Entries submitted (as on 1.05.2017)

D1: ‘AboutMe’ online access tool (New Zealand)
D2: AskUs a query-based online knowledge base (New Zealand)
D3: A Privacy Compliance Assessment Web Application Tool (Mauritius)
D4: “Privacy App.” (Albania)
D5: Digital tool for citizens to report nuisance calls and messages (UK)
D6: YouTube channel (Canton of Zurich, Switzerland)
D7: Datenschutz.ch App (Canton of Zurich, Switzerland)
D8: System of Access, Rectification, Cancellation and Opposition of Personal Data of the State of Mexico (SARCOEM) (Infoem, Mexico)
D9: Online information and education campaign (Philippines)
D10: Data Protection self-assessment for SMEs (UK)
D11: OIPC Webinar Series (OIPC Ontario, Canada)
D12: “Corpus luris” (INAI, Mexico)
D13: National Privacy Commission Website (Philippines)
D14: Educational video series – Digital Footprints and Be Smart Online (Hong Kong)
D15: PAW Educational Posters (Hong Kong)
D16: “Be SMART Online” Thematic Website Enhancement (Hong Kong)
D17: The Six Data Protection Principles under the Personal Data (Privacy) Ordinance” Animation (Hong Kong)
D18: LINC, for Laboratoire d’innovation numérique de la CNIL is the new innovation and foresight tool of the CNIL (France)
D19: EU Data Protection mobile app (EDPS, European Union)
D20: Web-based tool for developers of health related mobile apps (USA)
D21: Online responsive self-service (France)
D22: Twitter account (Ireland)
D23: Access Rights and Responsibilities Guide (Ireland)
D24: Investigation into mobile device management (British Columbia, Canada)
D25: A “smart” online information request form (Canada)

D1: ‘AboutMe’ online access tool (New Zealand)


 

 

 

 

 

Entry by: Office of the Privacy Commissioner, New Zealand

‘AboutMe’ online access tool
The Privacy Commissioner developed an online tool called AboutMe to make it easier for individuals to ask agencies for their personal information by helping to draft a template email with all the details agencies need to respond to information requests. AboutMe also helps agencies by standardising requests for personal information and ensuring that they include all the relevant detail.

Why the initiative deserves to be recognised by an award?*
The AboutMe tool seeks to give better effect to a fundamental individual right and to ‘make privacy simple’ for both the subject and the data controller.

* Non-competition entry: New Zealand has exempted itself from the competition as the ICDPPC Chair, who is judging the competition, is also the New Zealand Commissioner. This entry is for illustrative purposes only.

Complete entry available here.

 

D2: AskUs a query-based online knowledge base (New Zealand)

 

 

 

 

Entry by: Office of the Privacy Commissioner, New Zealand

AskUs a query-based online knowledge base
AskUs is a query-based online knowledge base that is subject specific to privacy and New Zealand’s privacy legislation. Individuals are able to pose privacy-related questions to AskUs by entering their query in the AskUs online search field. The system is designed to produce a closely or exactly matching answer to the question.

Why the initiative deserves to be recognised by an award?*
AskUs is a flagship example of how the Office of the Privacy Commissioner is strategically configuring its resources to be able to assist more people more easily by providing smarter and more efficient online services. Digital technology and the Internet allow organisations to be able to help more people with more targeted tools for delivering assistance and advice.

The Office of the Privacy Commissioner is of the view that AskUs is achieving an important key performance indicator by making its advice and assistance available as easily, accessibly and widely as possible. While a formal evaluation of AskUs has yet to be carried out, it appears the online tool is reducing the enquiries workload on staff, freeing them to carry out other jobs.

AskUs is an example of how a successful and effective tool can be considered for use by other data protection and privacy authorities in their own moves to provide better public services within their respective privacy jurisdictions.

* Non-competition entry: New Zealand has exempted itself from the competition as the ICDPPC Chair, who is judging the competition, is also the New Zealand Commissioner. This entry is for illustrative purposes only.

Complete entry available here.

D3: A Privacy Compliance Assessment Web Application Tool (Mauritius)

Entry by: Data Protection Office, Mauritius

A Privacy Compliance Assessment Web Application Tool has been developed to enable data controllers to quickly and inexpensively check their compliance with the Data Protection Act.

