a small country. The average number of participants in the activities conducted is around 150 attendees. Additionally, it is worth noting that the videos on the Commissioner’s Office’s official YouTube channel typically reach 100-150 views.
From the above results, we believe that this initiative should be appreciated due to the scale it achieved. Through this announcement, it also mobilized other mechanisms, such as notification via the DPO, raising awareness among controllers about some simple security measures that, although they may often seem harmless, can lead to serious consequences for individuals. Most importantly, it increased the interest of individuals (employees) in becoming familiar with the law on personal data protection.
A7- Entry by:European Data Protection Supervisor (EDPS)
Description of the initiative:
To celebrate the EDPS’ 20th anniversary, the institution publishes 20 video interviews with prominent figures from different fields (e.g. academia, economics, medicine, education, music, entertainment, art etc.) and from different continents. The interdisciplinary multilevel approach enables the audience to explore privacy and data protection, as well as differences in approaches, challenges and opportunities that each expert is experiencing in their respective fields. These talks explore the critical role of privacy and data protection in modern society. The diversity of perceptions brings a fresh understanding for policymakers but also raises awareness for the public. Each talk addresses how evolving technologies and policies shape the landscape of privacy within society.
The initiative aims to deepen public understanding and stimulate discourse on various topics. Discussions with guests raise awareness about privacy challenges, inform policy debates, and highlight the implications of technological advancements on personal security in the audio-visual format (videos and podcasts). Among our speakers, Eva Galperin’s talk on cybersecurity underscores the importance of protecting individuals’ data from cyber threats, thereby advocating for stronger protective measures. Caroline Sinders’ insights on tech innovation within the art focus on the ethical implications of AI and machine learning, urging for more responsible development practices. Towela Nyrenda Jere’s talk on privacy developments in Africa. Additionally, talks with high-level experts such as Amandeep Singh Gill, UN Special Envoy on Technology, Koen Lenaerts, President of the European Court of Justice, prof. Daniel Solove, writer, and Nataša Pirc Musar, President of the Republic of Slovenia, emphasise the necessity of data minimisation, better regulatory frameworks, explore global challenges of data governance, and advocate for international cooperation.
The interviews will have a long-lasting impact on the debate on present and future challenges in various fields and their impact on privacy and data protection
Why the initiative deserves to be recognised by an award?
Overall, the “20 Talks” series serves as a vital educational tool, promoting an informed and proactive stance on privacy challenges and future developments. The initiative fulfils several impactful points, towards not only policy-makers but notably society. Firstly, educational impact: by featuring dialogues with experts on crucial current issues such as cybersecurity, technological innovation or data minimisation, it educates on data protection and privacy challenges and their solutions from diverse perspectives.
Secondly, awareness and advocacy: it raises awareness about the importance of data protection in an increasingly digital world in an engaging way, promoting a culture of vigilance. The talks highlight the crucial role of privacy in society and how it intersects withvarious fields (art, medicine, academia, business, sport and more).Next, diverse perspectives: the series includes a variety of opinions and viewpoints, enriching the discourse around privacy and technology. Its future focus explores these challenges and opportunities in the evolving digital landscape.
Furthermore, stakeholder engagement: the series fosters collaboration between regulators, industry experts, and the public, promoting a unified approach to privacy. The talks provide valuable guidance for policymakers, helping them craft informed effective regulations that address contemporary privacy concerns, especially within AI.
Last but not least, future-oriented and international standards: the initiative does not only reflect on past achievements within the law enforcement area, but also sets a forwardlooking agenda for privacy. The discussion contributes to the global dialogue on privacy, helping align standards and practice.
A8- Entry by: Hellenic Data Protection Authority
Description of the initiative:
The initial version of the Platform became operational in September 2023 with:
- a space for discussion and exchange of views (for registered users – data protection professionals). See here
- and a digital library with supporting material (open to all). See here
It operates under the guidance and supervision of the Hellenic DPA’s staff,but is not intended to provide specific advice or answers in individual cases or to replace DPOs.
The aim of the platform is to share specialised knowledge by topic, in order to facilitate the practical application of data protection principles by data protection professionals (DPOs, specialists with a relevant background, IT professionals involved in/implementing relevant projects, etc.).
The discussions and the information available on the platform are categorized into 10 thematic areas (topics). Professionals can browse the library without any need for registration, while, if they wish to ask a question or raise an issue of interest among their peers, they have the opportunity to register (using just an email) to the platform and post their question under the appropriate thematic area. Staff from the HDPA is also participating in the discussions. The HDPA is also able to receive feedback from the platform, to be considered during its prioritization process.
The platform aims to bring a solution to the need of DPOs and Data Protection Professionals for specialised guidance and the limited HDPA resources, mobilizing its participants to share knowledge and ideas.
For the creation of an e-platform for the cooperation and exchange of views of DPOs and data protection professionals it was necessary to carry out a survey, among privacy professionals, first of all to identify those professionals and furthermore to point out as accurately as possible their needs and concerns on data protection related matters and to specify the main thematic areas on which the platform should focus on during its initial operation.
After the submission and evaluation of the questionnaires two workshops were organized in the second quarter of 2023 in order to discuss the findings of the survey, to present basic functionalities of the platform and to determine precisely its content and how it works.
The first seminar took place on Monday 29 May 2023 at the University of Piraeus and the second one (with the same content) was held on-line on June 1st (2023). During the seminars the participants became acquainted with the e-platform. They also had the opportunity to raise questions on the platform operation and make constructive comments in relation to its use.
360 DPOs and professionals that had already expressed their interest to participate in the events were invited and most of them accepted and registered to the events. In the end, 59 DPOs and privacy professionals participated in the F2F event and 82 participated in the remote event.
Following the identification of the needs of privacy professionals and the results of the survey carried out for this purpose, the collaboration platform was developed.
Up to now, more than 300 DPOs and Data Protection Professionals have registered to the platform (which is available in Greek)
Why the initiative deserves to be recognised by an award?
The platform (named collab.dpa.gr) introduces a new approach to the guidance of DPOs and Data Protection Professionals. The HDPA, recognized the need to provide specialized guidance, beyond a basic level (e.g. beyond a general knowledge of the GDPR and relevant legislation and the official guidance offered by the EDPB). At the same time, the HDPA (as mοst DPAs) suffers from limited resources and a large number of cases to be handled.
In order to find a proper balance, the HDPA decided to bring the principles of “crowdsourcing” to the field of Data Protection. Thus, the platform is used as a “safe” space for the exchange of knowledge of professionals of the field. The HDPA expects that in the future, as more items are discussed on the platform, DPOs and Data Protection Professionals will be able to use a valuable space of specialized resources.
At the same time, the electronic library acts as a repository of guidance texts that are recognized by the HDPA as of importance for the specific item. These texts include open resources, like court judgments, official authority guidance, and technical guidance by recognized organizations or international standards. Each participant can propose a text, thus contributing to the improvement of the platform.
Operation of the platform is governed by a flexible regulation, issued by the HDPA and drafted in cooperation with its participants.
A9- Entry by:Hellenic Data Protection Authority
Description of the initiative:
The HDPA had created a website for young people in 2010 which contained useful information for their online presence. Over the years, that proved to be a valuable source of information not only for children, but also for educators and organizations acting for the benefit of children. Although information available was updated at several occasions, the format of the presentation became obsolete and not appealing to young people. In addition, the online presence of young people has changed their way of life and brought new challenges to Data Protection.The new micro-site of the HDPA aims to be the central point of reference for valid and complete information on how a young person can benefit from the opportunities of the internet while being able to control how his/her personal data are used online.
The content includes material presenting ways to stay safe online. It contains four main thematic sections on
- Privacy,
- Publications,
- Online contacts,
- Social Networks.
It is accompanied by a Glossary of privacy terms for young persons.
It has also been built in such a way that more thematic areas can be added.
For a more effective understanding of the instructions and content, each section of the material includes Key Takeaways and interactive applications like Quizzes, and also Videos in every section.
The HDPA is currently constantly updating the mini-site. It is noted that the mini-site is built using templates and can be easily upgraded and stay “fresh” and current
Why the initiative deserves to be recognised by an award?
The microsite aims to raise young persons’ awareness of their rights and responsibilities in relation the protection of their privacy online.It includes practical knowledge and instructions which are organized in thematic sections (Privacy, Publications, Online contacts, Social Networks).
The material includes a useful Glossary, Key Takeaways and interactive applications like Quizzes, and also Videos for every thematic section.
This activity constitutes an easy point of reference for young persons, whenever they face a problem with their online personal data, while at the same time it is a useful resource for educators.
