BUSINESS NAME Executive Committee ICDPPC Communique Newsletter of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners
HIGHLIGHTS: Volume 1, Issue 6 September, 2015 Update on previous resolutions Message from the Chair 37 Conference: Closed session It is only three weeks now until we gather in Amsterdam Commissioner pro- for the 37th meeting of our collective. The Executive Com- files mittee and host have put a GPEN Network of great deal of effort into organ- ising a stimulating and relevant Networks agenda for the closed, and public sessions.
However the success of the events will be determined by the level of engagement with the wider conference commu- Inside this issue: nity. I urge all members to contribute to the success of The London Initia- 2 the conference by coming pre- tive pared to discuss the issues we face in dealing with technologi- Children’s Online 4 cal advances in genetics and Privacy health data, and the role that DPAs can have in their national Amsterdam Con- 5 conversation about the legiti- ference and side mate role of and constraints on events security and intelligence organi- sations. GPEN- Network of 6 networks Please also take the time to review the proposed rule 2017 hosting pro- 7 changes and resolution on our posals strategic direction, to continue the evolution and maturity of Comings and go- 7 the conference, and if there We will of course need also to pendent authorities, and am ings of commission- are aspects or proposals you reconstitute our Executive happy to offer to continue to ers disagree with, to make con- Committee as Mauritius and provide the leadership and structive suggestions for alter- the USA will retire, and Mo- secretariat functions for a fur- 37 Conference: 8 native formulations. rocco, as the next host will ther term to build on the pro- closed session join. We will need to elect a gress we have made. speakers We will be discussing a resolu- new member to represent the I look forward to meeting old tion on Transparency Report- Americas, and I am pleased to friends and new ones in Am- Partner in privacy: 11 ing, which builds on the work advise that the Office of the sterdam! Council of Europe of the Berlin Group and oth- Privacy Commissioner of Can- ers, one to provide for the ada has signalled its willingness assistance to, and support of to fill that role. Having served John Edwards - New Zealand Commissioner 12 the UN Special Rapporteur on one year as Chair of the Exec- Privacy Commissioner and Chair profiles Privacy, and another on Privacy utive Committee I am starting of the ICDPPC Executive Commit- in International Humanitarian to understand the dynamics tee Action. and mechanics of working with such a diverse range of inde- Page 2 Executive Committee ICDPPC
The London Initiative – Communicating Data Protection and Making it More Effective
Those with long memories municating our messages, to paigns and employing may well remember the influ- work with other stakeholders, communications profes- ential “London Initiative”, so and to make good use of our sionals. called after venue of the 28th powers of investigation and
Conference in 2006 when it enforcement. Supporting these lines of ac- was launched. tion and integral to the Lon- Building on this starting point, don Initiative was a set of The London Initiative was the the London Initiative went on closed workshops for DPAs first time our international to identify three challenges to share experience and de- community of data protection which successful DPAs need velop good practice. Exam- and privacy commissioners to rise to: ples of such workshops includ- came together to work, not ed: on policy issues, but on the keeping up with the pace of
practical ways in which we technological change; Public Awareness and could rise to the many organi- responding to legal develop- Communications (Host: sational and presentational ments especially around anti- CNIL, Paris) challenges we faced. In many terrorism legislation; ways it represented a “coming fostering a positive reputation Strategies for Data Pro- of age” for DPAs - a recogni- for both data protection and tection Authorities (host: tion that we are grown-up for DPAs. ICO, London) organisations with an im- Enforcement Activities portant job to do that re- To address these challenges (Host EDPS, Brussels) quires us to evaluate our three lines of action were Internal Organisation of working methods and maxim- proposed. DPAs would: DPAs (Host: OPCC, ise our efficiency and effective- Ottawa). ness – something that other Change practices so as to Responding to Data organisations do routinely. act in new, more effec- Breaches (host: EDPS, The aims of London Initiative tive and relevant ways. Brussels) remain important and relevant This included being more Strategic planning and today. coordinated, strategic Asia Pacific Experience and technological and less (host: NZ OPC, Welling- The idea for the London Initia- legalistic. DPAs would tive came from Alex Turk, ton). need to set priorities President of the French Data concentrated on the main Was the London Initiative a Protection Authority (CNIL). risks for individuals and success? From our vantage He was quickly joined by Pe- be pragmatic and flexible. point in the UK it’s undoubt- ter Hustinx (EDPS) and Rich- edly the case that DPAs have ard Thomas (UK Information Reflect together on how become more effective and Commissioner) who, with the to obtain better interna- efficient. And