Why the initiative deserves to be recognised by an award?
Most jurisdictions worldwide have developed comprehensive privacy laws which impose a number of obligations on organizations collecting personal data. However, the processes of ensuring compliance with privacy laws may be complex, lengthy, and costly. This is because such compliance work is usually undertaken by highly qualified experts, who need to examine in detail organizations’ flow of personal data across its lifecycle, from collection to disposal. Therefore, there is a pressing need to facilitate such privacy compliance. The advent of such a technological solution like the Privacy Compliance Assessment Web Application Tool is monumental and deserves recognition.

Complete entry available here.

D4: “Privacy App.” (Albania)

 

 

 

 

 

 

 

 

Entry by: Information and Data Protection Commissioner, Albania

Information and Data Protection Commissioner on the occasion of the 28 of January organised the “Privacy App.” competition. Three students teams reached the final stage of the competition and presented their privacy application. The winner application “IDP – Ankesa” give the possibility to individuals  to complain at  the Commissioner Office in an swiftly, easily and safely way, closer to the digital citizen.

Why the initiative deserves to be recognised by an award?
The application “IDP Ankesa” is available for download in the “Google play store” by all citizens in possession of an Android smartphone. Mobile technology has the potential to make services more flexible and citizens more informed, as they can access information anywhere at any time from their mobile device. This innovation enables anyone to file a complaint for any violation or misuse of personal data directly from their phone. The application is efficient, secure and easy to use.

As a newly introduced instrument, the application is also intended to raise the awareness of individuals and society, regarding the protection of their privacy.

Complete entry available here.

D5: Digital tool for citizens to report nuisance calls and messages (UK)

 

 

 

 

 

 

Entry by: Information Commissioner’s Office, UK

For citizens to report nuisance calls and messages to the UK Information Commissioner’s Office (ICO), so that we can take action against those responsible.

Why the initiative deserves to be recognised by an award?
The service is the key source of intelligence to identify and take action against those responsible for nuisance calls and messages in contravention of the Privacy and Electronic Communications Regulations. Its ease of use has led to high numbers of reports; the service allows us to easily manage this volume and use the intelligence without having to deal with each report as an individual case – helping us meet our strategic aims.

The results in numbers:

  • 40,000 reports received in the first 10 weeks;
  • 80% increase in the number of reports received – from an average 2,300 to 4,150 a week;
  • 92% completion rate.
  • Over £2.5m issued in fines since the start of 2016 (using information from the tool and its predecessor).

Comments from users:

  • “We now have somewhere to go to report these unwanted calls in the hope that action will be taken against them. Website is easy and clear to use.”
  • “It’s nicely streamlined, straightforward and without bogging the user down with too much information – important when users may be wanting to make a complaint whilst being a bit flustered due to having been annoyed by unsolicited sales calls.”
  • “New nuisance call complaint form is a great improvement.”

Complete entry available here.

D6: YouTube channel (Canton of Zurich, Switzerland)

 

 

 

 

 

 

Entry by: Data Protection Authority of the Canton of Zurich, Switzerland

To encourage and stimulate young people to address data protection and privacy issues according to their focus, in their own language, with their own means, while using the platform they are most often on. Therefore a Youtube channel was provided for them by the Data Protection Authority, kick-starting the initiative with a video from Youtubers entitled «Why privacy matters?».

Then a first competition for Youtubers was launched. Videos on the topics of data protection and privacy could be submitted.

Why the initiative deserves to be recognised by an award?
The initiative is a unique approach to address the fundamental question «Why privacy matters?». Young people are given an incentive to discuss and reflect on the topic of privacy and data protection in their own way of thinking. The results are reflected in Youtube videos which represent own experiences and ideas.

The Data Protection Authority launched the Youtube channel with a first video with statements of four Youtubers on privacy and data protection. By initiating a first competition a peer to peer dialogue was implemented which was further supported by two commissioned videos of the Data Protection Authority on the subject of passwords, both produced by Youtubers.

