Entries submitted

A1: Andorran Data Protection Agency – APDA
A2: Hellenic Data Protection Authority- Hellenic DPA
A3: Transparency, Access to Public Information and Protection of Personal Data of the State of Mexico and Municipalities Institute (Infoem)
A4: National Commission for Informatics and Liberties -CNIL
A5: National Commission for Informatics and Liberties -CNIL
A6: Spanish Data Protection Authority – AEPD
A7: Office of the Australian Information Commissioner -OAIC
A8: Office of the Privacy Commissioner for Bermuda (PrivCom)
A9: Turkish Personal Data Protection Authority – KVKK
A10: European Data Protection Board -EDPB
A11: Jersey Office of the Information Commissioner – JOIC
A12: Dubai International Financial Centre
A13: Turkish Personal Data Protection Authority – KVKK
A14: Personal Data Protection Office – UODO
A15: Personal Data Protection Office – UODO
A16: Personal Data Protection Office – UODO
A17: National Privacy Commission Philippines – NPC
A18: The Federal Commissioner for Data Protection and Freedom of Information – BfDI
A19: National Institute for Transparency, Access to Information and Personal Data Protection -INAI
A20: Ombudsman’s office of the City of Buenos Aires
A21: Office of the Privacy Commissioner of Canada – OPC
A22: Office of the Privacy Commissioner of Canada – OPC
A23: The Israeli Privacy Protection Authority
A24: Insertar vínculo a la parte de la página que tiene el título A24- Entry by- Personal
A25: Personal Data Protection Service of Georgia – PDPS
A26: Personal Data Protection Service of Georgia – PDPS
A27: National Institute for Transparency, Access to Information and Protection of Personal Data -INAI and Institute for Transparency, Access to Public Information, Protection of Personal Data and Accountability of Mexico City (INFOCDMX)
A28: Commission Nationale de contrôle de la protection des Données à caractère Personne- CNDP
A29: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC
A30: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC
A31: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC
A32: Information Commissioners Office – ICO

A1- Entry by: Andorran Data Protection Agency – APDA

Description of the initiative:

The Qualified Law on the Protection of Personal Data (LQPD) was implemented in May 2022 in order to replace the 2003 law and bring Andorran legislation into line with the GDPR. This new law marks a significant shift in how personal data is protected, particularly regarding the responsibility of data management. To ensure people are aware of their new rights and responsibilities, the Andorran Data Protection Agency has launched an awareness campaign

Why the initiative deserves to be recognised by an award?

The initiative deserves to be awarded due to its effectiveness and impact.
It coincided with the introduction of a new law involving significant changes in terms of regulatory compliance and from a more social and cultural perspective, which needed to be made known to the public.
The campaign was executed in an approachable way to ensure that the law’s contents were understood by all, as inquiries to the agency tripled afterwards.
The team was able to develop this campaign in a short period of time such that resources and staff had to be fully utilized.
The produced infographics are still used today, and the award would give more traction to the agency’s communication strategy.
The inspection system being limited, communication efforts are imperative to ensure proper compliance with the law.

View more information.

 

A2 – Entry by: Hellenic Data Protection Authority – Hellenic DPA

Description of the initiative:

Aiming to promote the development of data protection by design compliant products and services by raising the awareness of the producers of the respective solutions (developers and other stakeholders of ICT products and services creation chain), the Hellenic DPA implemented in 2022 a comprehensive training programme and guidance documentation on Data Protection by Design. 

The training programme and the Guidance Documentation were implemented in the context of the project “byDesign”, which received funding from the European Union’s Rights, Equality and Citizenship Programme (REC).

Why the initiative deserves to be recognised by an award?

• The training programme provided specialised knowledge and practical guidance to professionals active in ICT and new technologies in order to integrate into their products and services methodologies and modern techniques for data protection by design. It is unique in Greece and its value lies also in the fact that it is adaptable to different training methodologies. 

• The documentation provides essential guidance and explanation on key issues in data protection. It also focuses on the most crucial requirements deriving from the GDPR regarding data processing and provide practical guidance on how lawful processing may be accomplished. 

• It is a valuable tool for those involved in the development of data-friendly products and services by design that helps them: a) to become familiar with the key data protection terms; b) to learn the obligations deriving from the GDPR regarding data processing and, in particular, the required principles for a lawful processing; c) to understand the specific grounds that a processing should be based on in order to be lawful; d) and of the obligations, preconditions and time limitations when handling a data subject request. Furthermore, the Guidance Documentation provides knowledge on technological and organizational mechanisms to protect personal data from privacy incidents and to handle those incidents. 

• Overall, a crucial gap is filled in this important aspect of data protection. 

• The Guidance Documentation on data protection by design will be updated, whenever it is necessary, in order to incorporate changes regarding privacy-by-design methodologies, or to present new methodologies and/or tools, or even to incorporate new legal or regulatory rules.

View more information.

 

A3- Entry by: Transparency, Access to Public Information and Protection of Personal Data of the State of Mexico and Municipalities Institute – Infoem

Description of the initiative:

The “Stealing Data Villain” is part of the Monitor Program for Transparency and Protector of my Personal Data. Is aimed at children and adolescents and seeks to contribute to the formation of more transparent and honest citizens, who recognize their fundamental rights and are nourished by information that allows them to enhance access to information and protection of personal data, as well as to raise awareness about the risks to which they are exposed when browsing the Internet.

Why the initiative deserves to be recognised by an award?