A10- Entry by:Entry by: Information and Privacy Commissioner of Ontario (OIPC)
Description of the initiative:
In 2022, a coroner’s inquest into the murders of three women in rural eastern Ontario due to IPV resulted in 86 recommendations to avoid such a tragic incident from reoccurring. Among the recommendations was a call for the IPC to collaborate with IPV professionals to develop a plain-language guide to help practitioners navigate the complex issues of privacy, confidentiality, and public safety. Situations of IPV, particularly against women and girls, are rising at alarming rates, and many have been calling on government to designate IPV an epidemic. Recognizing the critical importance of this work and the realities of the current context, the IPC immediately agreed to address the recommendation and committed to working with others over the course of two years to develop the guidance.
The resulting Sharing Information in Situations Involving Intimate Partner Violence: Guidance for Professionals, released in 2024, provides a clear and practical framework for practitioners to determine when it is appropriate to share relevant information to protect individuals at risk of serious harm. The guide was developed through extensive consultations with a diverse range of stakeholders, including the justice sector, child and family services, health care providers, and IPV service providers. The IPC also worked with a women’s advocacy centre to hold small focus groups with female survivors of IPV to hear their views directly.
The guide addresses key considerations such as the legal parameters for information sharing under Ontario’s privacy laws, the principles of necessity and proportionality, and the importance of timely and accurate communication. It emphasizes that privacy laws should not be perceived as barriers but as frameworks that support the responsible and lawful sharing of information to prevent harm and help save lives.
Divided into accessible sections, the guide includes real-world scenarios and decision-making tools to assist practitioners in making informed and timely choices. By fostering a better understanding of the legal context and providing practical guidance, the initiative aims to enhance the ability of professionals to protect vulnerable individuals while respecting their privacy rights.
Why the initiative deserves to be recognised by an award?
In cases of IPV, practitioners sometimes delay taking action if they are concerned that doing so may violate an individual’s right to privacy. Sharing Information in Situations Involving Intimate Partner Violence: Guidance for Professionals was developed using an inclusive, innovative, and collaborative approach to addressing this critical public safety issue. Developed through extensive stakeholder engagement, the guide provides a clear, actionable framework with scenarios and decision trees to support practitioners navigating the complexities of privacy and information sharing in cases of IPV.
This initiative stands out for its commitment to protecting vulnerable individuals while balancing the need for privacy and confidentiality. By demystifying Ontario’s privacy laws and emphasizing that they are not barriers to sharing information when there is a risk of serious harm, the guide empowers professionals across sectors to make informed decisions that can help prevent harm and save lives.
The guide’s practical tools and real-world scenarios make it an invaluable resource for those on the front lines of IPV prevention, ensuring that timely and relevant information is shared appropriately and responsibly. Its release marks a significant step forward in enhancing the safety and well-being of women at risk of intimate partner violence.
A11- Entry by:Information and Privacy Commissioner of Ontario (OIPC)
Description of the initiative:
Now in its fourth season, Info Matters promotes information literacy and enhancing the public’s knowledge of their privacy and access rights. In each episode, we tackle the most pressing questions of our time: How can we guard against cybercrime? What are the human rights implications of facial recognition technology? What does Gen Z think about privacy? Info Matters shares essential tips to help listeners stay safe and informed in a digital world.
Privacy matters to each of us—but it matters in different ways. Info Matters features guests from a wide range of backgrounds, each with a unique perspective. Through this diversity, the show offers an intersectional look at privacy and information access from the perspective of groups whose experiences are not often heard or understood. As examples, we have explored the unique privacy, identity and dignity needs of individuals experiencing homelessness, using health data to make a positive difference for marginalized communities, and seeing privacy through an equity lens in the child welfare sector.
Info Matters demonstrates our commitment to listening to different perspectives, demystifying issues and making them more understandable, and serving the needs of everyday Ontarians. Fostering these human connections is key to our overall mission of acting as a modern and effective regulator.
Below are some of Info Matters’ most popular episodes.
Season 1 Episode 7: First Nations data sovereignty
This episode explores how the principles of data ownership, access, control, and possession (OCAP) help promote the ethical use of data about First Nations, by First Nations, and for First Nations.
Season 2 Episode 2: Family ties: Using investigative genetic genealogy to solve crimes
Commissioner Kosseim speaks with renowned DNA forensics expert Dr. Frederick Bieber about the use of genetic genealogy by police, and the associated privacy risks.
Season 3 Episode 3: A casual conversation between two Canadian privacy commissioners (Bilingual)
Commissioners Kosseim talks to Privacy Commissioner of Canada Philippe Dufresne about some of the challenges and opportunities they face and potential areas for collaboration between their offices.
Also see our “Best of Season Three” episode for the highlights of our 2023 season.
Why the initiative deserves to be recognised by an award?
Since its launch in 2021, Info Matters has been downloaded nearly 15,000 times, reaching audiences in Canada and beyond. In 2023, the show was awarded a Canadian Podcast Award for Outstanding Technology Series, a testament to its success in bringing crucial information to the public. As of 2024, Info Matters was ranked by Feedspot as the #7 data security podcast worth listening to in 2024.
In the digital age, privacy education is more important than ever, but oftentimes, key information remains inaccessible to the general public. Info Matters is filling a crucial knowledge gap, inviting listeners of all backgrounds to join in the conversation through a different medium. It’s also arming listeners in Ontario with invaluable knowledge about their own privacy and transparency rights, giving them the tools they need to protect themselves and their personal information
A12- Entry by:Information and Privacy Commissioner of Ontario (OIPC)
Description of the initiative:
The IPC’s strategic priority, children and youth in a digital world is focused on championing the access and privacy rights of young Ontarians by promoting their digital literacy and the expansion of their digital rights while holding institutions accountable for protecting the children and youth they serve.
In 2023, our office launched a series of new youth-focused initiatives to empower the next generation of digital citizens. Key projects include:
The IPC Youth Advisory Council
In 2023, the IPC assembled a Youth Advisory Council (YAC) composed of remarkable young people from diverse communities and backgrounds. The YAC members have shared their perspectives on the challenges and risks of the digital world, provided input on youth-focused initiatives, and championed privacy and information access rights among their peers.
Youth-focused social media campaigns
In 2023, the IPC launched several social media campaigns targeted at youth. Our original characters and storylines teach younger audiences about privacy in engaging ways. “Privacy Monsters” like Hackenstein and Decrypt Keeper teach youth about risks to online privacy, while “privacy horoscopes” remind them of ways to keep their data safe.
Privacy Pursuit! lesson plans
Privacy Pursuit! is a set of lesson plans to help teach students about privacy and data protection online. Each lesson plan covers topics related to privacy and digital literacy, tailored to different age groups between grades two to eight. Privacy Pursuit! was chosen as one of three finalists out of nearly 75 entries for 2023’s IAPP Privacy Innovation Awards in the North America and Latin America regions.
Digital Privacy Charter for Ontario Schools
Schools play an essential role in preparing youth to become responsible digital citizens. The IPC developed its Digital Privacy Charter for Ontario Schools to support educators and school boards in this role. The charter establishes a set of twelve privacy best practices schools can undertake to both protect and empower students. These commitments provide an opportunity for schools to demarcate their leadership by being proactive and assertive in their pledge to protect privacy. By adopting the Digital Charter, schools can support students’ privacy education and reaffirm their commitment to students, parents and communities.
Why the initiative deserves to be recognised by an award?
Most privacy-related content is directed at adults and professionals. But really, it’s young people who are most in need of privacy education and who represent our hope for the future. They’re growing up in a digital world, and cybersecurity will be even more vital to their personal and professional lives than it already is for the rest of us. That said, concepts related to privacy and cybersecurity can be difficult to explain to children and youth, often feeling abstract and distant. The IPC’s youth-focused initiatives present this information in a format that is simple, accessible, and fun for young people. Our Privacy Pursuit! lesson plans and social media campaigns leverage gamification to keep audiences engaged. Meanwhile, our lesson plans and the Digital Privacy Charter recognize the crucial role that schools and educators play in the development of digital literacy.
The formation of the IPC Youth Advisory Council has been a vital step in this work. Through regular online meetings, members of the Youth Advisory Council continue to provide us with a window into the privacy, identity, and reputational struggles young people face online, helping us better focus our efforts on the areas where it counts the most.
A13- Entry by: Information Regulator of South Africa
Description of the initiative:
For its strategic plan for the period 2022 – 2027, the Information Regulator adopted an impact statement that reads: “All persons are empowered to assert their rights to privacy, as it relates to the protection of personal information and their right of access to information.”
In working towards the achievement of the intended impact, the Regulator initiated in 2022 its flagship programme – the “Dikopano” – which is about taking the Regulator to the people. Dikopano means “community meetings” in Sesotho, one of South Africa’s official languages.
The programme is in the form of provincial roadshows and comprises public activations, stakeholder engagement sessions and community engagements.