This approach complements the most common way of disseminating information and building awareness by Data Protection Authorities. Getting online users, who typically are not intensely engaged in privacy, to disseminate their reflection on privacy to their peers by producing a video, opens a platform usually not accessible by a common approach. The success of this approach was made obvious by the fact that thousands of clicks on the sites were registered in the first few weeks.  And it needs to say, the Data Protection Authority has to be open and a bit venturous in not intervening in the single content of a video.

Complete entry available here. Attachment available here.

D7: Datenschutz.ch App (Canton of Zurich, Switzerland)

 

 

 

 

 

 

Entry by: Data Protection Authority of the Canton of Zurich, Switzerland

Creating a tool, an app, which combines all needs of today’s mobile and interactive user. It enables the user to get in touch promptly with competent staff or report data protection issues of any kind. It provides access to other useful tools such as a password check, direct access to sample forms to get access to one’s personal information, instruction to one’s rights as well as access to all publications of the Data Protection Authority.

Why the initiative deserves to be recognised by an award?
The App is a unique tool which gives a full portfolio of information and supporting tools to all individuals. It’s not just an index with links to the website of the Data Protection Authority but an interactive tool. For instance the integrated password check is a smart tool which analyzes a password and gives tips how to generate a secure and strong password.

The app fulfills the standards of a privacy friendly and secure application. It is by itself an example of «privacy by design».

This app answers the needs of today’s mobile and independent users. The app has already been downloaded by thousands. It complements the Data Protection Authority’s task in consulting with individuals and public bodies as well as in disseminating information. Needless to say that this smart tool is available whenever you want and wherever you are.

Complete entry available here. Attachment available here.

D8: System of Access, Rectification, Cancellation and Opposition of Personal Data of the State of Mexico (SARCOEM) (Infoem, Mexico)

 

 

 

 

 

 

Entry by: Transparency, Public Information Access and Personal Data Protection Institute of Estado de México and municipalities, Infoem, Mexico

Sarcoem is a computer system that allows ARCO rights to be exercised to authorities of the State of Mexico and Municipalities by Internet, to file an appeal against (review), verifying compliance and management to the profiles of various users.

Why the initiative deserves to be recognised by an award?
Sarcoem is an innovative system, there is no reference to a similar system at the global level in the public sector.

It is Infoem development, with level and security measures adequate to carry out the management of requests ARCO, also has Secure Socket Layer certificate.

Sarcoem is an example of efficiency, effectiveness and economy, considering that Infoem has a limited budget for the fulfilment of its obligations compared to other authorities (the general budget of the Institution was about 5´000,000 euros last year, conversion of April 3, 2017), a part of which is used for administration and maintenance of proprietary systems through a Directorate specialized in information technologies.

It is a simple, free and easily accessible system for citizens, available 24 hours 365 days a year. A system with a philosophy of continuous improvement, as its operation is constantly evaluated to increase safety and efficiency measures. Focused to an important target population, since only the State of Mexico had 16’187,608 population in 2015 (last official census).

System with global users, makes possible the exercise of ARCO rights from anywhere in the world by authorities of the State of Mexico and Municipalities.

Complete entry available here.

D9: Online information and education campaign (Philippines)

 

 

 

 

 

 

Entry by: National Privacy Commission, Philippines

The National Privacy Commission’s online information and education campaign utilizes social media to maximize its limited resources and reach as many people as possible by providing compelling content to raise awareness, elevate public discourse, and ensure that every Filipino understands their right to data privacy, and to hold accountable those who violate it. They are some of the Commission’s most potent tools in achieving its goal of building a culture of privacy in the Philippines.

Why the initiative deserves to be recognised by an award?
In a country where the concepts of data privacy and protection have yet to find solid ground in the minds of industry leaders and the general public alike — despite being victims of the largest personal data breach in a government-held database in the world — the NPC’s online information and awareness campaign attempts to introduce the need for good personal data privacy hygiene practices to the everyday Filipino. It capitalizes on the Filipino population on Facebook, a whopping 60 million users, by using references from popular culture and current events to help make privacy and personal information household terms and an everyday concern.

Through a constant stream of daily content and compelling messages, the Commission aims to concretize the concepts of data privacy and protection to the ordinary citizen, explaining how the very real dangers of ineffective or inadequate privacy practices can affect their personal and professional lives. It is also an avenue for the Commission to address inquiries and concerns. Overall, the online platforms are designed to be consistently engaging in order to demystify data privacy and really communicate the message of the Commission — that data privacy isn’t just for lawyers or IT people, it is for everyone.

