Progress in 2018
2018 has been a pivotal year for the ICDPPC community, both in terms of determining our own identity and way forward, and in establishing our place on the international stage, with data protection at the heart of so many policy debates.
The fantastic annual meeting in October, so ably co-hosted by EDPS and Bulgaria, has set us on a productive path forward. May I once again pay tribute to Giovanni Buttarelli and Ventsislav Karadjov and their teams for the enriching and stimulating discussions as well as their generous hospitality.
We now have a Roadmap to guide the development of the ICDPPC from an annual meeting to a visible and vocal body that can engage effectively with the policy issues of the day. This is thanks to the excellent work led by our French and Canadian colleagues and the contributions from across the membership. The Declaration on Ethics and Data Protection in Artificial Intelligence (AI), setting out our guiding principles and our joint call for common governance principles, was a significant achievement. We must continue to build on this.
There is much work to do to realise the ICDPPC community’s vision and ambition. The new Executive Committee has already had two (virtual) meetings in the last 2 months to map out priorities for the year ahead and how we will help to deliver them. These include:
- formulating a 2019 – 2021 strategic plan, for adoption at the next annual meeting in Albania, underpinned by a clear set of policy priorities, issues and themes, to inform the ICDPPC’s work and our outreach to other organisations and to civil society;
- developing a communications plan to support these policy priorities; and
- strengthening the ICDPPC’s role in capacity building for its members, for which we have heard a clear demand, particularly from newer members.
I am delighted that we have such a diverse ExCo membership, and am grateful to dedicated colleagues for being willing to join our meetings at the crack of dawn or at midnight to bridge the time zone differences.
Our Working Groups will continue to play a crucial role in generating ideas and supporting implementation of the commitments we all made in Brussels. Diverse representation will be important here too. If you are interested in joining one of them, including the new WG on Ethics and Data Protection in Artificial Intelligence (AI), please contact the Secretariat (firstname.lastname@example.org) or the relevant Chair.
We are also looking for volunteers for the network of translating members to assist the Secretariat in translating key documents; this is important to help maximise the impact of our resolutions and declarations. Please contact the Secretariat if you can help. We will focus on English, French and Spanish initially but all offers welcome.
I am honoured that you have placed your trust in me, as Chair of the Executive Committee, to steer our work at this critical juncture. I look forward very much to working with you all to make a reality of the vision we have jointly articulated.
Chair of the ICDPPC Executive Committee
In just a few days, we’ll all be together in Brussels. The ICDPPC Secretariat and our host are working full steam to make sure that everything runs smoothly and that we’re all set for what promises to be an exceptional annual meeting!
I guess you are now all ready and looking forward to our yearly reunion. For some of you, I know it even means a very long trip, and for all of us, a lot of energy and preparation! But before jumping into the week, please get some rest and take a moment to think about our upcoming debates, to look back at the past year and to put all this into perspective with our frenzied surrounding world.
A big discussion is expecting us in Brussels, about our organisation and our common project. It’s true, we are going to talk about ourselves maybe a bit more than usual. But it is certainly for a good cause!
I hope we’ll have an open debate with one thing in mind: the future of the Conference as an organisation, which we can for sure make more visible and audible. Make no mistake, this won’t be a self-centred exercise but rather an attempt to open up and strengthen our role at international level. And we’ll even be able to prove all this right with our discussions on ethics and data protection in artificial intelligence.
In the end, while we are all getting ready for our fortieth annual meeting, we are also on our way to have the ICDPPC ready for the years to come and the challenges ahead. This is to me a very exciting perspective which make me look forward to our exchanges and debates. Oh, and of course, you have to get ready for Belgian waffles and chocolate, because they’ll be all around next week!
See you all in Brussels,
Fast forward. Never a dull moment. That’s how the past months have been going for all of us! While Europeans have been busy with the application of the GDPR, the rest of the world also had to address many privacy and data protection concerns, not to mention the fallout of the Cambridge Analytica revelations. All this of course in addition to our daily tasks and business, and with many eyes looking at the DPA community at international level.
We are certainly not alone, and people are more and more turning to us for guidance and answers. I have experienced this while in Washington late March at the IAPP global summit, and even more in May at the RightsCon Conference in Toronto, a global summit on human rights in the digital age which gathered more than 2000 participants from all horizons. Discussions there were vivid and refreshing, making the case for something which is already obvious for most of us: privacy and data protection can no longer be considered as a mere legalistic issue. It’s now part of our daily life and at the crossroad of many of today’s hot topics such as artificial intelligence, fake news and the right to information, freedom of expression, etc… We can no longer think in silos. We need to open up. And we need to keep our ears wide open and to listen.
The ICDPPC has actually been in an intense listening mode this year! A last consultation round on the future of the Conference has been held in the margins of the European Spring Conference in Tirana in May, and we opened a public consultation to hear views from external stakeholders on our future objectives and missions. Together with colleagues from the OPC Canada, we also took the opportunity of the RightsCon conference to hold a side meeting with representatives of civil society organisations from all around the globe. We gain valuable insights on current expectations towards authorities at international level which will share with you. Oh, and by the way, the Canadian spring was gorgeous and very sunny!