With the “Stealing Data Villain”, Infoem, as the guarantor body, renews its commitment to the dissemination and promotion of fundamental rights to the rights of access to information and the protection of personal data, among the population, since it makes talks, recreational activities and educational material available to society, with the aim of raising awareness among children and young people about what information they can request and also about mechanisms to avoid being victims of digital crimes; since according to figures from the National Survey on Availability and Use of Information Technologies in Homes (ENDUTIH) 2021, more than 12 million Mexicans use the internet; of this figure, 3 almost 25 percent are between 6 and 17 years of age, which makes it essential to implement mechanisms so that this sector of the population knows the value of their personal data and knows how to protect them in the digital environment through a funny way. The “Stealing Data Villain” booty is a character created by Infoem and there is nothing like it anywhere else.

View more information.

 

A4- Entry by: National Commission for Informatics and Liberties -CNIL

Description of the initiative:

The Privacy Research Day is a multidisciplinary research event organized by the CNIL during which international researchers presented their work on different topics: smartphones and applications, Ai and expendability, economy of Privacy, tools for DPA, organisational challenges and user perspective.

Why the initiative deserves to be recognised by an award?

This conference offered the opportunity to create bridges between researchers and regulators. During the day, experts in different fields presented their works and discuss their impact on regulation and vice-versa.

The presentations were aimed for a large audience and, due to the involvement of the presenters, it was very accessible and understandable. The format of the conference included short presentations to present a topic followed by panels and Q&A session.

Because we aimed at an international audience, the event was in English and broadcasted online. More than 3,000 visitors followed the first Privacy Research Day online.

This conference highlighted the importance of cross-disciplinary research, it is, to the best of our knowledge, the first of its kind.

View more information.

 

A5- Entry by: National Commission for Informatics and Liberties -CNIL

Description of the initiative:

At the end of 2022, the CNIL launched a campaign entitled “All together, be careful on the Internet!”. It encompasses cartoons, videos, practical information sheets for parents and teachers, a card game, a quiz and a poster. This kit of new, free and ready-to-use resources is available for children aged 8 to 10 and adults looking after them, to help children make better use of the internet.

Why the initiative deserves to be recognised by an award?

This initiative is particularly noteworthy because the CNIL is offering with this campaign free, turnkey resources for adults who supervise and interact with children, whether in the classroom, in the extracurricular sector or in the family.

Moreover, this campaign adopts a playful, light-hearted tone, combining humour and real-life scenarios; the approach is positive: “the Internet is fun, but you have to learn how to use it”. The content is age-appropriate, having been developed with the target audiences (children, parents and teachers) and tested before broadcast.

To develop these resources, the CNIL collaborated with an educational publications’ agency for young people, which conducted on-site interviews with young people, teachers and parents. The resources are based on children’s current digital practices, and both the characters and texts illustrating the resources are in line with the target audience.

Last, the campaign has been officially supported by the French Ministry of Education and Youth, and also widely supported by a number of organisations, including child protection associations, education actors, public institutions, regulatory authorities, and the Educnum collective of actors (including 60 non-profit organisations) with the aim of spreading a digital citizenship culture to all audiences, especially the youngest, across the country.

View more information.

 

A6- Entry by: Spanish Data Protection Authority – AEPD

Description of the initiative:

Spanish Data Protection Authority and UNICEF Spain launched ‘More than a mobile’ campaign in November 2022, aimed at offering families the keys to privacy, security, and data protection, to consider before giving away to their sons and daughters their first mobile phone. This campaign has obtained the support of the main Spanish media and has been disseminated so that all families have access to the decalogue of advice offered by the campaign.

Why the initiative deserves to be recognised by an award?

“More than a Mobile” campaign that we present to these awards is a transversal campaign, with guidelines that can be extrapolated to any country in the world, hence its usefulness, its marked global spirit as a tool that helps us as a society to face the challenges that They expose us to the technological advances of the 21st century.

The problematic access and use of information and communication technologies by children at very early ages is a reality that has serious consequences for their integral development as individuals, as well as for their family and social environment.

Educating and creating the conditions for children to make reasonable and sustainable use of digital technology is the responsibility of society as a whole and especially families.

The AEPD has worked in collaboration with UNICEF, as the UN agency that watches over the rights of children, in the preparation of a guide with keys that families should know before giving their children their first device. The campaign has been disseminated by television channels, telephone operators and the educational community.

The most important thing is that the campaign is freely available to all of society, including families, educational centers, companies, and public administrations.

View more information.

 

A7- Entry by: Office of the Australian Information Commissioner -OAIC

Description of the initiative:

The Office of the Australian Information Commissioner (OAIC) led the Australia-wide campaign for Privacy Awareness Week (PAW) 2023. Our campaign went ‘back to basics’ emphasising the fundamental importance of privacy in our daily lives, and attracted over 840 private sector organisations and government agencies as supporters.

We developed a dynamic, interactive campaign website, themed with retro computer graphics, with tips for individuals, businesses and government on protecting personal information, and a comprehensive supporter toolkit.

 Why the initiative deserves to be recognised by an award?

The OAIC executed a successful campaign that achieved our objectives. Among the measures of success, we:

  • achieved the highest number of supporters to date – over 840 private sector organisations and government agencies and signed up, compared to 653 in 2022.
  • spoke at 7 events with a combined live audience of around 1,800 people – plus a broader audience for two events that were recorded and published online.
  • achieved 105,715 combined impressions2 through OAIC-owned social media channels. Posts by PAW supporters further extended the campaign’s social media reach by hundreds of thousands.
  • Achieved significant engagement through the PAW website (over 57,000 home page views from launch to 18 May and views of over 30,000; over 17,000; and over 10,000 for the landing pages for individuals, businesses and government agencies).
  • Had extremely strong supporter engagement, with supporters creating their own supporting videos/animations, webinars, quizzes, competitions, workshops, and other material and activities.