Complete entry available here.

D10: Data Protection self-assessment for SMEs (UK)

 

 

 

 

 

 

Entry by: Information Commissioner’s Office, UK

Data Protection self-assessment for SMEs
For organisations, particularly small and medium sized enterprises, to quickly and easily assess their compliance with the Data Protection Act in a range of areas, and get targeted guidance on what they can do to improve.

We are currently working on improvements to the tool, expected to go live in May 2017. We would like them to be included as part of this entry and we have detailed them below.

Why the initiative deserves to be recognised by an award?
We undertake regular testing with users on our website. We’d heard that many organisations struggled to know where to start. This tool helps organisations by highlighting key areas, and giving advice based on the organisation’s particular needs.

As part of the ICO’s digital and IT strategy we aim to be digital by default, and more self sufficient when building and maintaining our digital services. The tool provides a service that would usually require input from ICO staff via our helpline, email or post. We have built the technology with common, re-usable components within our open source content management system so that we are able to create new checklists without reliance on third party developers.

The tool receives an average 9,000 visits each month.

Comments from users:

  • “The toolkit allows us to review and identify any data protection gaps and confirm that the processes we have are sound. Our core business is providing a service to patients and part of this is safely handling their data.”- Orthodontic practitioner
  • “The tool was very simple to use and provided a wealth of information. This is a great tool for a beginner or an experienced information practitioner. The toolkit has highlighted weak spots with our information security that we will now work on.”- Consultancy service provider
  • “I recommend any and all companies to use this tool.” – Marketing company group manager

Complete entry available here.

D11: OIPC Webinar Series (OIPC Ontario, Canada)

 

 

 

 

 

Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada (OIPC)

OIPC Webinar Series
We fulfilled our commitment to increased engagement with our public and professional audiences across Ontario by leveraging the use of online tools. To help with this province-wide outreach, the OIPC launched a webinar series on in-demand access and privacy issues facing Ontarians and the institutions that serve them. This online series has helped us overcome geographical barriers to delivering our mandate on behalf of all Ontarians, regardless of where they live or work.

Why the initiative deserves to be recognised by an award?
Our webinar series has opened the door to more consultation and collaboration with our diverse audiences. It has increased the OIPC’s profile and visibility, and allowed us to build a truly province-wide presence as we deliver our mandate and serve all Ontarians. Essentially, this is what makes this initiative deserving of recognition. With the use of this online tool, the OIPC has expanded its geographic footprint and is fulfilling its mandate to educate the public about Ontario’s access, privacy and health privacy laws. The result has empowered the OIPC and Ontarians, alike. More than ever before, we are consulting with each other on evolving and emerging access and privacy issues facing Ontario’s public and health sectors. Our webinar series has made it possible to communicate with each other in real-time, across the province, from urban centres to remote areas, and share guidance on best practices that serve as access and privacy benchmarks to help institutions meet their responsibilities under the law.

Complete entry available here.

D12: “Corpus luris” (INAI, Mexico)

 

 

 

 

 

Entry by: INAI, Mexico

The “Corpus Iuris” on personal data protection is an electronic tool based on a search engine which allows the identification of:

  • International instruments on personal data protection, privacy, intimacy, and habeas data in the different human rights systems: American, European, African, the United Nations, as well as in specialized bodies, such as the Special Rapporteur on the right to Privacy of the UN.
  • Jurisprudential criteria that international jurisdictional bodies have issued regarding these rights.

Why the initiative deserves to be recognised by an award?
In the first place, it is useful to have a computer-based tool through which the jurisdictional and administrative authorities can have access to the criteria for the application of the legislation in this subject, allowing them to improve the argumentation in specific cases of application of the law. Also, in Ibero-American countries, this tool is particularly important to achieve an adequate level of conventionality through an exercise of legal interpretation in which the application of international human rights norms is privileged over domestic provisions, when the latter provide lower protection of human rights.

On the other hand, it is also useful to provide individuals and society in general with relevant and updated information related to the right of personal data protection, to the provided mechanisms for its exercise and defense, as well as to the different criteria issued in this subject by international organizations. This, to ensure that the data subject has the necessary information to fully exercise her/his rights to personal data protection, privacy, and informational self-determination.