The rollout of the programme involved collaboration with local traditional and community leaders and local government who mobilise the communities to attend community engagements. The sessions are conducted in the language the communities are comfortable expressing themselves in and the opportunity was afforded to them to have an open dialogue with the Information Regulator.
At these sessions, the entire senior leadership of the Information Regulator, the Executives, and senior officials engage with the community on socio-economic development issues that they encounter, and they advise the community on how the data protection legislation can be used to address the problems raised.
The types of matters that typically form part of the dialogue between the Information Regulator and the communities often relate to cases when there has been an interference with the personal information of data subjects in the process of delivery of essential public services such as payment of social security grants, provision of health services, etc. Depending on the query that would have been raised, the Information Regulator would either provide guidance on how any matter can be resolved by linking the solution the provisions of the Protection of Personal Information Act No.4 of 2013 (POPIA), or the matters would be referred to the case managers of the Information to investigate the matter formally.
The seventy-two (72) Dikopano and public awareness programmes have been rolled out in South Africa’s most disadvantaged areas, such as Soweto (Johannesburg), KwaZulu-Natal, Limpopo, Mpumalanga and the Eastern Cape provinces.
Why the initiative deserves to be recognised by an award?
The Dikopano programme is a unique intervention because it brings the issue of data privacy to the attention of marginalised communities who, because of their socio-economic background, would not ordinarily have access to the key officials of the Information Regulator. The programme democratises the opportunity for engagement with the Information Regulator. Without the Dikopano programme the risk will be heightened that data privacy remains a concern for the elite and that the policies of the Information Regulator are influenced only by the views and experiences of those that have easy access to, and resources for engagement with, the Information Regulator. This initiative is essential in bringing a critical service to communities and is crucial in highlighting the intersectionality between the work of the Information Regulator and the developmental needs of, and public service delivery to, disadvantaged communities.
Through the Dikopano, the Regulator has been able to demonstrate to disadvantaged communities how POPIA can serve as a shield to protecting the privacy rights and protection of their personal information.
A14- Entry by:Institute of Transparency, Access to Public Information, Protection of Personal Data and Accountability of Mexico City (INFOCDMX)
Description of the initiative:
Background:
The Open Society project began in 2017 through a General Collaboration Agreement signed between Instituto Nacional de Transparencia, Acceso a la Información Pública y Protección de Datos Personales (INAI) and the Instituto Tecnológico y de Estudios Superiores de Occidente (ITESO).
In 2022, INFOCDMX and INAI made the decision to activate the Open Society project. Thus, from September 6 to 23, 2022, the University Weeks for Transparency were held in 10 higher education institutions in Mexico.
In 2023, because of a call addressed to all Universities, Higher Education Institutions and Research Centers of the Mexican Republic, 37 universities were visited from February 13 to November 17 of that year.
By 2024, the actions carried out in previous years have been consolidated, in addition, within the framework of the democratic process that the country is going through, a voice has been given to the university community of higher education institutions in Mexico.
Activity topics:
- Privacy, personal data protection and social networks in university life.
- Artificial intelligence and digital violence.
- Access to information and personal data protection during elections.
- Artificial intelligence in the management of public policies.
- Workshop on Privacy and Personal Data Protection.
- Workshop on Submission of requests for rights of Access, Rectification, Cancellation, Opposition and Portability of personal data (ARCOP).
- Presentation of the Editorial “Digital rights”.
- Knowledge Rally where exercises were carried out on ARCOP rights requests.
Impact from 2022 to June 2024:
- More than 50 higher education institutions visited
- 17,200 students attended in person.
- Around 33,000 views on social media.
The University Weeks are structured as follows: Opening ceremony.
- Student debate panel.
- Conference, workshop or editorial presentation.
Why the initiative deserves to be recognised by an award?
In Mexico, education and the protection of personal data are conceived as human rights, which must be guaranteed and protected progressively and in a broad sense by all institutions in the country. In this context, guarantor organizations such as INAI and INFO CDMX, together with higher education institutions in Mexico, through this project, have brought university youth closer to the channels and ways that allow them to take advantage of and capitalize on their involvement in building safer futures and the goals that we aspire to have as a democratic society.
This initiative is based on the conviction that with the help of young people, various proposals can be promoted, since their voices have been used to recognize the challenges in terms of personal data protection, including in the digital field, as well as the reforms necessary to guarantee their privacy, even proposing mechanisms for the dissemination of this right.
It has also made it possible to show that young people debate, participate, and actively get involved; thus, Open Society is an initiative that can extend its reach and generate positive inertia and confluences between the various national, regional and, eventually, global youth. Therefore, this project is considered a good practice that could be replicated in the GPA member countries.
A16- Entry by:National Commission for Informatics and Liberties (CNIL)
Description of the initiative:
Since 2013, the CNIL gathers non profit organizations involved in digital education in a group called “Collectif Educnum”.
In 2019, the group created an escape game to help families, schools and children to understand data protection, cyberbullying, fake news, video games, influence mechanism, data economy. 7 000 people had a chance to play the game.
The experience of playing an escape game helps to anchor knowledges by approaching such complex and serious subjects in a fun and engaging way.
The people who benefited from the experience told us they wanted to know more about each theme, and keep the information “inked”.
To fix the information, circulate it among the public, and greatly multiply its dissemination, we created a booklet grouping together for children, and adults the main information about the above-mentioned topics.
The booklet “Tous en mission” has a side for children (recto) and a side for adults: teachers and parents (verso). For all, one theme, one double page.
On the children side: there is part of text and a game. Each game is different, to keep attention, and exercise brain all the time. Stickers children can fix for each mission done helps to maximize the game effect.
On the adult’s side, text and link to activities that can be done at home or at school
In the middle of the booklet, there’s a proposal for a family pact: an opportunity to discuss digital issues and agree on rules to be applied inside and outside home.
To add more fun and create a positive emotion, a sense of attachment to the subjects covered, we added stickers of the characters, which the youngsters enjoy sticking on their personal belongings. A way to make children think about their private life every time they see the character.
Why the initiative deserves to be recognised by an award?
The initiative is remarkable for the heterogeneous nature of the entities involved in the project, for the awareness of protecting privacy online, and think about all the dimensions of online life.
The format particularly suits to children and adults, taking into account their cognitive maturity.
A17- Entry by:National Commission for Informatics and Liberties (CNIL) & Personal Information Protection Commission (PIPC)
Description of the initiative:
According to the results of the surveys on teenagers’ activities carried out both by the PIPC and by the CNIL, a large majority of teenagers acknowledge that they have already disclosed personal information to a data controller when they are using private and/or public services. Moreover, their regular and prolonged presence online increases the risk that they disclose their personal data without always being fully aware of it and aware of all consequences for their present and future life. Therefore, it was necessary to produce an educational medium that South Korean and French teenagers can read, or even display, in order to understand and to encourage them to exercise their data protection rights.
Given the international impact of Korean culture in France within the targeted audience, the choice of an educational medium taking the form of a Korean Webtoon should have a strong and positive impact and help to develop a young audience’s awareness on data protection issues in South Korea, in France and beyond.
Regarding the content of the poster, using narrative and visual codes that are similar to those commonly used by young people in their reading or hobbies (Korean webtoon in paper format or online) should help draw their attention and maximize their focus on the personal data protection issues. Therefore, this type of medium could contribute efficiently to developing adolescents’ reflexes in preserving their own personal data.
Easy to read, print, and put at home, at school, or any place where teenagers are going and staying, the proposed poster could have a large impact in teenagers’ life. Moreover, since the CNIL and PIPC provide this digital educational material freely, it could be easily displayed in schools or places frequented by young people (e.g. schools, libraries, digital games events).
Lastly, the realization of this poster in Korean, French and English will also allow a dissemination of this educational medium beyond South Korea and France borders. Many data protection authorities face the same issues and could benefit from this educational medium by translating it into their own languages and by sharing it with their own young people.
Why the initiative deserves to be recognised by an award?
Online, teenagers are quickly developing automatisms to give away their personal data without hindsight, ignoring their data protection rights and how to exercise them.
This project, resulting from a unique collaboration between two data protection authorities from two different jurisdictions, is an educational medium illustrating in the form of a manhwa (Korean webtoon) what personal data is, what personal data rights have adolescents, and how they could exercise them. Therefore, adolescents can easily understand their rights: access, rectification, opposition, erasure, and portability.
In addition, the illustrations design includes text in boxes and captions to facilitate their translation in foreign languages to ease their reuses internationally by other data protections authorities. The illustrations are also digitalized and copyright free, easing their distribution worldwide.