The OAIC also conducted a supporter survey post-campaign which provided strongly positive feedback.

View more information.

 

 A8- Entry by: Office of the Privacy Commissioner for Bermuda (PrivCom)

Description of the initiative:

As part of Data Privacy Week in January 2023, PrivCom Bermuda hosted a series of interactive events and workshops – such as a tea party for seniors or a webinar on AI – that touched different facets of the island of Bermuda’s community. As part of this week, our initiative “Privacy Hour for Children & Teens” created a customized curriculum for schoolteachers to use to talk about privacy issues with their students.

Why the initiative deserves to be recognised by an award?

PrivCom’s Data Privacy Week 2023 was designed to be a collaborative approach to raising awareness throughout the community, from turtle-colouring nursery students at the age of 3 years to senior members of the community celebrating over eighty years of age.

In reaching out to these groups, we also engaged their immediate family. By raising awareness of privacy issues these different groups face, we build in the community a culture where privacy is valued – since there is not a long precedent for our new law.

We engaged with school officials, teachers, and a range of individuals and businesses across Bermuda’s community. Videos and speeches by government ministers not normally associated with privacy or technology helped spread the message that these issues are universal and important.

The week gave our office a forum to improve the community’s understanding of these issues – and also gave us valuable perspective on what is important to the community. These useful insights on questions and priorities were then used to inform our planning for awareness initiatives throughout the year.

As a small office, this was a full-team effort, with PrivCom’s entire staff working together supporting the schools and entire community with queries, details, and privacy questions.

View more information 

A9- Entry by: A9 -Turkish Personal Data Protection Authority – KVKK

Description of the initiative:

PROJECT ON RAISING PERSONAL DATA PROTECTION VOLUNTEERS AMONG UNIVERSITY STUDENTS

This project aims to raise awareness of personal data and personal data protection culture among university students.

Why the initiative deserves to be recognised by an award?

This Project is important to raise awareness of personal data and data protection among university students, and to disseminate data protection culture among these students.

View more information

 

A10- Entry by: European Data Protection Board – EDPB

Description of the initiative:

The Data Protection Guide for small business is a key initiative of the EDPB’s 2021-2023 Strategy. It aims to provide information to SMEs about GDPR compliance in an accessible and easily understandable language. Its main goal is to raise awareness of the GDPR among SMEs and to facilitate compliance. The development of tools providing practical, easily understandable and accessible data protection guidance is key to reaching a non-expert audience and promoting data protection in practice.

Why the initiative deserves to be recognised by an award?

The Guide is the result of a very close cooperation with a small group of DPAs. The EDPB Secretariat worked together with press and communication officers from the BE, BG, CY, FR, and HR DPAs, as well as the EDPS, to develop the Guide. The drafting team worked in close cooperation with legal advisors to ensure that the Guide was accurate, while at the same time adapted to the needs of its target audience. The result is a compliance and awareness raising tool that answers the needs of a broad section of society, across borders.

For the launch of the Guide a digital communications campaign was set up together with EISMEA – the EU SME Agency – to ensure that the Guide reaches SMEs directly.

View more information.

 

A11- Entry by: Jersey Office of the Information Commissioner – JOIC

Description of the initiative:

BOOM! JOIC’s Privacy Superheroes made a big impact arriving during Data Protection Week, 2023! We have created and unleashed real life Privacy Superheroes! They’re driving a cultural shift: creating a community that encourages islanders to share responsibility for protecting their personal information. With powers to help change behaviour and understanding of privacy instinctively, our Heroes have been embraced, by islanders, young and old, and have more to offer! Read on to find out more!

Why the initiative deserves to be recognised by an award?

Our Privacy Superheroes do not need to receive awards as they offer rewards (almost daily!) to our young islanders: in the form of a sticker that says “Be a Privacy Hero” when they complete a session, which reminds the children about their individual responsibility. However, JOIC staff feel the Heroes should be recognised! As a result, the Heroes have stated that on this occasion they would be honoured to be recognised, but only in order that their good work in Jersey continues! The award would ensure their hard work has not been unnoticed and they can continue with the monumental momentum they have embarked on. As you will see from the plethora of news articles and responses to posts on social media, from this small island in Jersey, their impact has clearly been felt. The JOIC office and team have been put in the spotlight for the support they can offer, thanks to the Heroes. JOIC are approachable, kind, respectful and energetic – which funnily enough follows the heroes’ core values! From the heart, JOIC’s Privacy Superheroes continue to spread a valuable message to young and old.

View more information.

A12- Entry by: A12 – Dubai International Financial Centre

Description of the initiative:

DIFC website guidance, tools and breach notification forms, including slides from monthly Data Protection Talks (Tuesdays with Lori), contain substantial amounts of information to enable building a culture of compliance in DIFC licensed entities.  As a small, relatively young jurisdiction where data protection awareness is developing at great rates, the DIFC data protection website has become an essential component in the local compliance arsenal.

Why the initiative deserves to be recognised by an award?

The initiative is worthy of an award because it is yet another part of a holistic, multi-faceted supervisory function undertaken by the DIFC DP Commissioner’s Office.  Outreach is essential to supervision. The Commissioner’s Office engages in supportive, engaging supervision to help entities here in DIFC learn about why DP Law and compliance is important.  It does so in a collegial, hands on way.