Complete entry available here.

D13: National Privacy Commission Website (Philippines)

 

 

 

 

 

Entry by: National Privacy Commission, Philippines

National Privacy Commission Website
Serving as an initiative on compliance and enforcement as well as on education and advocacy, the National Privacy Commission (NPC) has organized DPO1: The First Philippine Data Protection Officers’ Assembly for government on April 5, 2017. In just over a year following its establishment, the NPC was able to convene representatives from 295 government agencies through DPO1 and secure their compliance to designate data protection officers (DPOs). The NPC also launched its official website during the event.

Why the initiative deserves to be recognised by an award?
Through DPO1, the NPC has activated government DPOs, as counterpart privacy watchdogs within their respective agencies. The event equipped them, enabling a quick mastery of their new responsibilities—to champion data privacy and make it an organizational priority. DPO1 also facilitated the creation of a DPO community, armed with the means to raise awareness and elevate public discourse on data privacy.

With a high satisfaction rating (4.5 of 5) among participants, leaders from several sectors already signified their interest to collaborate with the NPC in replicating the DPO1. They include the following sectors: banking and finance, business process outsourcing, health, and education.

Complete entry available here.

D14: Educational video series – Digital Footprints and Be Smart Online (Hong Kong)

 

 

 

 

 

 

 

Entry by: Privacy Commissioner for Personal Data, Hong Kong

Educational video series – Digital Footprints and Be Smart Online
Two series of educational video were launched in 2016 and 2017 respectively, aiming to explain the importance of respecting personal data privacy of others and the privacy risks associated with digital footprints, as well as providing general advice on use of information and communications technology, in a humorous and lively way by using fictional characters. The videos are also uploaded on social media platforms for reaching the wider audience.

Why the initiative deserves to be recognised by an award?
There is little doubt that the use of audio-visual materials for educational purpose is an effective means to deliver the message especially to the young.

To cultivate a culture of “Protect and Respect Personal Data”, it is of utmost importance for public educational programmes to adopt effective and impactful means to convey messages, and ensure those messages are up-to-date. PCPD has been making effort in producing and using videos for educational and publicity purposes so as to provide up-to-date advice and reminder to meet the evolving demand on educating the public on data privacy issues.

The educational videos also demonstrate a continued effort of riding on existing educational initiatives and creating synergies on both online and offline publicity programmes. The ongoing educational efforts targeting young generation are apparently strengthened by the use of educational videos providing advice on the latest usage in ICT with data privacy implications.

Complete entry available here.

D15: PAW Educational Posters (Hong Kong)

 

 

 

 

 

 

 

 

Entry by: Privacy Commissioner for Personal Data, Hong Kong

PAW Educational Posters
To echo the theme of Privacy Awareness Week 2016 (“PAW 2016”), the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”) specially designed four posters covering topics on children privacy, phone scam, privacy setting and sending emails to convey the messages of protecting own personal data and respecting those of the others in daily life. These downloadable posters are provided to the public as well as Asia Pacific Privacy Authorities (“APPA”) members.

Why the initiative deserves to be recognised by an award?
These bright and colourful posters are designed to convey messages about privacy in a clear and straightforward manner. The use of comic characters makes them more appealing and gives the public a stronger impression.

The posters serve as a major educational and promotional tool, as they are displayed in the educational talks to senior citizens, DPOC activities and other PCPD’s promotional and educational events. The posters allow the public to have a general picture of the privacy issues in the daily life and raise their awareness of privacy effectively.

These posters have also been widely adopted by the APPA members as a means of promotion during the PAW 2016 with much appreciation on the design and messages conveyed.

Complete entry available here.

D16: “Be SMART Online” Thematic Website Enhancement (Hong Kong)

 

 

 

 

 

 

 

 

Entry by: Privacy Commissioner for Personal Data, Hong Kong

“Be SMART Online” Thematic Website Enhancement
To enhance both the content and accessibility of the “Be SMART Online” thematic website of the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”), a website enhancement project was carried out in 2016/17 to incorporate more detailed information and tips for protecting online personal data privacy. The project has been completed with the launch of three new sections and a mini-site – “Think Privacy! Be Smart Online”.