Finally, its digital format eases its use both in public and in private spaces. For illustration purposes, in South Korea, the poster was sent to 500 schools and promoted at popular sightseeing spots for children during May and in France, it was dispatched during a two days event on Digital Games in Paris. In both countries, it was also shared on social media platforms in order to widen its exposure to young people.
A18- Entry by: National Data Protection Commission of Luxembourg (CNPD)
Description of the initiative:
The CNPD launched the ALTO project (« dAta Protection compLiance supporT tOolkit ») in 2022 based on the following observations.
Despite many initiatives launched by the CNPD during the preparation and launch phase of the GDPR in 2018, awareness of small organisations regarding basic data protection principles and compliance obligations is considered still poor thus calling for a new approach in awareness raising and training.
SMEs and very small entrepreneur businesses are still much immature regarding personal data protection challenges whereas they represent in Luxembourg (and on average in the EU economy) more than 90% of the employment and of the GDP.
In addition, SMEs are often at disadvantage compared to large organisations in terms of resources and expertise.
Finally, these small players operate in complex economic environments, characterised by a strong increase of data processing across all business processes (B2B, B2C, B2G), the rise of artificial intelligence and evolving legal frameworks on data governance, data sharing, social media and cybersecurity.
Based on this, the CNPD, with the support of the Luxembourg House of Cybersecurity, submitted the ALTO proposal in the call “Citizens, Equality, Rights and Values Programme (CERV)” of the European Commission (DG JUST) which was selected as a project to be cofounded.
DAAZ is a simple, intuitive, anonymous, and free online tool to push education of small economic actors regarding personal data protection principles, to increase their awareness and understanding of their obligations towards GDPR and to help them assessing and improving their measures for GDPR compliance in their daily business activities.
The platform application is multilingual (French, English from July 2024 on, German from September 2024 on) and can be translated into other languages.
The platform was created in two main steps. First, the identification of the real needs of SMEs through an anonymous online survey with the assistance of all major professional business associations of SMEs in Luxembourg, Second, the development of the pedagogical goals to be achieved and the specific format and platform technology for implementation. This second step was done in an agile development mode based on constant feedback loops with SMEs test users.
Why the initiative deserves to be recognised by an award?
DAAZ is the result of an innovative approach for awareness raising in SMEs (the predominant type of companies in the national and European economic landscape) regarding privacy. It is an intuitive eLearning platform integrating the concepts of story learning and gamification as well as design thinking while giving access after completion to a set of documentation.
- No prerequisites are needed. The welcoming design and the high interactivity make appropriation and engagement of non-specialist users easy and enjoyable for them. It makes privacy and GDPR accessible in a non-legal language.
- DAAZ is a multilingual online tool potentially adaptable for an international use beyond Luxembourg and its Greater region borders.
- DAAZ was developed as the main deliverable of a project selected in a competitive call for proposals of the EC specifically aimed towards awareness raising activities of DPAs.
- DAAZ was designed and developed in collaboration with the national cybersecurity competence centre NC3 providing strong competence and expertise for building a robust, reliable, and secured platform.
- As a modular tool designed for use on tablet, desktop or mobile, it offers flexibility and scalability, promotes accessibility and inclusivity and allow for expansion with diverse themes and technologies.
- The use of DAAZ is completely free and truly anonymous and secured.
A19- Entry by: National Institute for Transparency, Access to Information and Personal Data Protection (INAI)
Description of the initiative:
In Mexico, an older adult is defined as someone over the age of 60 and refers to the stage when all life experience has been accumulated and most family, professional and social goals have been achieved. But it also marks the beginning of a period when people are physically, socially and economically vulnerable.
There are currently more than 15 million older adults living in Mexico, of whom approximately 9.8% use the Internet through various electronic devices, either to interact and communicate with other environments or to access information, obtain goods and services, and maintain intergenerational relationships.
While it is true that the benefits and opportunities offered to older adults using the Internet and new technologies stand out, the risks to their privacy and the protection of their personal data must also be considered.
In this context, it was agreed to promote the initiative “Conectad@s y protegid@s: Workshop on Personal Data Protection and Digital Literacy for Older Adults”, to be carried out jointly by the INAI and the Federal Institute of Telecommunications (IFT), within the framework of the Specific Cooperation Agreement signed in March 2022, in order to promote among older adults knowledge on personal data protection, as well as skills and attitudes to effectively solve problems with digital tools and/or in digital contexts. The workshops started at the end of 2023 and will continue throughout 2024 in different states of the country with the support of the local guarantor bodies.
This activity aims to respond to the need of older adults to learn about the importance of protecting their personal data, to provide them with the “Decalogue on Personal Data Protection for Older Adults” prepared by INAI, and to offer them useful advice on how to use Information and Communication Technologies responsibly, while reducing the digital divide. All this in the knowledge that it is increasingly necessary to use technologies to purchase products and services and to carry out procedures of a different nature.
Why the initiative deserves to be recognised by an award?
The initiative ” Conectad@s y protegid@s: Workshop on Personal Data Protection and Digital Literacy for Older Adults” deserves recognition for its outstanding usefulness and impact in promoting data protection and digital literacy among a population that is often marginalised when it comes to digital technologies and services. In Mexico, where more than 15 million people are considered older adults, this workshop is essential.
Co-hosted by INAI and the IFT, the workshop addresses the urgent need to educate this population on the protection of their personal data and the responsible use of technology. It will also provide concrete tools, such as the “Decalogue on the protection of personal data for older adults” developed by INAI, and practical advice on how to navigate safely in the digital world.
The relevance of this initiative lies in the fact that while digital technologies offer many benefits to older people, they also pose significant risks to their privacy and security. Therefore, this workshop not only bridges the digital divide, but also empowers this demographic to participate safely and effectively in today’s digital society. Its nationwide implementation, supported by local guarantor organisations, ensures its long-term impact and sustainability.
A20- Entry by: National Privacy Commission Philippines (NPC)
Description of the initiative:
The four (4) legs of the DP Roadshow were conducted in the 4 largest provinces in the Philippines where thousands of participants in total have attended. The DP Roadshow is geared towards the following objectives: (1) strengthen data privacy awareness of companies including the government and private in these locations; (2) equip Data Protection Officers (DPOs) and /or their Compliance Officers for Privacy (COPs) and boost compliance of companies with the requirements of the DPA and the NPC’s issuances; and (3) establish data privacy point of contacts in the regions and boost sectoral participation.
The DP Roadshow has featured DPOs who shared their knowledge and expertise on how to substantially comply with the NPC’s mandate which is to ensure compliance of personal information controllers in the Philippines. The convergence of the DPOs and heads of organizations nationwide has enabled collaboration and knowledge-sharing between and among them, both private and public sectors. The DP Roadshow has featured an NPC Registration System help-desk for those availed assistance in their registration with the NPC Registration System.
Why the initiative deserves to be recognised by an award?
The NPC was established only in 2016 and only less that 20% of the Philippine’s population know its existence, thus many Filipinos have unfeigned ignorance of the DPA. It was only during the height of pandemic where Filipinos were made aware of NPC when voluminous reports about online lending applications were filed before the NPC. Only then when NPC conducted several compliance checks to various lending companies who processed personal data which are not proportional to the declared purpose.
To resolve this mainstream issue, the NPC has continued its active collaboration with the DP Council in order to strengthen data privacy awareness of the private and public sectors, especially on the compliance aspect with the DPA. Thus, this continuous collaborative efforts between the NPC and DP Council, through the DP Roadshow, many companies and organizations are now able to ensure that they comply with the DPA and the NPC’s issuances, evident by the number of NPC seals of registration posted within their premises and on their websites.
A21- Entry by: National Privacy Commission Philippines (NPC)
Description of the initiative:
The Program consists of courses on data privacy that are essential for anyone who seeks to have a better understanding of the DPA and other related topics, and projects geared towards data privacy education. The framework is set forth in NPC Circular 2023-02. For each course, the NPC will develop a uniform curriculum, modules, and learning outcomes to establish a standard and ensure the quality of data privacy education in the Philippines. The Program is designed to allow training providers to easily deploy the courses in a cost-effective manner in order to provide more individuals with opportunities to learn about data privacy.
The use of the uniform materials will be licensed to qualified training providers. The training providers will prepare training courses consistent with the prescribed curriculum and conduct the courses to the public. The NPC will also consult with data privacy practitioners in the private sector to ensure that the courses under the Program are practical.
In lieu of a one-time application fee, the NPC will collect from training providers royalties based on the enrollees for a specific course from training providers. A one-time application posts a barrier to entry for smaller training providers given the economic considerations in the Philippines.