Having the advantage of being a smaller, finite jurisdiction, the Commissioner’s Office takes its role in awareness and education very seriously, not only through Tuesdays with Lori but in direct consultation with companies that ask for support by presenting to their teams, discussion issues they need help understanding, and conducting ongoing webinars and consultations.

View more information.

 A13- Entry by: Turkish Personal Data Protection Authority – KVKK

Description of the initiative:

“KVKK Academy Truck Project” aiming to alleviate the negative effects of the earthquake on children after the earthquake took place on February 6, 2023. Making children learn the concept of personal data by having fun, and raising awareness of children and their families by carrying out awareness and information activities, Project was launched in 5 provinces. Activities for children and young people between the ages of 5-18 who settled in tent cities had been held.

Why the initiative deserves to be recognised by an award?

This activity aimed to alleviate the negative effects of the earthquake on children and to create smiles on their faces and awareness of personal data also to introduce them to the concept of personal data. Through video screenings and various play activities, some information and awareness about the negative effects of using the internet and social media were provided. Strong password creation techniques were introduced to the children. As an authority, we tried to teach children the importance of personal data awareness by entertaining them.

View more information.

 A14- Entry by: Personal Data Protection Office – UODO

Description of the initiative:

#DataProtectionLessons (PL: #ODOlekcje) is a new initiative in the Nationwide Educational Programme of the Personal Data Protection Office “Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers”. The classes are organised to provide pupils with knowledge on how to function safely in the world of new technologies. The initiative also serves to emphasise the value of data protection and privacy in everyone’s life, especially young people.

Why the initiative deserves to be recognised by an award?

Educational activities and raising public awareness are a very important part of the activities of the Personal Data Protection Office. The GDPR places particular emphasis on the protection of children’s privacy and personal data in all European Union countries. This task is supported by the successfully implemented Nationwide Educational Programme of the Personal Data Protection Office “Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers”.

The Polish supervisory authority believes that education, especially of children and young people, is very important nowadays, when we are exposed to more and more risks related to the use of new technologies. It is worth remembering to take care of privacy and to ensure the protection of personal data at the same time.

For these reasons the Polish supervisory authority decided to implement the initiative. #DataProtectionLessons was a very popular initiative. In average, 100 schools took part in each of the webinars, with an average of 30 students from each class. 7 webinars were organised, which means that approximately 21 000 participants took part in the #DataProtectionLessons.

View more information.

A15- Entry by: Personal Data Protection Office – UODO

Description of the initiative:

Summer Academy for Personal Data Protection was a new initiative in the Nationwide Educational Programme of the Personal Data Protection Office “Your data – Your concern” in 2022. The Polish supervisory authority was organising a series of online meetings with the representatives of the Office as well as the leaders of the “Your data – Your concern” programme. The initiative is directed to students of classes VII and VIII of primary schools and students of secondary schools.

Why the initiative deserves to be recognised by an award?

Educational activities and raising public awareness are a very important part of the activities of the Personal Data Protection Office. This task is supported by the successfully implemented Nationwide Educational Programme of the Personal Data Protection Office “Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers”.

The Polish supervisory authority believes that education, especially of children and young people, is very important nowadays, when we are exposed to more and more risks related to the use of new technologies. It is worth remembering to take care of privacy and to ensure the protection of personal data at the same time. Importantly, this is worth being remembered not only during the school year, but also during the holidays.

For these reasons that the Polish supervisory authority decided to implement the initiative.

What is more, the webinars provide an opportunity to familiarise young people with the aims of the nationwide educational programme “Your data – Your concern” and encourage them to participate in it in the new school year, in the upcoming 13th edition.

Summer Academy for Personal Data Protection was very popular. In average, 100 schools took part in the webinars, with an average of 30 students from each school, which means that approximately 15 000 participants took part in the Summer Academy for Personal Data Protection in 2022.

View more information.

A16- Entry by: Personal Data Protection Office – UODO

Description of the initiative:

‘Michał Serzycki’ Data Protection Award was established in 2018 by Ph.D. Edyta Bielak-Jomaa, the previous President of the Personal Data Protection Office.

It is awarded to individuals and organisations recognised for promoting, both in Poland and abroad, the value of personal data protection and the right to privacy. It is also an award for those who, with their achievements, emphasize the extremely important role of social education.

 

Why the initiative deserves to be recognised by an award?

The initiative deserves to be recognised because the Office undoubtedly contributes to promoting the excellent attitudes of the laureates who, through their daily work, promote the values of personal data protection and the right to privacy. ‘Michal Serzycki’ Data Protection Award is itself an award in the field of education and public awareness. The winners were distinguished for their activities in the field of education about personal data protection. They range from lawyers, scientists, representatives of NGOs, above all, teachers, coordinators of the “Your Data – Your Concern” Programme. It is through their engagement that our society has more and more knowledge in the field of personal data protection, more and more willingness to fulfil its obligations and more and more awareness to exercise one’s rights.

View more information.

 

A17- Entry by: National Privacy Commission Philippines – NPC

Description of the initiative:

The Kabataang Digital (Digital Youth) Campaign is the advocacy campaign of NPC dedicated to fostering a safe online environment for young individuals. Guided by its core principle: “Matalino, Mapagmatyag, at Mapanuri” (Smart, Vigilant, and Discerning), it aims to promote data protection for the youth. Its primary goal is to equip young individuals with the necessary knowledge and skills to navigate the online world effectively by introducing age-appropriate content and resources on privacy, security, and responsible online behavior

Why the initiative deserves to be recognised by an award?