Why the initiative deserves to be recognised by an award?
As a unique thematic website that promotes online personal data privacy in Hong Kong, it is essential for the “Be SMART Online” thematic website to keep providing the most up-to-date resources and useful tips to the members of the public to safeguard their own personal data. This enhancement project has included fruitful resources on the prevailing ICT-related privacy issues, and developed an interactive mini-site to guide the reviewers to look for further information.

The project, by enhancing both the content and accessibility, has generated significant increase in website traffic. The number of visits to the thematic website in the first quarter of 2017 has increased by 37.5% compared to the fourth quarter of 2016, and recorded a three-fold increase over the same period last year.

The accessibility of the thematic website has been recognised and won the Gold Award in the “Web Accessibility Recognition Scheme 2016” that was jointly organised by the Office of the Government Chief Information Officer and the Equal Opportunities Commission in Hong Kong SAR.

The website has also been specifically introduced to students, elderly and members of the public as well as representatives of organisations during talks and public outreach occasions.

Complete entry available here.

D17: The Six Data Protection Principles under the Personal Data (Privacy) Ordinance” Animation (Hong Kong)

 

 

 

 

 

 

 

“The Six Data Protection Principles under the Personal Data (Privacy) Ordinance” Animation
It is the first animation produced by the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”). It introduces the key definitions under the Ordinance, such as “personal data”, “data users” and “data subjects”, and illustrates the entire life cycle of a piece of personal data. It also elaborates the six data protection principles (“DPPs”) that data users/controllers have to comply with.

Why the initiative deserves to be recognised by an award?
Animation is a creative and effective approach to illuminate the six DPPs, as it is more eye-catching, dynamic and entertaining than reading plain text. Viewers’ attention can be drawn easily and held for a relatively longer period of time, which helps creating a stronger impact and vivid impression.

Besides, animation can reduce viewers’ time and effort in learning, as it creates a more relaxing and interactive learning atmosphere, which encourages them to assimilate the knowledge and the messages involved.

The entire life cycle of a piece of personal data and the six DPPs can be a complex and abstract topic to viewers. Under the clear guidance of the narrator in the animation, viewers can explore the subject step by step and pay close attention to the key ideas highlighted.

Through a story-based example, viewers can have a better understanding of the close relationship between personal data privacy and their daily life.

The animation is played in our workshops, seminars and talks and viewed by our target audience ranging from organisations, students, the elderly to the general public, and it plays an essential role in introducing the six DPPs.

Complete entry available here.

D18: LINC, for Laboratoire d’innovation numérique de la CNIL is the new innovation and foresight tool of the CNIL (France)

 

 

 

 

 

Entry by: Data Protection Commission (CNIL), France

LINC, for Laboratoire d’innovation numérique de la CNIL is the new innovation and foresight tool of the CNIL: a triple project based on: an online media; a physical space, where we can organise workshops, conferences and meetings with innovation actors (entrepreneurs, researchers, artists, writers); and  a research and experimentation platform, to develop and test new tools for privacy.

Why the initiative deserves to be recognised by an award?
Having an innovation and foresight team inside a national data protection is probably quite a unique initiative around the world. The different facets of the LINC project are all based on several key core assumptions, mainly trying to :

  • embody the idea that a DPA can have a second “voice” to be a part of the global conversation around ethics and society issues, a voice supplementing the traditional “regulatory” one, with all its (normal and useful) constraints;
  • avoid the spread of a (baseless) opinion that a regulator’s job is basically to kill or at least prevent or slow innovation;
  • create a “demilitarized zone” where the regulator can interact with innovation ecosystems actors away from an overlooking vantage point and right “in the middle of the playing field”.

The whole LINC project, piloted and designed by CNIL innovation and foresight team, is creating the condition for the growing inclusion of the regulator in the innovation ecosystem, and not only to create some tedious points of contact with these actors. This is a game changing opportunity for regulators to nudge the entrepreneur’s views of the role of regulation, and to make ethical issues an ecosystemic debate.

Complete entry available here.