The Program includes the Data Privacy Foundational Course, which focuses on the fundamental concepts and principles of Philippine data privacy law. A pilot and feedback session was conducted in partnership with the Bangsamoro Parliament of the Bangsamoro Autonomous Region in Muslim Mindanao. To supplement this, the NPC also produced animation videos that break down the basic concepts and principles into bite-sized and easy-to-understand pieces. The videos are available in English, Tagalog, and Bisaya, which are widely spoken languages in the Philippines, in order to empower a wider audience. The videos may be accessed through this link: https://www.youtube.com/@DataPrivacyCompetencyProgram/videos
Why the initiative deserves to be recognised by an award?
The Program seeks to create a positive impact by taking the next step from awareness to nurturing a deeper understanding of data privacy.
There is no precise word for privacy in Filipino or in any of the Philippines’ languages or dialects. With the Program, we aim to educate more people and encourage more discussions on data privacy in the Philippines.
The Program is designed to democratize access to and provide cost-effective quality data privacy education in the Philippines by ensuring that everyone, not just the privileged few, is on a similar footing when it comes to understanding and applying the foundationa concepts and principles of the DPA. It establishes a framework for collaboration between the NPC and qualified training providers to ensure that the courses and materials will be relevant and practical for a contextual understanding of privacy specific to the Philippines.
The Program will provide the necessary building blocks to help anyone navigate the complexities of the constant processing of personal data. This encourages controllers, processors, and data subjects to develop privacy-preserving practices. After all, the more people who understand privacy, the better it is for cultivating a culture of privacy within the Filipino community.
A22- Entry by: National Privacy Commission Philippines (NPC)
Description of the initiative:
The “Privacy in the Spotlight” is an initiative of the National Privacy Commission aimed at raising awareness and educating individuals, communities, businesses, and the public, particularly data subjects, about the importance of privacy, safety, security, and trust in the online world. The initiative was formatted into a webcast format which enhances its accessibility and impact.
The webcast format was chosen to present the audience with engaging and informative content covering diverse topics in data privacy and protection. These include discussions on emerging technologies like deepfakes and artificial intelligence, as well as practical advice on online dating safety, women’s privacy, compliance checks, data breaches, and LGBTQ+ online safety. The webcast’s interactive features allow viewers to actively participate through live Q&A sessions, comments, and suggestions, enabling participants to have their questions answered by experts.
Webcasts are particularly engaging because they combine visual and auditory elements to capture and maintain the audience’s attention which creates a more immersive learning experience. The use of multimedia makes complex topics more understandable and relatable. Additionally, the webcast format is a current trend due to its flexibility and convenience allowing people to tune in from anywhere at any time.
One of the key advantages of the webcast format is its ability to transcend geographical barriers, allowing Filipinos around the world to access episodes through their mobile phones, regardless of location. This global reach ensures that Filipinos everywhere can benefit from the information and insights shared through various episodes.
The title “Privacy in the Spotlight” is symbolic, representing the tension between the desire for privacy and the reality of being in the public eye. By placing “privacy” and “spotlight” side-by-side, the webcast aims to empower individuals to navigate the complexities of privacy in an interconnected world.
Overall, the “Privacy in the Spotlight” initiative serves as a platform for promoting digital literacy, empowering individuals to make informed decisions, and fostering a safer and more secure online environment for all.
Why the initiative deserves to be recognised by an award?
Privacy in The Spotlight” deserves an award for its innovative approach, interactive format, comprehensive coverage, and significant impact on promoting privacy education and awareness.
“Privacy in The Spotlight” is the first-ever webcast-type program launched by the National Privacy Commission. This initiative has redefined privacy education by leveraging the power of social media to engage with a vast audience.
Since the beginning of 2024 alone, the initiative has reached around 100,000 viewers and garnered more than 50,000 engagements on NPC’s YouTube and Facebook pages.
The webcast’s design ensures that episodes are easily accessible to everyone, anytime and anywhere, by being available on the Commission’s official YouTube and Facebook pages.
The webcast features discussions led by experts on privacy-related topics, including emerging technologies like deepfakes and artificial intelligence, online dating safety, women’s privacy, compliance checks, data breaches, and LGBTQ+ online safety.
One of the standout features of “Privacy in The Spotlight” is its interactive nature. Live viewers are encouraged to participate actively through Q&A sessions, comments, and suggestions.
Overall, “Privacy in The Spotlight” serves as a platform for promoting digital literacy, empowering individuals to make informed decisions, and fostering a safer and more secure online environment for all.
A23- Entry by: Office of the Data Protection Authority of Guernsey (ODPA)
Description of the initiative:
Bijou Seeds is designed to promote Children’s Privacy Rights by engaging all partner groups through education and outreach. Education is the foundation of Bijou Seeds and the most important of groups are the children. Designed and led by an Outreach Officer who is a qualified teacher, the ODPA’s youth outreach programme, ‘Project Bijou Seeds’, educates hundreds of children every year via in-school sessions about how to navigate the online world safely. To complement these conversations and target younger kids, this talented Outreach Officer wrote a children’s book about an inquisitive bear named Warro who goes on an adventure in the digital world while wondering “Who is asking for my information, what do they want to know, why do they want it, where will it go?”
The next most important partner group are parents, with their empowerment being critical to Bijou Seeds. To this point, in early 2024 the ODPA created the Bailiwick Data Protection Advisory, and promptly issued one of its first advisories to protect children, alerting residents of a local Snapchat group where children were encouraged to share indecent images of themselves.
In that advisory and subsequent BBC interviews, parents were encouraged to engage with their children about the reputational and long-term risks associated with sharing personal information that could then find an indelible presence online.
The children’s support network is rounded out with educators and community leaders. To this end, Bijou Seeds convened a ‘Roundtable on protecting children online’ where Bailiwick education leaders shared experiences, challenges and strategies towards elevating children’s privacy rights in today’s digital era.
But protecting children is a dynamic rather than static responsibility, and a critical part of Bijou Seeds’ current activities is preparing for the future. This is why the ODPA are leveraging the wealth of collective partner knowledge and experience towards the development of a ‘Children’s Framework’ to support the responsible and ethical use of information about children.
This is a framework that will combine the legal requirements of local data protection legislation with the relevant principles and provisions outlined in the United Nations Convention on the Rights of the Child.
Why the initiative deserves to be recognised by an award?
You have heard the expression, “it takes a village to raise a child”. Well at ODPA Guernsey it is recognized that “it takes an island to protect our children” which is why Bijou Seeds demands action from every key partner – regulator, educators, parents, business leaders, and most importantly – the children themselves.
Promoting children’s rights is an ODPA priority and explicitly written into Guernsey’s data protection law. And that is not surprising. In fact, it is a reflection of the deep commitment that Guernsey residents have towards the care of their most cherished treasure – its children. And educating children was, and remains, the core of Project Bijou which is why the decision was intentionally taken for the education program to be designed by a professional children’s teacher, in a manner of speech that children can truly understand and relate to.
By taking a holistic approach to protecting children while engaging with all key partners Bijou Seeds has been able to create: school curriculum, literature, and community alerts which educate and deliver actionable advice to all corners of society. This strategic approach has triggered an exceedingly high level of awareness and public engagement both within the borders of Guernsey and overseas (see links in section e). Recently, there has also been a spike in both book sales of Warro and child-centred conversations taking place regularly in the Guernsey Press (local newspaper).
And finally, Bijou Seeds has been successful because it reflects a key regulatory pillar of the ODPA – balance. Whether in schools or in the pages of a children’s book, delivering a balanced message is critical. Protecting children is certainly not about banning them from the online and virtual world, so the Bijou Seeds message must remain relevant and realistic, acknowledging the benefits of engaging and connecting in the digital era, while outlining the very real risks that children, and their parents, must navigate.
A24- Entry by: Office of the Privacy Commissioner of Bermuda
Description of the initiative:
In January 2025, Bermuda will bring the majority of the Personal Information Protection Act 2016 (PIPA) into effect. Throughout 2024, PrivCom has developed and released an implementation plan to assist organisations in Bermuda with becoming compliant with the PIPA. This plan consists of 37 weekly updates with an article, resource, tool/template, and public engagement event. A dedicated page was created as a primary resource for information regarding the steps organisations need to take: https://www.privacy.bm/rtp2024
These weekly updates provide step-by-step guidance on how to create a privacy programme in a jurisdiction that does not have precedent in these matters. Organisational privacy officers can log in each Monday of 2024 to receive an update on a tangible action that they can take that week. The weekly update will provide an article or blog post from PrivCom or a partner organisations, a resource that the privacy officer can use to improve their understanding of a topic, a tool or template that they can use to actually execute the task, and an online or in-person event to learn more and meet stakeholders. The various updates were in written, audio, video, and in person form, providing a multimedia project for the community.