The Kabataang Digital Campaign stands out for its remarkable efforts in addressing the critical issue of youth data privacy in the Philippines. Since its launch in 2019, the campaign has reached 17,937 young individuals and demonstrated unwavering commitment and resilience in promoting digital safety and privacy despite the geographical challenges present in the country’s diverse archipelago.

In addition to reaching youth directly, the campaign has also prioritized engaging parents, guardians, and school officials. Recognizing their crucial role in guiding and supporting young individuals, the campaign has conducted awareness sessions and provided resources specifically tailored for these important stakeholders.

Working together with other government agencies and private sectors, the KD campaign has been able to develop comprehensive educational materials, including informative guides, interactive tools, and engaging multimedia content. These resources have successfully reached and impacted a wide audience, including thousands of youths across the country.

By leveraging the expertise, resources, and networks of various government agencies and private sectors, the KD campaign has achieved significant reach and positively influenced a large audience. The collaborative approach has been instrumental in raising awareness and empowering individuals to prioritize their data privacy in the digital age.

View more information. 

A18- Entry by: A18 – The Federal Commissioner for Data Protection and Freedom of Information – BfDI

Description of the initiative:

The BfDI developed the children’s information series “Die Daten-Füchse” (“The Data Foxes”) in order to raise awareness of the topic of data protection, especially among younger children aged 4 to 11, in a way that is appropriate for the target group. The initiative presented here implements this information series, which was initially published in the form of Pixi books known and loved by children, as short narrative and explanatory videos. The concepts of privacy and data protection as well as transparency and freedom of information are vividly explained with examples of situations familiar to children and at the same time supplemented with practical advice and behavioural tips.

Why the initiative deserves to be recognised by an award?

As a result of a focus group test we conducted on the “Attitudes of children and young people to the topic of data protection” with children aged 9 to 16, it turned out that children of primary school age in particular are most likely to deal with the topic of data protection in an unprejudiced manner and are receptive to corresponding sensitisation. A timely, playful familiarisation with the subject matter at this age gives hope for a more natural and conscious handling of personal data in the digital world later on, e.g. in social networks or the like.

Since most information and awareness campaigns for children address the target group of 10 years+, we decided to consciously develop an offer for a younger target group.

The information series “Die Daten-Füchse” (“The Data Foxes”) picks up children with stories from their everyday lives and explains in an easily understandable way why topics such as privacy or transparency are important for everyone – and thus especially for them as children. In this way, awareness of data protection and freedom of information is conveyed at an early age in a playful and amusing way with a high level of practical relevance. As younger children often watch the books or videos together with their parents or grandparents, an important group of adults who might otherwise not have dealt with the topic is also informed as a side effect.

In parallel to the books and videos, worksheets and information material will be offered in the future, which will enable the media to be used in school lessons or kindergartens. We are thus expanding the target group to include educators and teachers.

View more information.

 

A19- Entry by: A19 – National Institute for Transparency, Access to Information and Personal Data Protection -INAI

Description of the initiative:

The contest aims to promote the importance of privacy and personal data protection among childrens as part of civic education regarding the exercise of the right to personal data protection. The development of the contest prioritizes the principles of non-discrimination, inclusion, and protection of individuals, as well as children’s rights.

Furthermore, the contest aims to encourage creativity and an interest in getting involved in personal data protection topics among children and adolescents.

Why the initiative deserves to be recognised by an award?

As stated in Article 4 of the Mexican Constitution, the State must ensure and comply with the principle of the best interests of the child, fully guaranteeing their rights. Children have the right to the satisfaction of their needs for nutrition, health, education, and healthy recreation for their integral development. This principle should guide the design, implementation, monitoring, and evaluation of public policies for childhood.

In the 21st century, children grow up and develop in an increasingly interconnected world, where technology has profoundly transformed the way we build and transmit knowledge, express ourselves, participate, and communicate with each other. Therefore, the skills, behaviors, and attitudes generated towards the use and development of technology are gaining greater prominence and centrality in shaping a free, responsible, and effective citizenship in the contemporary era. It is necessary to consider the vulnerable situation and special needs of Childrens who require specific public policies for the protection of their personal data and privacy, both to promote a culture in this matter and to reduce the risks of misuse of their personal information.

View more information.

 

A20- Entry by: Ombudsman’s office of the City of Buenos Aires

Description of the initiative:

The objective of this initiative was promoting Public Awareness around the urgency of preventing and eradicating digital gender violence. Its ultimate goal is to promote a virtual environment free of discrimination and ensure that technological innovation respects the dignity and privacy of individuals. The commitment that it promotes is part of a dialogue process that the Ombudsman began many years ago, but in March 2023 the signing of the “Commitment Letter against Violence of Digital Gender” among more than 50 organizations.

Why the initiative deserves to be recognised by an award?

From the Ombudsman’s Office we consider that we are deserving of this recognition. It is clear that since the signing of the commitment letter, the problem of the dissemination of images without consent has become much more visible, especially bearing in mind gender issues. The letter was signed by almost 50 organizations, various UN agencies, large and small NGOs, journalists with a distinguished track record in our country who have been suffering from violence in the digital media. The initiative exceeded all our expectations and demonstrated the need to create collective spaces among those who, from different fields and perspectives, have been working to end this form of violence.

After the signing of the letter, different actions were launched, such as awareness campaigns by different partners and collaborative work. On the other hand, in recent weeks the opinion was signed in the National Congress, which generates significant progress in the possibility that the Chamber of Deputies votes on a bill incorporating digital gender violence as a modality of gender violence.