D19: EU Data Protection mobile app (EDPS, European Union)

 

 

 

 

 

 

 

Entry by: European Data protection Supervisor

EU Data Protection mobile app
The EU Data Protection mobile app was an in-house exercise at the EDPS, involving all data protection and communication units. The app has been considered as a real novelty, representing an innovative and informative way in which to promote and improve the legislative process, especially in relation to the important topic of data protection.

The app was also a useful tool during the trilogue phase of negotiations on the General Data Protection Regulation (2015-2016). It allowed users to easily compare the proposed texts from the Commission, the Parliament and the Council alongside EDPS recommendations. The app was updated in July 2016 with the final texts, to allow transparent comparison with previous legislation.

The EDPS wants data protection to go digital. Technology continues to develop and data protection must develop with it. By creating the app we were able to increase the transparency of the legislative process for all those interested, inside and outside the EU, whilst embracing technological change.

Why the initiative deserves to be recognised by an award?
The EDPS aims to be an epicentre for creative ideas and innovative solutions, and to benefit from new technologies to make data protection more accessible. The EU occupies a privileged position as the point of reference for much of the world on privacy and data protection. But for the EU to continue being a credible leader in the digital age, it must act on its own fundamental principles of privacy and data protection, and it must act quickly.

After many years of talk, the reform of the EU data protection rules was more urgent than ever. It was therefore vital to make data protection easier, clearer and less bureaucratic, so that it will underpin the digital world now and into the future.

Individuals, public authorities, companies and researchers needed a rulebook which is unambiguous, comprehensive and robust enough to last two decades and that can be enforced as required by the European and national courts as well as by truly independent data protection authorities.

The EDPS wanted to be a proactive and influential partner in the discussions between the European Commission, Parliament and Council on the data protection reform, in particular in the final trilogue. We have helped legislators to find pragmatic solutions to strengthen the roles of individuals and supervisory authorities, and the accountability of controllers, while simplifying existing formal requirements where necessary. Data protection needed to be more dynamic and less bureaucratic.

Complete entry available here.

D20: Web-based tool for developers of health related mobile apps (USA)

 

 

 

 

Entry by: U.S Federal Trade Commission

The Federal Trade Commission has created a new web-based tool for developers of health-related mobile apps, which is designed to help the developers understand what federal laws and regulations  might apply to their apps. The FTC developed the tool in conjunction with the Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR) and the Food and Drug Administration (FDA).

Why the initiative deserves to be recognised by an award?
Mobile app developers need clear information about the laws that apply to their health-related products. As the number of mobile health products available today continues to rise, it’s important to clarify for developers how various agencies’ regulations would apply to their app. As a result, consumers will be presented with effective, private, and secure products to support better health, smarter spending and a healthier population.

Complete entry available here.

D21: Online responsive self-service (France)

 

 

 

 

 

 

 

 

Entry by: Data Protection Commission (CNIL), France

Online responsive self-service

  • Implementation of a self-service on the CNIL’s website with approximately 500 frequent questions-answers on data protection, rights and obligations and the powers of the supervisory Authority.
  • Electronic contact forms to ask a question to the CNIL

Why the initiative deserves to be recognised by an award?
CNIL is the only Data Protection Authority to propose so supplied FAQ and using these innovative technological tools widely used in the sector of the e-commerce. This service a real need for individuals and professionals: 191 860 consultations in 2016; 12 231 queries received by electronic forms. It allows us to have a better knowledge of the subjects and type of queries interesting the general public. It also allows us to answer simply and quickly news headlines (for example, concerning the European general data protection Regulation) or recurring queries by supplying to the users an immediate on-line clear answer, so avoiding low value-added contacts.

Complete entry available here.

D22: Twitter account (Ireland)

 

 

 

 

 

 

Entry by: Data Protection Commissioner, Ireland

In November 2016, the Irish DPC launched its first ever Twitter account, as a tool for engaging stakeholders and extending the reach of our message to an even wider audience. Since its launch, the account has gone from strength to strength, with the ICDPPC itself citing it as the fastest growing DPA Twitter account in the world. In almost six months since launch, the account has attracted over 1,500 followers and garnered in excess of 550,000 impressions for our outgoing tweets.