I’m most pleased to see that the strategic consultation agreed in Hong Kong has been a real success, and above all, a healthy exercise which allowed the direct and indirect contribution of most of the ICDPPC members. In total, almost 70 authorities took part to the various consultation rounds held throughout the year and around the globe! Even our website opened up, featuring 5-minutes interviews with key stakeholders such as the UN Special Rapporteur on the right to privacy, the Internet Freedom Foundation of India and Max Schrems. By listening, both internally and around us, one thing is already clear: our future missions and challenges will have to be addressed collectively and inclusively. Cooperation and inspiration beyond our own remits will be key to shape our future objectives and common project.
So, we’ve been listening, we’ve opened up and we now need to start thinking and building. That’s actually our programme for Brussels in October (registration is now open with a special rate for early birds, don’t forget!). In order to get ready for this, we welcomed in Paris two weeks ago a meeting of the Working Group on the future of the Conference. On that same day, the ICDPPC drafting team on artificial intelligence also gathered in our building to prepare for the debate and deliverables in Brussels on one of the top challenge ahead of us. I’m not sure participants had a chance to enjoy the charms of Paris, but the sacrifice was probably worth it, since we made really good progress!
Finally, please pay attention to the upcoming communications from the secretariat, as the closed session is taking shape and you will soon receive more news and details. The work undertaken ahead of our next annual meeting already shows that we are now more than a yearly gathering of authorities. But are we ready to build a new governance model? A real international organisation? We need to build answers to these questions. We also need to build bridges. All this takes time, maybe several years… but we have the whole summer to start making plans and propose some kind of evolution at our October meeting!
Chair of the International Conference Executive Committee
Promoting data protection and privacy rights at global level: have your say on the future of the International conference!
Public consultation on the future of the International Conference of Data Protection and Privacy Commissioners (ICDPPC)
The Conference seeks to provide leadership in data protection and privacy at the international level. It does this by connecting the efforts of 119 privacy and data protection authorities from across the globe.
The ICDPPC is a unique network which purposes and main objectives at present are: to promote and enhance internationally personal data protection and privacy rights; to improve data protection and privacy by providing a forum that encourages dialogue, cooperation and information sharing; to draft and adopt joint resolutions and declarations on subjects that warrant the common interest or concern of the accredited members, and promote their implementation; to be a meeting point between accredited members and other international fora or organisations that share common objectives; to encourage and facilitate cooperation and the exchange of information among accredited members, in particular regarding enforcement actions; to promote the development of international standards in the field of protection of personal data.
The Conference is headed by its Executive Committee and is also composed of numerous working groups. It meets annually in a closed session of its members and observers; an open session is also organized in which leading privacy experts from industry and civil society participate.
At its latest annual meeting in Hong Kong in September 2017, the ICDPPC initiated a strategic consultation among its members in order to further define its objectives, identity and structure (Project Page). With a view to complement this internal process, the ICDPPC is launching a public consultation open to all individuals or organisations willing to give their views about the future of what has been the premier global forum for data protection authorities for nearly four decades now.
Should you wish to participate in this consultation, please consider the following indicative questions in order to develop your contribution:
- In your view, what should be the main objective of the ICDPPC as an international network of data protection authorities? What are your main expectations regarding the ICDPPC activities and outcomes in the field of privacy and data protection for the years to come?
- Which key privacy and data protection challenges should the ICDPPC address as a priority in the future? Do you consider that organisational or structural changes are needed for the Conference to succeed in delivering on such challenges?
- As an external stakeholder, do you foresee the need for an increased role and visibility of the ICDPPC at the international level? If yes, which tools and activities should the ICDPPC develop for this purpose?
When submitting your contribution, please, indicate the response to the questions below:
- What interest group do you belong to? (select)
- Observer of the ICDPPC
- Business /industry
- Academic /think tank
- Public authority
- Other (please specify)
- Have you participated in the ICDPPC as a delegate or a speaker in the past five years? Yes/No.
If yes, what was your main objective to achieve at the conference? (please select all that apply).
- Networking with privacy enforcement authorities
- Understanding the latest developments in privacy/data protection
- Networking with other non-privacy enforcement authority delegates
- Speaking on a specific topic (keynote, panel etc) or exhibiting
- Other (please specify)
Hello to all of you, “The future is bright”. This was one of the slides presented by a speaker from civil society at last week’s conference in Casablanca. The African Network of data protection authorities was meeting and analysing how data protection could be a development leverage for the continent. The discussion was truly inspiring, so many ideas and so much energy among all actors. Of course, a lot of challenges remain. But the African “digital revolution”, as some may call it, could offer a real opportunity to integrate from the start privacy and data protection in the digital ecosystem they want to build, attractive for consumers and investors.