The deputy, President of the Gender Commission of the Chamber of Deputies, attended our event in November 2021, where we began to think about the necessary mechanisms to modify the current regulation. In July 2022, the deputy presented the project that received a favorable opinion a few weeks ago.

View more information. 

 

A21- Entry by: Office of the Privacy Commissioner of Canada – OPC

Description of the initiative:

In May 2023, the Office of the Privacy Commissioner of Canada released guidance on workplace privacy so that: i) employers are aware of how relevant privacy laws and other legal obligations apply to employee personal information; and ii) individuals are aware of their privacy rights whether they are on their employee premises and/or using their employer’s equipment.

Why the initiative deserves to be recognised by an award?

he COVID pandemic created a number of challenges for society across the globe, and this exceptional moment in our lifetime fundamentally changed where and how we as a society work.

Organizations are facing new challenges in respect of how to operate in a hybrid and/or remote workplace reality, particularly so given that this reality came about more rapidly than organically. As such, OPC Canada was aware that individuals had questions about what their privacy rights were in this new world. It was also aware that employers had their own questions on a number of issues, for instance how workplace or employee monitoring could be undertaken whilst respecting employees’ privacy rights.

With this in mind, this guidance was developed using not only plain language, but taking into account how current real life challenges must be considered.

It also includes a useful section of “Eight Practical Tips” that employers can use to build into their policies and procedures.

Upon release, the guidance received positive reception from stakeholders, particularly from Human Resource industry news organizations.

Comments have included that the guidance provides “practical considerations on how to remain compliant” and that “…the Guidance is a useful resource for employers looking to improve their workplace privacy policies and procedures”.

View more information

 

A22- Entry by: Office of the Privacy Commissioner of Canada – OPC

Description of the initiative:

The Office of the Privacy Commissioner of Canada (OPC) spearheaded the planning, writing, and delivery of an engaging and informative panel discussion.

The bilingual event titled, “Privacy Awareness Week 2023: What Is Public May Still Be Personal,” reached 877 Canadian public servants, with hundreds more viewing a recording of the event.

The event resulted in increased privacy awareness and knowledge throughout the Canadian public service and allowed the OPC to further promote its advisory role.

Why the initiative deserves to be recognised by an award?

Since its first Privacy Awareness Week event presented in collaboration with the CSPS in 2021, the OPC has increasing audience size and engagement year-over-year with 1330 registrants enrolled for this year’s event (well past the 750-registrants goal).

The 2023 event included partnering with TBS for the first time, an important step to show the Government of Canada community that the OPC as regulator, and TBS as the Government of Canada institution charged with producing privacy policy and guidance, can present a united front on complex matters for the benefit of privacy protection.

The OPC suggested the discussion topic purposefully to help promote timely Government of Canada guidance on publicly available information. The OPC also took additional steps to ensure a successful event, including acting as liaison with CSPS and taking the lead on writing speaking notes to ensure a unified presentation.

Due to this year’s success, going forward, CSPS will reserve bi-annual events for the OPC and TBS, one during Data Privacy Week and the other during Privacy Awareness Week. This past year’s event was not only successful in and of itself but also the start of a legacy of events promoting privacy protection widely across the Government of Canada.

View more information

 

A23- Entry by: The Israeli Privacy Protection Authority

Description of the initiative:

The Israeli Privacy Protection Authority aims to make the Privacy Protection Law and regulations accessible to organizations and companies from all sectors of the economy. For this purpose the PPA developed online tutorials that enable a better comprehension of the provisions of the Privacy Protection Law and its regulations, in a clear and simple manner. The tutorials were launched in 2022 and were published on the Authority’s website and were circulated to various parties proactively (for example, to the heads of local authorities), in order to assist them and improve their level of compliance with the law and regulations.

Why the initiative deserves to be recognised by an award?

The software in which the tutorials are displayed is designed in a smart way, aiming to give an interactive experience, and it provides users with a friendly, easy, accessible and efficient experience to learn about key issues they face during day-to-day activities of the organization. 3 The goal was to simplify to the level of laymen the various requirements listed in the Privacy Protection Act and various regulations, so that it would be very easy to understand them and, accordingly, to apply them more easily.

View more information. 

 

A24- Entry by: Personal Data Protection Service of Georgia – PDPS

Description of the initiative:

“Journal of Personal Data Protection Law” is a bilingual, international scientific publication that promotes comparative legal discourse and analysis in personal data protection law. Journal seeks to share research outcomes and raise public awareness on data protection and privacy. It was established on May 2022 to mark the 4th anniversary of the application of the GDPR. Through the Journal, PDPS aims to promote the best practices in data protection law.

Why the initiative deserves to be recognised by an award?

The Journal deserves to be recognized with an award due to several compelling reasons:

 

  • Promotion of Knowledge: The Journal serves as a platform for disseminating valuable research, insights, and best practices in the field of personal data protection. It strives to educate stakeholders on how to comply to the legislative requirements and address the emerging challenges.
  • International Reach: The Journal attracts contributions from legal scholars, experts, and practitioners from around the world. Its bilingual nature further enhances its accessibility and impact, making it a valuable resource for the global community.
  • Timeliness and Relevance: The Journal is a periodic publication, to be published twice a year. It keeps pace with emerging trends and developments in the field of personal data and privacy, making it a valuable resource for practitioners and policymakers.
  • Commitment to the Best Practices: The Journal signifies the commitment of the Personal Data Protection Service of Georgia to promote best practices in the field. By showcasing innovative approaches, case studies, and legal analysis, it contributes to enhancing legal frameworks and operational guidelines for data protection.
  • Impact on Policy and Practice: The Journal’s research and insights have the potential to influence policy decisions and practices to a large extent.

