For four decades, the Global Privacy Assembly, first named as the International Conference of Data Protection and Privacy Commissioners until the 41st Conference, has been the premier meeting place of the world’s data protection and privacy regulators and enforcers. The Assembly has grown substantially and its membership now extends across many parts of the world.

Each year the Assembly meets in a different city hosted by the local data protection or privacy authority. The Assembly first met in Bonn, Germany, in 1979 and then crossed the Atlantic for its second meeting in Ottawa, Canada. The Assembly met for the first 20 years primarily in European locations with an occasional foray to Canada and one trip down-under to Sydney, Australia, in 1992.

The 21st Conference, at the turn of the century, was held in Hong Kong and marked a coming of age when the Assembly more truly started to assume an international character. Of the 20 conferences before 1999, only five were held outside Europe. Since then the locations are evenly split between Europe and the rest of the world. It has convened in six of the seven continents and has met four times in the Southern Hemisphere.

From 2000 onwards the Assembly arranged itself more formally to speak with one voice through joint statements. In Venice in 2000 the Assembly adopted guidelines and procedures for adopting Assembly resolutions “of enduring value” and followed this by establishing an accreditation process in Paris in 2001. In 2002 in Cardiff the first 51 authorities were accredited. With the foundations in place the Assembly was ready the following year to start adopting resolutions.

In 2003 in Sydney the first five resolutions were adopted on a mix of issues covering cross-border data transfers, technology issues, public communication of privacy messages and the issues of data protection within international organisations. The Assembly has adopted more than 60 resolutions and declarations.

With the increase in the size of the Assembly, and greater expectations that regulators should become more effective at global level, attention has been paid to Assembly organisational arrangements. In 2010, in Jerusalem, the Assembly established a five member Executive Committee to provide leadership and ensure the attainment of Assembly goals. Three years later, in 2013, in Warsaw, the Assembly formally adopted a mission statement and for the first time set out a strategic direction for the Assembly.

The Assembly first addressed enforcement coordination by resolution in 2011 in Mexico City. The Assembly has subsequently returned to issues of cross-border enforcement cooperation several times and in 2014 in Mauritius established an arrangement for cooperation in enforcement.

In 2015 the Assembly adopted a new strategic plan which included a priority to work with partners. This recognised that while there were few international data protection forums in 1979 when the Assembly was established, 40 years later there are multiple stakeholder groups at regional and global level.

From 2012, the Assembly began to devote an entire day annually to in-depth discussion of a single significant topic. Frequently these have been cutting edge technological topics, such as robotics and artificial intelligence, while on other occasions the topics have been challenging areas for privacy regulators, such as the oversight of intelligence organisations.

Three notable milestones were the declarations adopted by the Assembly in 2005, 2006 and 2009 in Montreux, London and Madrid. These were not merely fine words on paper but involved substantial collaborative effort in development and implementation. The Montreux Declaration sketched out a programme to promote privacy as a universal right in a globalised world and was for several years accompanied by a conference audit of progress towards its goals. The London Declaration highlighted the need for effective communication and practical action. The declaration spawned the ‘London Initiative’ with a series of practical workshops held over a year around the world. The Madrid Resolution was the culmination of a year’s work in developing a privacy standard that could find wide support.

From late-2014 substantial efforts were undertaken to improve the Assembly’s communications with members. Milestones included a regular newsletter (2014), a website (2015), an alumni network (2015), an events calendar (2016), a Twitter account (2016) and a YouTube channel (2017).

The creation in 2015 of a permanent Assembly website enabled a central archive of the Assembly’s documentation to be established and maintained.

In 2015, the Executive Committee established a new transparent and competitive process for selecting hosts. Each hosting proposal is assessed against a published set of criteria which recognises the desirability of progressively moving the Assembly around different geographic locations. The host of the 38th Conference was the first to be selected in this way with the Assembly being held, for the first time, in North Africa.

Seeking to give effect to its 2016 resolution on developing new metrics of data protection regulation, the Assembly undertook the first census in 2017.

In 2017 the Assembly held its first awards programme. The Global Privacy and Data Protection Awards recognised excellence and innovation amongst member authorities in research, enforcement, education and online tools.

After 40 years, the Assembly now has more than 130 member authorities and many observers. It strives to achieve the vision of an environment in which privacy and data protection authorities around the world are able effectively to act to fulfil their mandates, both individually and in concert, through diffusion of knowledge and supportive connections.

A list of all previous Conferences –

41st International Conference – Tirana, Albania, 2019
40th International Conference – Brussels, Belgium/Sofia, Bulgaria, 2018
39th International Conference – Hong Kong, 2017
38th International Conference – Marrakesh, Morocco 2016
37th International Conference – Amsterdam, Netherlands 2015
36th International Conference – Fort Balaclava, Mauritius, 2014
35th International Conference – Warsaw, Poland, 2013
34th International Conference – Punta del Este/ Canelones, Uruguay, 2012
33rd International Conference – Mexico City, Mexico, 2011
32nd International Conference – Jerusalem, Israel, 2010
31st International Conference – Madrid, Spain, 2009
30th International Conference – Strasbourg, France, 2008
29th International Conference – Montreal, Canada, 2007
28th International Conference – London, United Kingdom, 2006
27th International Conference – Montreux, Switzerland, 2005
26th International Conference – Wroclaw, Poland, 2004
25th International Conference – Sydney, Australia, 2003
24th International Conference – Cardiff, United Kingdom, 2002
23rd International Conference – Paris, France, 2001
22nd International Conference – Venice, Italy, 2000
21st International Conference – Hong Kong, China, 1999
20th International Conference – Santiago de Compostella, Spain, 1998
19th International Conference – Brussels, Belgium, 1997
18th International Conference – Ottawa, Canada, 1996
17th International Conference – Copenhagen, Denmark, 1995
16th International Conference – The Hague, Netherlands, 1994
15th International Conference – Manchester, United Kingdom, 1993
14th International Conference – Sydney, Australia, 1992
13th International Conference – Strasbourg, France, 1991
12th International Conference – Paris, France, 1990
11th International Conference – Berlin, F.R.Germany, 1989
10th International Conference – Oslo, Norway, 1988
9th International Conference – Quebec, Canada, 1987
8th International Conference – Lisbon, Portugal, 1986
7th International Conference – Luxembourg, 1985
6th International Conference – Vienna, Austria, 1984
5th International Conference – Stockholm, Sweden, 1983
4th International Conference – London, United Kingdom, 1982
3rd International Conference – Paris, France, 1981
2nd International Conference – Ottawa, Canada, 1980
1st International Conference – Bonn, F.R.Germany, 1979