The day after the conference, sun was still shining in Casablanca. The African network held its general assembly, starting with a discussion on the future of the International Conference, making its voice heard on the road we want our organisation to take. With all these regional conversations through which ideas and needs are expressed, I believe we have a unique opportunity to build a collective project for our Conference. And I am eager to see the working group in charge making the most of these inputs.
Three weeks ago, a bright sun in Brussels also welcomed the election of our colleague Andrea Jelinek as the new Chair of the Article 29 Working Party. I had the opportunity to pass on all my wishes of success to Andrea, whom I am sure will deliver on the upcoming new chapter for data protection in the EU with the effective application of the GDPR as of 25th May.
25th May, this date has been repeated over and over during the last two years. Some commentators made it an absolute deadline, sometimes depicting it as a global data protection big bang. But it is not a revolution, most of the principles are known since 1995. It is actually more like a step forward, or a jump ahead, for which companies around the globe as well as data protection authorities have been preparing intensively. Europeans are now busy finalising the setting up of the European Data Protection Board, the final stage of the new EU governance model, which will be key to ensure the consistent application of the new European data protection regime, but also its interactions with authorities outside the Union.
In Brussels, the Article 29 Working Party also organized its session on the future of the Conference. I had the pleasure to chair the meeting together with a representative of the Office of the Privacy Commissioner of Canada. A report on the talks is already available.
Now I’m back in Paris. We are freezing below zero and there is no sun. But light can come from virtual things nowadays! I am glad to tell you that, through the poll that has been organized, our members have chosen artificial intelligence as the key theme for our closed session in October. Artificial intelligence being the new buzzword in the media, the next big thing or even sometimes the subject of fanciful analysis, it may be useful for us to take a clear stance on the matter, and to define our common interpretation on how best to address this technological development from a privacy and data protection perspective in the future.
As you can imagine, the Brussels annual conference already keeps the ICDPPC Executive Committee busy, with the preliminary work on the preparation of the closed session, on which I’ll be keen to keep you updated in future communications. I know for sure that we won’t be missing topics for discussion in Brussels since, when it comes to privacy and data protection, there is always something new under the sun!
Chair of the International Conference executive committee
For this first message since Hong-Kong and even if it was quite a long time ago I would like to start by thanking Stephen Kai-yi Wong and the Office of the Privacy Commissioner for Personal Data in Hong Kong for hosting such a wonderful Conference. It was a great moment but also a symbolic one because we, collectively, as the Conference, decided to set up the scene for our future. This is extremely positive since it shows that we have come to a mature stage where we can ask fundamental questions such as: who are we and where do we want to go collectively? How can we make a difference and bring added value in the current global ecosystem?
Based on the solid work conducted on the future size and membership of the Conference the past year, we have decided, with my co-Chair of the Working group, Daniel Therrien, to rely on existing networks to gather as much as we can our views and feed our reflections with this substance. The more open the process will be, the more fruitful and legitimate the output will be.
In November, I joined Daniel for the 48th APPA Forum in Vancouver where we kicked off this first discussion. Participants expressed views on a wide range of issues such as the Conference’s influence and policy leadership, its global outreach and cohesion, but also its governance, structure and cooperation methods. For sure, the ideas put forwards in Vancouver will be a valuable input in defining new objectives and the necessary means to achieve them. On top of it, we had the chance to discover the extraordinary Vancouver scenery and had a great time with our colleagues.
This month, the French-speaking data protection authorities network (AFAPDP) held a meeting in Paris on the occasion of its 10th anniversary and also dedicated a session to the future of the International Conference. Again, with Daniel, we organised the discussion and, after a lively debate, many concrete proposals were put on the table. As in Vancouver, the exercise was not to agree on a position but to hear all views and gather all inputs in order to trigger the reflexion process. Then the authorities viewed the exhibition “Terra Data” within the Paris Sciences and Industry Museum. A great attempt to give concrete life to our subjects, which are sometimes a bit theoretical for the general public. If anyone is interested, this exhibition can tour!
The next rendez-vous for the consultation process will be in February in Brussels where EU authorities, members of the Article 29 Working party will get involved; other networks will follow in the upcoming months, so let the discussion continue!
Discussions reports of the APPA and AFAPDP meetings will be sent to you shortly and to the members of the working group on the future of the Conference.
On the European side, please let me just give you a quick update on our progress made regarding the GDPR implementation. We are finalising our guidelines and we expect to adopt most of them by the end of February in order to give as much as possible a clear interpretation of this new EU legal framework. All these documents are available online, so please feel free to have a look, and let us know what you think of them. Also, I am happy to share with you that a GDPR event will be organized in Brussels in October 2018, at the next international conference. Having all of us gathered at the same time in Europe the year the Regulation enters in application, just seems the perfect opportunity to have a “GDPR Talk”. Additional details will be communicated in due time but, for now, please pin down this event in your calendar!
This is all I can tell you now, before the year ends. I will end my note by wishing you, in all languages, a very, very Happy New Year 2018. I hope to see you join the conversation on the future of our Conference and I very much look forward to continuing the discussion with you,.
Chair of the International Conference executive committee