 

View more information. 

A25- Entry by: Personal Data Protection Service of Georgia – PDPS

Description of the initiative:

In September, 2022, the Personal Data Protection Service of Georgia launched an online campaign called: #MakeaHabit Personal Data Protection to raise public awareness with respect to data protection. The campaign lasted for one month, and it entailed the publication of illustrated cards which gave significant advice to data subjects during their daily activities to protect personal data.

Why the initiative deserves to be recognised by an award?

The main challenge commonly faced by data protection authorities is the lack of public awareness. Personal Data Protection Service of Georgia considers data subjects as partner stakeholders, contributing to personal data protection and efficient monitoring of the lawfulness of data processing.

Accordingly, the data subject’s high awareness level will eventually result in quicker identification of alleged/possible cases of unlawful data processing activities and, on the other hand, prompt reaction on the part of the data protection authority. At the same time, educated data subjects are indeed less vulnerable to unlawful data processing and try their best to consider the requirements of the law and respect the privacy of others.

The mentioned campaign, in simple non-legal language, made the data protection-related topics understandable and perceptible, convincing data subjects that the habit of personal data protection is one of the significant aspects of their welfare.

View more information. 

A26- Entry by: Personal Data Protection Service of Georgia – PDPS

Description of the initiative:

Last year, the Personal Data Protection Service of Georgia announced a blog contest for school students on the topic of personal data protection. In particular, the topic was: “My Personal Data and Eyes Wide Open”. 9th, 10th, 11th, and 12th-grade students had the opportunity to participate in the competition, which aimed to raise awareness amongst the school students about the importance of personal data protection.

Why the initiative deserves to be recognised by an award?

The initiative of organizing a blog contest on personal data protection by the Service deserves to be recognized with an award for several reasons:

  • Blog contests give students a fun and interactive way to share their thoughts about protecting personal information;
  • Blog contests teach school students about the importance of protecting their personal information;
  • Blog contests help raise awareness among students, their families, and their communities about the significance of personal data protection;
  • Blog contests encourage students to think critically about personal data protection.

It is worth noting that the Personal Data Protection Service of Georgia awarded the school students winning the blog contest. The President of the Service – Prof. Dr. Dr. Lela Janashvili, hosted the winning students at the office of the Service. She awarded the winners with certificates, as well as prizes – tablets and branded items and wished them success in their future endeavours.  The winning blogs were published by one of the news agencies (“Interpressnews”).

The Personal Data Protection Service of Georgia continuously tries to arrange various activities to raise children’s awareness towards privacy and data protection. Therefore, it is noteworthy that the blog contest has aroused interest throughout Georgia.

View more information. 

A27- Entry by: A27 – National Institute for Transparency, Access to Information and Protection of Personal Data -INAI and Institute for Transparency, Access to Public Information, Protection of Personal Data and Accountability of Mexico City – INFOCDMX

Description of the initiative:

The “Privacy Route” has been set up as a national socialization crusade, to reflect the importance of the protection of personal data as a human right among the Mexican society.

Through the coordination and institutionalization by the local authorities headed by the INAI, and the inclusion of the private and social sector, the objective is to create awareness of the right to the protection of personal data and the privacy in de Mexican Republic.

Why the initiative deserves to be recognised by an award?

The Privacy Route must be recognized by the GPA Global Privacy and Data Protection Awards, since through this initiative it seeks to sow the seed of awareness in each and every one of the Mexicans about the importance of the right to protection of personal data. as a fundamental human right, as well as the need to guarantee the privacy of all people, within the framework of an interconnected world.

Likewise, it is considered that the Privacy Route is an instance that makes visible the instrumental value of the right to personal data protection, as a mechanism to achieve other human rights, such as education, health, equality, among others.

In this sense, it is considered that the project is unique among the privacy authorities, since it not only exposes the relevance of the right to protection of personal data, but also how it can be used to improve the life of each Mexican.

View more information.

 

A27- Entry by: A27 – National Institute for Transparency, Access to Information and Protection of Personal Data -INAI and Institute for Transparency, Access to Public Information, Protection of Personal Data and Accountability of Mexico City – INFOCDMX

Description of the initiative:

Why the initiative deserves to be recognised by an award?

View more information.

 

 

 

A28- Entry by: Commission Nationale de contrôle de la protection des Données à caractère Personne- CNDP

Description of the initiative:

The “Koun3labal” platform is a virtual school (www.koun3labal.cndp.ma) which was launched on December, 9th 2022. It aims to raise awareness among children, teenagers and women about the dangers, risks, rights, means of protection, and available channels of recourse for the protection of their digital privacy, at both Moroccan and African levels.

It provides examples of best practices, recommendations and tools to help children, teenagers and women deal with the world of digital technology with caution. It also targets parents/guardians, teachers and researchers to raise awareness of these issues.

Why the initiative deserves to be recognised by an award?

Moroccan society, like all other societies, is facing the challenges that come with the almost unchecked expansion and evolution of Digital technologies. Young people and women, however, seem to be more vulnerable to the risks internet in general implies. These risks range from personal data stealing, online violence and sexual harassment to various forms of online fraud.

The aim of the “Koun3labal” platform is to raise awareness and help reduce risk-taking and promoting safety-oriented behaviours among the above-mentioned targets as effectively as possible.