Why the initiative deserves to be recognised by an award?
We believe that the account deserves recognition for the way in which it generates and utilises content, and its extraordinary success in extending that information to the widest possible audience. With over 550,000 impressions in almost six months, @DPCIreland has successfully increased awareness around data protection in general, and GDPR readiness in particular. We look forward to continuing to build this initiative in the run-up to May 2018 and on into GDPR implementation.

Complete entry available here.

D23: Access Rights and Responsibilities Guide (Ireland)

 

 

 

 

 

 

 

 

Entry by: Data Protection Commissioner, Ireland

Access Requests account for the greatest number of complaints to the Irish DPC every year, accounting for 56% of all complaints received. We decided that a renewed awareness raising campaign was needed, so that access rights and responsibilities would be highlighted in advance of GDPR. The PDF guide that we published, along with the infographic ‘check list’ for individuals and organisations has been praised for its clear use of language, and its comprehensible format.

Why the initiative deserves to be recognised by an award?
We think this work deserves recognition as it was conceived in response to the needs of our stakeholder body, and represents a successful shift in format towards the kind of clarity that individuals and organisations have been seeking. We are prioritising plain, clear language and an easily digestible format. Our belief is that the more comprehensible the guidance, the greater the levels of compliance. We have really put a lot of effort into developing a style and format that meets the needs of our stakeholders, and we plan to take this forward into the future.

Complete entry available here.

D24: Investigation into mobile device management (British Columbia, Canada)

 

 

 

 

 

 

 

 

Entry by: Office of the Information and Privacy Commissioner for British Columbia, Canada

Our investigation into mobile device management in the BC government was conducted concurrently with an audit by the BC Auditor General. The two reports were presented simultaneously at a joint news conference by Information and Privacy Commissioner Drew McArthur and BC Auditor General Carol Bellringer. The offices worked together to create a guidance document for the general public, which was successfully promoted on social and news media.

Why the initiative deserves to be recognised by an award?
The government of BC has issued more than 12,000 mobile phones to ministry employees, many of whom manage personal information of BC residents every day in the course of their work. The potential for a privacy breach, whether accidental or intentional, is very high. This initiative represents a highly successful collaboration between two independent Officers of the Legislature to proactively address the government’s management of personal information. Each office conducted its own investigation on the topic of mobile device management in the BC government, then presented the findings together at a joint news conference. The two offices also worked together on a guidance document for the public that provided 15 top tips for mobile device security and privacy. The approach amplified the results for each office, generating significant media coverage and public awareness of this issue.

Complete entry available here.

D25: A “smart” online information request form (Canada)

 

 

 

 

 

 

 

Entry by: Privacy Commissioner of Canada

In April of 2015, the Office of the Privacy Commissioner of Canada launched a “smart” online information request form. The form dynamically provides users with information and links to advice and guidance. It enables the Office to provide users with some immediate online assistance with their privacy questions and concerns by automatically giving them information relevant to their request while in the process of submitting their query. The form’s “smart” features were further enhanced in March 2017.

Why the initiative deserves to be recognised by an award?
This initiative helps Canadians better understand their privacy rights and what they can do to protect them. It also responds to Canadians’ desire for quick, easy and online access to government services.

The form is practical and offers efficiencies for users and for our Office. It also illustrates how privacy considerations can be addressed in tandem with online innovations.

Users receive information tailored to their particular circumstances, allowing them to quickly determine possible courses of action (e.g., accessing more information, contacting another organization, submitting a complaint to our Office, etc.). They can also access the form at their convenience. If the information sufficiently addresses their issue, they often no longer need to submit a request, as evidenced in the usage statistics. However, even if the information doesn’t address their needs, it provides them with useful information or context that they can use to complete their information requests or during any subsequent interactions with our Information Centre.

From the Office’s perspective, the “smart” form enables the Office to respond to users’ needs using existing guidance and information. It also reduces the load on the Office’s Information Centre resources to a degree, as it deals with many of the issues that Canadians regularly contact the OPC about. And it makes it possible to provide some level of assistance outside business hours for those who need it. Further, given that the form provides some feedback in relation to jurisdiction, the “smart” feature can help manage clients’ expectations ahead of their interactions with our Information Officers in those cases where we may not have jurisdiction, and facilitate their interactions with our provincial and territorial partners.

Complete entry available here.