Compliance is a journey, not a destination, but the “Road to PIPA” programme provides tangible steps that the organisation can take on their journey. Quarterly checklists provide previews of the steps to come as well as retrospective checklists of activities. By creating monthly and weekly deadline, the office encouraged the community to start preparing in January 2024 and not to wait to begin to build their compliance programme.
Why the initiative deserves to be recognised by an award?
This effort involved the entire office in planning, drafting, and executing the weekly tasks. PrivCom needed to create a body of knowledge that the community can use for compliance, and the country did not have such precedent before the office created it. The project consists of an entire year of shared effort.
All the materials for the Road to PIPA remain available in an archive, allowing future organisations who are building a privacy programme for the first time to access them at: https://www.privacy.bm/rtp24-archive
A25- Entry by: Ombudsman’s office of the City of Buenos Aires
Description of the initiative:
The initiative has taken different kinds of actions, activities, campaigns, trainings and oficial interventions. The most relevant are: Special button on the homepage of our institutional website We have installed a special button on the homepage of our institutional website that provides access to all the information that the population needs about digital gender-based violence. Visitors to the website can find a definition of digital gender-based violence, a detailed description of the situations in which they can report rights violations, and a button to fill a report. Commitment Letter Against Digital Gender-Based Violence In the framework of International Women’s Day, we call on international human rights organizations, academic institutions, and social organizations of women, children, diversity, and technology to celebrate the signing of a Commitment Letter Against Digital GenderBased Violence. The objective of this initiative was to strengthen consensus and joint working networks to raise awareness, prevent, and eradicate this problem that affects the private and public trajectories of women and LGBTQ+ people. Campaigns The virtual is real / violation of rights Is composed of six audiovisual pieces in which behavior patterns are given around 4 main points: -Identity theft -Harassment -Leak intimate images -Share intimate images The virtual is real / Digital violence
The campaign featured three videos: the first illustrating situations of gender-based violence suffered by public figures. Within the framework of the stand that the institution sets up at the Buenos Aires International Book Fair, through which around 1 million people circulate for 6 weeks each year, in 2024 we held a workshop under the title “Let’s talk about digital gender violence.” Training Together with the organization Faro Digital, we developed a training program focused on the dissemination of non-consented images. The program is composed of three modules that are available in virtual format. Partnerships Strategic work is carried out with civil society actors and other state organizations in order to generate alliances that strengthen the promotion of rights and the need to establish defense mechanisms against digital violence against women: Grooming Argentina Invited by Tik Tok and Grooming Argentina, the Ombudsman, María Rosa Muiños, spoke on the panel “Good practices in promoting the rights and safety of children and teenagers.” Olimpia Coral Melo The Ombudsman of the City of Buenos Aires, María Rosa Muiños, together with the team of the Personal Data Protection Center (CPDP), received the Mexican activist whose life story inspired the enactment of the Olimpia Law, which punishes digital violence and crimes against sexual privacy committed through telematic means. Dialogue with institutions and companies We maintained permanent dialogue with TIK TOK, X (formerly Twitter) and the UN in order to coordinate joint actions and have direct channels to report situations of digital gender violence on those platforms. Oficial intervention-Cases Through the intervention of the Personal Data Protection Center with the Google company and through legal channels, the misogynistic blog “Cazador Legal” was taken down. This blog was dedicated to taking photos in public spaces of the intimate parts of young women and girls who fit a dominant beauty pattern, without any consent.
Why the initiative deserves to be recognised by an award?
The internet holds immense potential, but for many women and girls, it is marred by a constant threat: gender-based digital violence. Taking action against this abuse is crucial: Shattering Stereotypes: online harassment often reinforces sexist attitudes. By combating it, we challenge these stereotypes and create a more respectful online environment for everyone. Promoting Equality: when women are targeted online, it restricts their participation in public discourse and undermines their right to free expression. Addressing digital violence promotes gender equality in the digital sphere.
Fostering Safety and Inclusion: the fear of online harassment can silence women and girls, limiting their access to information, education, and economic opportunities. Action leads to a safer and more inclusive digital space where everyone can thrive. Breaking the “Cycle of Violence”: digital abuse can escalate into real-world threats and violence. Tackling it helps prevent these situations from developing and protects women both online and offline. Empowering all Voices: a world free from gender-based digital violence opens doors for diverse perspectives and amplifies the voices of women and girls, leading to a richer and more vibrant online experience for all. Fighting gender-based digital violence is not just about protecting women; it is about creating a more just and equitable online world for everyone. It is about ensuring a space where all voices can be heard and respected.
A26- Entry by: Turkish Personal Data Protection Authority (KVKK)
Description of the initiative:
This project is a cartoon magazine consisting of 6 issues to increase the awareness of secondary and high school students, their teachers, and their parents on the topic of protecting personal data. These magazines were distributed to the students within the scope of the KVKK At School project. At the end of every issue, there are games specially designed for children such as crosswords that are about personal data The cartoon’s main character is called “Verican”. “Veri” means data and “Can” is a Turkish name. With the help of Verican Ahmet and Ayşe (other characters that participating) learn the meaning and content of personal data. Also, issues covering topics such as cookies, protecting children’s privacy on social media, safe credit card usage, right to data protection, right to be forgotten, cyberbullying, and awareness about privacy on mobile games.
Why the initiative deserves to be recognised by an award?
Based on the character of Verican, there is a need to increase the awareness level of parents and children on cyberbullying, game addiction, and sensitive personal data. In our age where personal data leaves a digital trace, important developments are taking place and the awareness level of children and adults whose personal data is processed must be high on behalf of data protection.
A27- Entry by: Turkish Personal Data Protection Authority (KVKK)
Description of the initiative:
With this event, the Authority’s specialists and relevant staff aimed to instill privacy awareness among primary school students (5th-8th grades), to inform them about the personal data processing processes they encounter in daily life, and to draw their attention to the privacy risks posed by the digital applications they use. In programs organized in selected provinces, children’s privacy awareness was increased through interactive presentations and educational videos specially prepared for children.
Why the initiative deserves to be recognised by an award?
Ten different schools were visited in ten provinces of Turkiye. Around 2000 students (200 students in each school) were trained in the subjects of personal data protection and data security. Books, leaflets on personal data protection, and also board games designed by KVKK experts were donated to the schools’ libraries. Students’ questions on data protection were answered by KKVK experts. Through these visits, the awareness level of students and teachers has been raised.
A28- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
“The GDPR-buddy” (in Polish: “Roduś”) is a character created by students and teachers of a school in Siedlce to help children understand what personal data are and how to protect them. ”The GDPR-buddy” became the protagonist of the educational initiative. Through play, children learned how they should behave when using the Internet to ensure their own safety and that of others. Participation in the e-lesson was free of charge, and the meeting was available to all teachers of classes 1 to 3 in primary schools and for students of these classes via online broadcast (link was active on the day of the event). The announced event was another initiative of the supervisory authority, in addition to the Personal Data Protection Office’s educational programme for students and schools “Your Data – Your Concern” aimed at building children’s awareness of personal data protection and privacy. This was an example of the practical implementation of the requirement contained in Recital 38 of the preamble to the General Data Protection Regulation (GDPR). It states that “children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data”. In order to consolidate the knowledge, practical exercises were prepared for the participants.
Why the initiative deserves to be recognised by an award?
Educational activities and raising public awareness are a very important part of the activities of the Personal Data Protection Office. The GDPR places particular emphasis on the protection of children’s privacy and personal data in all European Union countries. This task is supported by the successfully implemented Nationwide Educational Programme of the Personal Data Protection Office “Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers”. The Polish supervisory authority believes that education, especially of children and young people, is very important nowadays, when we are exposed to more and more risks related to the use of new technologies. It is worth remembering to take care of privacy and to ensure the protection of personal data at the same time. For these reasons the Polish supervisory authority decided to implement the initiative. Lesson with “The GDPRbuddy” was a very popular initiative.
A29- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
The aim of the competition was to promote knowledge about the protection of personal data. It also allowed students to test their knowledge in formulating practical solutions in the face of real legal problems. This year, students faced issues related to the use of artificial intelligence tools to check students’ predispositions to study in a given field of study. Such tools can be used to analyse information available on the Internet, including the content of entries and posts, and to prepare an assessment of the candidate’s aptitude and actual commitment to a given field of study. The university adds or subtracts points in case of such a person depending on the result of the algorithm’s evaluation. This year, candidates were tasked with assessing whether the university has a legal basis to process personal data used in such an analysis of candidate information. Will it be justified to collect data from various sources to check whether a candidate has chosen the right field of study? The task of the participants was to prepare a solution to the case in the form of an essay. The deadline for submissions was May 24, 2024. A competition committee consisting of experts from the Personal Data Protection Office, specialists from the National Chamber of Legal Advisers and the law firm Kobylańska Lewoszewski Mednis once again selected the winners in an essay competition for students of law and administration. This time, the students delved into the topic of data processing by artificial intelligence, which is extremely important nowadays. The topic of the case study was “Testing the aptitude of students using artificial intelligence”. The basis for the competition participants’ conclusions and assessments on the topics presented in the case study were primarily communications and decisions of the President of the Personal Data Protection Office, quoted literature and international case law, the General Data Protection Regulation (GDPR), and the newly adopted Artificial Intelligence Regulation (AI Act). The diploma and award ceremony for the competition will take place on 27 June at a conference at the University of Warsaw.