The platform’s innovative feature is the participation of several African contributors through a joint Committee of Contributors. Through its position as Permanent Secretariat of the NADPA-RAPDP (“Network of African Data Protection Authorities”), the CNDP’s ambition is to bring in as many African partners as possible to enrich this platform and consolidate its African vocation. This Committee of Contributors also includes national partner institutions.

View more information.

A29- Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC

Description of the initiative:

Building on the IPC’s popular Privacy Pursuit! activity book, the IPC has developed four new classroom-ready lesson plans to help educators teach students in Grades 2 through 8 about why privacy is important and how to protect their privacy online. Our office invited young Ontarians to join the IPC’s new Youth Advisory Council to share their views about digital literacy, access, and privacy rights to inform our efforts empower Ontario’s next generation of digital citizens.

 

Why the initiative deserves to be recognised by an award?

One of the great challenges of our time is how parents, teachers, and regulators, can help guide young people through the maze of online risks and opportunities so they feel better equipped to participate in the digital world. Our Privacy Pursuit! lesson plans are an important step in that direction. Released in time for the 2023-24 academic year, the plans fill a need for teachers by providing them with trusted content they can use in their classrooms. They’re a great free resource to help kids develop the digital literacy skills they need to protect themselves online and shape their own future. The IPC wants to give young people a voice in policy decisions that affect them, and help us build policies that reflect their priorities. With our bold Youth Advisory Council initiative, we’re doing just that. The work of this group of talented youth is broadening the conversation and engaging young people with our office’s work. With their input, we are confident we can make a real difference in the lives of children and youth and ensure the digital world is a better place for future generations.

View more information. 

A30- Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC

Description of the initiative:

In May 2023, the IPC unveiled its most exciting initiative yet, our first-ever Transparency Showcase — an online 3D gallery featuring a range of innovative projects from municipal and provincial institutions in Ontario. These projects show the positive impact of government transparency and the benefits of open data, without compromising personal privacy. Illustrated with stunning original digital art pieces, the showcase inspires government institutions to be more proactive in releasing information to the public.

Why the initiative deserves to be recognised by an award?

Transparency and the protection of privacy are essential to a healthy functioning democracy. Privacy is not a barrier to proactively releasing government-held information, provided privacy risks are proactively addressed. The innovative projects featured in the IPC’s first ever Transparency Showcase prove how it is possible to achieve openness and transparency in a privacy-protective way. When public institutions are open about their decisions and actions and proactively release non-personal data, it better equips the public with the information they need to make better decisions and improve their lives. It fosters civic engagement and constructive discourse and helps to fight misinformation by filling in knowledge gaps with reliable, evidenced-based data. Ultimately, it inspires greater trust in government and strengthens the very fabric of our society. Modern and effective regulators need to use innovative tools to support and encourage the behaviours they’d like to see and bring about compliance in a positive way. Our hope is that through the Transparency Showcase, we will encourage other institutions toward greater openness and help increase awareness that privacy is not a barrier to achieving this goal.

View more information. 

A31- Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada- OIPC

Description of the initiative:

Info Matters is an educational podcast about people, privacy, and access to information. On Info Matters, we have candid conversations with people from all walks of life about the access and privacy issues that matter to them. We demystify new data technologies and explore their potential impacts on society. We hear real stories, learn interesting facts, and provide practical tips on how to protect personal information and access government-held information.

Why the initiative deserves to be recognised by an award?

The Info Matters podcast has seen an impressive increase in the number of downloads (38.5%) and unique listeners (41.6%) over the past year. The podcast has been downloaded nearly 10,000 times since its launch in 2021. We’re reaching more people and partners directly, building our reputation as a modern and effective regulator along the way. It’s no surprise that in 2022, Info Matters was ranked 13th on a list of 60 top data privacy podcasts. The number of podcast listeners worldwide is expected to grow to over 465 million in 2023. The IPC was the first of its data privacy regulatory peers in Canada to recognize the educational value of podcasting, seizing this effective form of communication to educate people from all walks of life about the access and privacy issues that matter to them. We’ve worked hard to make our podcast stand out from the crowd, by creating original, high-quality, and valuable content. Our episodes are a source of sound information, nuggets of wisdom, and thought-provoking insights. With new listeners tuning in every day, more people are turning to Info Matters as the first place they go to for answers on all things access and privacy.

View more information. 

A32- Entry by: Information Commissioners Office – ICO

Description of the initiative:

The ICO’s Technology Department published guidance in February 2023 to help organisations practically implement data protection in the product design lifecycle.

The guidance explains how to apply data protection principles at key stages throughout product development to a product design audience.

The team engaged with multiple cross-sector product teams to gather insights and develop the guidance and launched the final guidance at a specific design and privacy conference with over 1,100 attendees.

Why the initiative deserves to be recognised by an award?

The ‘Privacy in the product design lifecycle’ guidance contextualises data protection for a new audience, design and product teams, who have potential to greatly improve the privacy experience for citizens. The ICO is one of the only regulators who is creating practical guidance for the design and product community.

The approach to developing the guidance was collaborative, multidisciplinary, iterative and led by research. Organisations of varying scales and sectors fed into it’s development, sharing real-world challenges with addressing data protection in digital products and best-practice examples of how data protection can be integrated into product design activities. The project demonstrates a novel approach to creating and publishing guidance with industry input that ensures content is actionable and relevant.

The ICO ran the ‘Privacy by design: Privacy Seriously’ conference to launch the guidance to an audience of over 1,100 attendees. The event included talks and panels with international experts and practitioners discussing critical issues in design and privacy.

View more information.