Become a participant in Global Cross Border Enforcement Cooperation Arrangement
The 36th Conference the Conference resolved to establish a Global Cross Border Enforcement Cooperation Arrangement. The GCBECA was reviewed by the 39th and 41st conferences (the Working Group on International Enforcement Cooperation).The conference Executive Committee encourages all privacy enforcement authority GPA conference members to become participants in this Arrangement.
On this page you will find links to online forms to submit to the Executive Committee Secretariat:
Which public authorities can participate in the Arrangement?
Any public body that has as one of its responsibilities the enforcement of a privacy or data protection law, and that has powers to conduct investigations or take enforcement action, is referred to as a Privacy Enforcement Authority or PEA in the Arrangement. Any Privacy Enforcement Authority that meets the eligibility criteria may submit a notice of intent to the Executive Committee Secretariat.
What are the eligibility criteria?
Any Privacy Enforcement Authority may participate in the Arrangement so long as it is one of the following:
- An accredited member of the Global Privacy Assembly;
- An authority designated by a member State signatory to the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing (Convention 108), or alternatively an Authority designated by a member State signatory to this Convention in its revised form by means of the amending Protocol for the Convention 108 which opened for signature in 2018, widely known as ‘Convention 108 +;
- a member of the Global Privacy Enforcement Network (GPEN);
- a participant in the APEC Cross-border Privacy Enforcement Arrangement (CPEA); or
- a member of the European Data Protection Board (EDPB).
How does an eligible privacy enforcement authority become a participant?
To participate in the Arrangement an eligible Privacy Enforcement Authority may submit a notice of intent to participate. On this website this is referred to simply as a Notice of Intent.
As part of the process of submitting a Notice of Intent, or as a separate process to be undertaken later, Privacy Enforcement Authorities may notify the Secretariat of their commitment to observe the provisions of Schedule 1 of the Arrangement or commit to make other arrangements to ensure that each participant’s privacy and data protection requirements are fully observed. On this website this is referred to as a Notice of Commitment.
Privacy Enforcement Authorities intending to submit a Notice of Commitment at the same time of submitting a Notice of Intent will find that the electronic Notice of Intent will automatically expand to enable them to do this. Authorities that prefer to submit a Notice of Commitment at a later date can submit the standard Notice of Intent and later submit a separate Notice of Commitment.
Privacy Enforcement Authorities that submit a Notice of Intent will receive an automatic acknowledgement and, once eligibility is verified by the Secretariat, will be included in the list of participants.
How can a participant withdraw from the Arrangement?
A participant can withdraw by submitting a Notice of Withdrawal to the Secretariat.
I am interested in what a legally binding version of this arrangement to transfer personal data might look like. What do I need to know?
Not all authorities can enter into legally binding arrangements. However, the 41st conference received a report from its Working Group on International Enforcement Cooperation which looked at what a starting point for a legally binding arrangement for the transfer of personal data by an authority might look like. This explored the possibility of a potential Schedule Two, which should be reviewed alongside the report from the Working Group here and can be adapted by authorities to their specific national situation.’
Where can I find further information?
Further information on the Arrangement and becoming a participant is available on the Frequently Asked Questions page.