Why the initiative deserves to be recognised by an award?
At the Personal Data Protection Office, we know how important educational activities and raising public awareness are. That is why, for years, the Office has been initiating or sponsoring many undertakings that serve to spread knowledge about the protection of personal data. This competition enjoys great interest among students every year. We received many interesting entries and were thus able to select the best ones. We appreciated the positions of the DPA, communications or decisions quoted in the essays and, of course, the General Data Protection Regulation (GDPR), which were the basis for 3 the conclusions presented in the works by the participants of the competition. We are pleased to see that young people are interested in data protection and privacy. 5 students were awarded special prizes in the form of participation in a training programme at the Personal Data Protection Office.
A30- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
The Personal Data Protection Office, together with the Office of Electronic Communications, organised a webinar entitled “Digital l@byrinth – beware of traps on the Internet”, which took place on 16 April between 10:00 and 10:45 a.m. as part of the programme “Your Data – Your Concern”, implemented by the DPA. During the event, students were able to learn about the most common online threats: • how to navigate the digital labyrinth to make online shopping safe and intentionally, • what “deceptive design patterns” are and how they can affect our decisions online, • how to effectively protect your privacy and take care of your data. Participants learnt the answers to these and other questions, which can avoid manipulation and threats in the future. The event was held in an online format. It was free of charge and no registration was required.
Why the initiative deserves to be recognised by an award?
The Personal Data Protection Office is convinced that the education of young people on the dangers of using new technologies in the context of processing their personal data is very important. It is worth taking a bit of care and a moment of your time to take care of your privacy and security online. Greater awareness can help us to better manage data online. The organisers wanted the participants to be more aware Internet users and to could identify better the traps set by the creators of potentially harmful solutions that can be encountered on the Internet.
A31- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
The theme of last year’s Academy was the practical aspects of data protection and privacy. The organisers revealed to the students all the ins and outs of the application of the General Data Protection Regulation (“GDPR”). In the company of experts and under the patronage of recognised institutions, we will not stop at reading the regulations. In particular, together with the experts invited to the project, they discussed together: • how to take care of personal data in times of major cyber security challenges and galloping technological progress; • how to lodge a complaint to the President of DPA; • how to notify a personal data breach; • how to prepare for an inspection by the DPA; • how to fulfil the responsibilities of a data protection officer. They unveiled the behind-the-scenes workings of the supervisory authority and explained: • why and how the President of the Polish supervisory authority imposes administrative fines; • why the President of the Polish supervisory authority cooperates with the European Data Protection Board; • for what reason the President of the Polish supervisory authority conducts educational activities. During the closing ceremony, the graduates listened with interest to the lectures crowning the first edition of the Academy. They were conducted in turn by Tomasz Majer, PhD, a member of the Scientific Council of the Personal Data Protection Law Institute, and Michał Bałdyga, a legal adviser at the Polish supervisory authority. The first speaker spoke about the limits of recognition and adjudication of an administrative court in cases involving a complaint against an administrative decision, while the second spoke about the legal support for the performance of the tasks of the President of the Personal Data Protection Office. In total, from July to September, participants of this educational initiative attended eight meetings, which consisted of thematic sessions devoted to many aspects of the application of data protection law and the functioning of the supervisory authority. At the end of our summer meetings, in late September, participants will receive diplomas of completion of the “GDPR Summer Leadership Academy”.
Why the initiative deserves to be recognised by an award?
The theme of last year’s Academy was the practical aspects of data protection and privacy. Participants of the Academy learned the secrets of the application of the General 3 Data Protection Regulation (GDPR) under the guidance of experts and under the auspices of recognised institutions. They gained unique knowledge and sought-after professional skills on the labour market, drawing on the knowledge and experience of DPA experts and current leaders in personal data protection. Graduates of the Summer Leadership Academy could become future representatives of the state elite, practising and promoting the unique knowledge gained during their own career path – in the public service or in the private sector. This is knowledge that is particularly sought after in today’s labour market. The most outstanding students were given the opportunity to do an internship or gain employment with the Personal Data Protection Office.
A32- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
The Conference “Challenges for the protection of children’s personal data” The challenges and good practices in the field of privacy protection of children and teenagers took place on 26 April 2024 between 10 a.m. and 1 p.m. Invited experts spoke about key issues and good practices in the field of privacy and data protection of children and teenagers. The event addressed issues concerning the subjectivity of children and the need to respect their views and standards for the protection of their rights in an era of dynamic technological development and challenges to the protection of personal data due to the widespread use of artificial intelligence. The EU Member States’ approach to the effective protection of the personal data of the youngest was also presented. Invited speakers include Minister of Digital Affairs Krzysztof Gawkowski, Ombudsman for Children Monika Horna-Cieślak, Undersecretary of State in the Ministry of Justice Zuzanna Rudzińska-Bluszcz and Magdalena Wilczyńska, Director of the Information Cyber Protection Division at NASK (National Research Institute). During the conference, a cooperation agreement was also signed between the President of the Personal Data Protection Office and the Ombudsman for Children on educational and research initiatives concerning the personal data of children and teenagers. The agreement covers areas for the implementation of joint projects, initiatives, research, campaigns, publications and other educational and social activities. Under the signed agreement, the two institutions are also expected to exchange expertise. On 15 May 2024, from 10.00 to 11.00 a.m., a webinar “The GDPR in the school bench. Use of a child’s image – law and practice” was organised. The meeting was held as part of the DPA’s educational programme “Your Data – Your Concern”. The meeting was primarily aimed at teachers and school principals. Discussions focused not only on the principles of processing personal data in the form of a child’s image, but also on good practices in the protection of children’s rights and the privacy risks and challenges that this entails. Participation in the live broadcast was free of charge online. The webinar was interpreted into sign-language.
Why the initiative deserves to be recognised by an award?
There is an increasing activity of young people in the digital world, in which there are many threats for them. Meanwhile, the actions taken on behalf of such people by public institutions and various organisations are not always coordinated with each other or known to other entities. Data protection concerns children and it is a very important issue. Personal Data Protection Office and Ombudsman for Children have a lot of work to 3 do in terms of raising awareness that personal data concern not just adults, they concern minors. A lot of educational activities, joint projects, conferences and events will be carried out together with the Polish supervisory authority.
A33- Entry by: Personal Data Protection Office of Poland
Description of the initiative:
The event became a forum for the exchange of views on new regulations and legislative changes in the field of digital services or cyber security. During the thematic sessions and debate, participants addressed issues such as: • personal data protection in the era of new technologies, • artificial intelligence and personal data protection – legal and ethical challenges, • security of information in the digital age, • the challenge for data protection authorities in the age of innovation, • key legislative developments in the area of new technologies 2023/2024. The two-day expert meeting concluded with a debate entitled. “Key trends of new technologies in the context of personal data protection”. The agenda in English is available as a part of the report on the website.
Why the initiative deserves to be recognised by an award?
Issues concerning the relationship between data protection and new technologies, including artificial intelligence, have long been of interest to the Personal Data Protection Office. For a better understanding of the technology, the potential for its use, the benefits and risks, the Office is undertaking a number of educational and scientific initiatives. The latest initiative is a two-day conference in which experts representing both the private and public sectors have been invited to participate. The conference, given the broad spectrum of topics covered, was certainly a compass for all those interested in personal data protection and new technologies. The conference had an international character. In this age of a rapidly changing world, such initiatives are needed. The Personal Data Protection Office received excellent feedback after the event. The organisation of this conference provided the impetus for further intensive discussions on the topics raised during the event.
A34- Entry by: Privacy Commissioner for Personal Data of Hong Kong
Description of the initiative:
The Short Video Competition for Primary School Students on “Respecting Privacy Begins with Me” was launched in September 2022 to raise the awareness of local students in gaining a better understanding on how they could protect their personal data privacy online. As promoting and safeguarding children’s privacy is not a goal that can be achieved shortly, the PCPD has encouraged participating teams to unleash their creativity in producing a short video clip that lasts for less than two minutes under one of the three designated themes: “Respect Others’ Personal Data Privacy”, “Say ‘No’ to Cyberbullying” or “Stay Vigilant Online: Be Careful while Disclosing Personal Data”. Attracting a total of 74 entries from 41 schools with over 320 participants, the judging panel adopted the criteria of expression of theme, filming techniques, creative content and acting performance in selecting 23 outstanding primary school teams for a total of seven categories of awards, including the Best Privacy Protection – Champion, the First Runnerup, the Second Runner-up, the Outstanding Privacy Captain (Merit Award), the Best Acting Performance Privacy Captain (Performance Award), the Most Creative Privacy Captain (Creative Award) and the Most Active Participating School Award. The awards ceremony was held on 12 May 2023 and we were delighted to have received an overwhelming response from the participants. Some participants have shared that not only have they gained a more comprehensive understanding on the meaning of personal data privacy and how it can be related to their daily lives, especially when the online world is involved, they have also seized the chance in exploring different filming and storytelling techniques while boosting their self-esteem and creativity. Teachers from participating schools have similarly expressed their gratitude in the competition for helping to bring children together in promoting team bonding and better communication while reinforcing fundamental personal data privacy protection concepts among primary school students. Most importantly, participants have expressed their interest in joining future personal data privacy-related campaigns and events of the PCPD and are committed into becoming young personal data privacy guardians of Hong Kong going forward.
Why the initiative deserves to be recognised by an award?
Having attracted the participation of over 320 children from 41 schools, the competition has not only successfully raised the awareness among children about their personal data privacy rights while being exposed to the Internet at the digital age, but also assisted them in avoiding to become victims of digital crimes or cyber frauds in the future, further encouraging them to become respectful and honest citizens who are dedicated in personal data privacy protection as they grow up. In fact, the positive feedback from the participants and their teachers also demonstrated the impact of this campaign in nurturing and cultivating a responsible digital citizenship culture starting from a young age. We believe the competition has been a rewarding learning experience for all participants, their teachers as well as their parents.
View more information
A35- Entry by: New Zealand Office of the Privacy Commissioner
Description of the initiative:
Generative AI tools present unique challenges for upholding privacy and other rights. In 2023, the use of these tools began to rise rapidly. However, no local guidance was available that highlighted how businesses and individuals should use these tools in a New Zealand context. Many people did not know that privacy law applied to these tools and were unsure (or had never thought about) about how personal information might be collected, processed, or shared through the training and use of AI tools. Our goal was to provide leadership by offering clear, practical guidance that helped people make better use of generative AI tools by thinking about privacy. Our initial priority was to give clear guidance quickly. We began with a public statement of expectations from the Privacy Commissioner in May 2023, reminding people that privacy law does apply to AI tools, highlighting potential risks, and suggesting that users take privacy thinking as a starting point for responsible use. Our statement set out seven points for agencies to consider, including establishing good governance and clear direction from leadership, upholding privacy and security practices, and thinking about people’s right to access information. If in doubt, we recommended avoiding use of with personal information with AI tools. It had wide media pick up with even mainstream media running our short seven points verbatim. We updated our initial guidance within a month. In September 2023, we followed up with more detailed guidance on how the Privacy Act applies to AI tools, setting out specific questions individuals and businesses should consider before using them in ways that collect, use, or share personal information. We launched this guidance at the AI Summit, an event led by the local AI industry. Our key message was that thinking about privacy leads to better use of AI tools. We took a layered approach to make it as easy as possible for people to get what they needed.
Why the initiative deserves to be recognised by an award?
Our work met a critical need in a timely way and was built to enable access and understanding by as many people as possible. We were aware that individuals and businesses had questions and concerns around the use of AI tools in New Zealand. And we knew anecdotally that a lot of people were 3 already using AI tools at work. At the time we started work, no other government agency had offered any guidance or started any work programme on AI in New Zealand. Our guidance on AI was developed quickly and pioneered a new approach for how we issue guidance on new technology. It forced us to get comfortable with not having all the answers and being transparent about this, in order to move quickly. It allowed the public to feel more confident in their choices to use the technology, highlighted key privacy risks to consider, but most of all framed privacy as a framework that helps with better use of the technology. This rapid guidance and process innovation is a huge achievement given the size and resourcing of OPC compared to other international privacy regulators. OPC is an organisation of approximately 45 people, with no dedicated team focusing on AI issues.
View more information
A36- Entry by: Spanish Data Protection Authority (AEPD)
Description of the initiative:
The campaign “Cambia el Plan,” presented by the Spanish Authority on 23 October 2023, is an initiative to promote the digital health of minors by raising awareness among their parents and reducing the physical, mental, sexual, and social risks resulting from the intensive and uncontrolled use of screens. This campaign also encourages the use of the Digital Family Plan, a platform created by the Spanish Association of Paediatrics, which provides useful information on the appropriate use of digital media for children, families, and paediatricians. The Digital Family Plan offers a range of scientifically-backed proposals from which families can choose according to their unique circumstances, resulting in a tailored document suited to each specific situation. The campaign aims to raise awareness among families and paediatricians about the importance of establishing family routines related to the use of technologies. It includes recommendations based on medical and scientific evidence, such as turning off electronic devices that no one is using, avoiding the use of two or more devices at the same time, and establishing daily time limits (children aged 0 to 2 should not use any devices; children aged 3 to 5 should use devices for less than one hour a day; and children aged 5 and older should use them for less than two hours a day for digital leisure). The campaign also encourages physical exercise as a family and advises against using screen holders for prams or cars. This campaign has been broadcast on major national TV channels in Spain, such as Atresmedia Foundation, Mediaset España, and RTVE, achieving significant diffusion and impact among families.
Why the initiative deserves to be recognised by an award?
The misuse and excessive use of digital devices by children and young people can have harmful consequences, affecting their best interests and rights, including health, education, and privacy, sometimes causing irreparable harm, such as suicides. Numerous reports and studies highlight this as a public health problem caused by the abusive or problematic use of ICTs by children, impacting their physical, mental, and sexual health, education, privacy, and social relationships, ultimately affecting their development as individuals. Families play a crucial role in preventing, detecting, and addressing these issues, as do the paediatricians who treat the children, helping both them and their families. The campaign, available for free on the Agency’s website, highlights the negative consequences for children’s health and contributes to digital education for the comprehensive protection of children in the digital environment, serving as a useful reference for other GPA authorities.
View more information.
A37- Entry by: State of Mexico Transparency, Public Information Access and Personal Data Protection Institute of Estado de México and municipalities (INFOEM)
Description of the initiative:
Digital Violence Microsite A section was created in the institutional page with information of interest to prevent the misuse of personal data, digital violence, its manifestations, how to prevent it and which authorities to turn to in case of being a victim. The need was identified to create awareness by educating the young population on the protection of their personal data and the right to privacy to prevent Digital Violence (cyberbullying, non-consensual dissemination of intimate images, emotional manipulation, among others). Content: Useful resources and testimonials for victims. Educational sections. Prevention tips. Contact information to file complaints. Official statistics. Comments from experts who share tips to eradicate this evil. Downloadable material in graphic and audiovisual open data formats. Dissemination section detailing the places where the Microsite has been publicized through the Cinemas talking.
- Cinemas Talking. It is carried out in middle to high schools, information is disseminated to young people through the screening of the film Cyberbully 2015, followed by discussion and dialogue sessions, guided by experts from various institutions (Prosecutor’s Office, Cyber Police, Women’s Secretariat), encouraging reflection, dialogue and awareness around the protection of personal data with the support of the character “El Villano Robadatos”; and triptychs of Digital Violence, providing a safe space to share experiences, ask questions and learn prevention and action strategies. It was designed as a practice of Proactive Transparency, and has the elements of quality information, was built with citizen participation and specific means of dissemination, in clear language and easy to understand for all audiences. The places where the Microsite has been made known through the Cinemas Talking.
- QUÍO Virtual assistant hosted in the institutional page that facilitates the search for information through a friendly interface that breaks down information of interest by type of user: citizens in general, regulated entities, vulnerable groups. It contains a satisfaction survey on the content presented; it was built based on the information demands of the citizens and the regulated entities. It has Artificial Intelligence and uses citizen language on Digital Violence.
Why the initiative deserves to be recognised by an award?
By collaborating with experts, educators, professionals and other relevant actors, valuable lessons have been learned about the importance of Digital Violence through an interdisciplinary approach, including from an ethical perspective of the use of information technologies. This practice has shown that by educating young people about informational selfdetermination, the risks and effects of digital violence can be reduced, fostering a culture of respect online and prevention, impacting educational communities, including parents, teachers and students. With the joint collaboration of authorities of the State of Mexico, such as the Attorney General’s Office, the Cybernetic Police and the Women’s Secretariat, this topic is approached from different perspectives, resulting enriching for young people and teachers, offering tools for immediate attention to possible victims from a preventive and reactive perspective.