we’re certainly support of several other au- tional recognition of our getting better at communi- thorities from around the work and how to involve cating our messages – take for world presented their initia- other stakeholders. This example, the setting up of the tive to the 2006 Conference. included improving the ICDPCC website and this There was no resolution for functioning of the Con- Communique. adoption but many other au- ference, promoting the thorities accepted the invita- development of an inter- Of course not all these devel- tion to support the initiative national convention, and opments are down just to the and join its activities that fol- cooperating with civil London Initiative but it cer- lowed for several years. society. tainly played its part. The reform of the organisation of The starting point for the Develop and implement our Conference stemmed Initiative was a realisation that directly from the London our vital work protecting new communications strategies at national and Initiative as did, less directly, citizens’ personal data would our new arrangement for only become a reality if data international levels. This included seeing better enforcement cooperation. The protection rules were to be workshops really did involve complied with in practice. For communications as a key objective, initiating pow- the sharing of ideas on good this to happen we would have practice. A communication to be more effective in com- erful and long term tar- geted awareness cam- officers’ network was estab- Volume 1, Issue 6 Page 3
-lished, we’ve all increased our used building confidence and technological capability and In any case we need to be capacity amongst the newest, many of us now develop and true to our own word and set smallest and least strong of publish strategies. priorities at International our DPA community. Conference level. Rightly So where to now? Should we we’re concentrating now on By David Smith - Deputy Com- try to repeat our success? I’d international enforcement missioner , Information Commis- suggest not. The London cooperation which is a neces- sioner’s Office, UK Initiative was of its time. To sary response to the increas- the credit of everyone in- ingly globalised nature and volved the programme of extent of the threats to priva- workshops ran its course and cy and data protection. then stopped. The thinking Furthermore while the Lon- behind the Initiative undoubt- don Initiative workshops at- edly remains valid but it’s tracted participation from doubtful if, for the time being around the world, involve- at least, we have either the ment came predominantly capacity or the energy to or- from the larger European ganise further workshops on authorities. Perhaps any col- such a wide range of topics at lective effort we might have to a global level. spare would be better now
Credit: Stephen J Johnson – creative commons licence Page 4 Executive Committee ICDPPC
Resolution on Children’s Online Privacy (2008)
Continuing our series on past and websites they examined Conference resolutions collected personal information from children and whether Since the resolution on Chil- protective controls existed to dren’s Online Privacy was limit that collection. The re- adopted at the 30th Confer- sults of this collaboration are ence in 2008, much effort has providing great insight into the been directed at helping to challenges that children en- safeguard the privacy of chil- counter online. dren and youth in the online environment. The resolution is even more relevant today than in 2008 Data protection agencies from with the rise in mobile tech- around the world have devel- nologies and the constant oped and made tools available connection individuals now to schools and parents in the have with their devices and form of lesson plans, curricula, the internet. Although much and tip sheets. These re- has been done to help protect sources teach young children the privacy rights of children, and older youths about their we need to continue our ef- privacy rights and how to forts as the online environ- protect their personal infor- ment evolves and the way mation online. Many offices youth interact with these have also engaged youth technologies change. through the creation of webpages, which host interac- By Barbara Bucknell, Director of tive tools such as privacy quiz- Policy and Research, Office of Privacy Commissioner of Cana- zes, activity sheets, and graph- ic novels, to name a few. da
Over the last several years, several landmark investiga- tions have served to clarify legal requirements around the collection, use and disclosure of children’s and youth’s per- sonal information online and have provided useful guidance to industry about acceptable practices. Issues investigated include the use of children’s personal information for be- havioural advertising and pri- vacy controls on a youth so- cial media site.
Earlier this year, privacy pro- fessionals from 29 DPAs par- ticipated in the Global Privacy Enforcement Network’s (GPEN) Sweep of Children’s Websites to highlight the pri- vacy issues currently facing children online. Sweepers assessed whether the apps Volume 1, Issue 6 Page 5
Developments on the Amsterdam Conference
The preparations for the Am- mation on the side events is sterdam Conference are in Korsakovs’ Sheherazade suite. available on the Conference the final stages. More than 60 A representative of the RCO website. delegations from data protec- will explain more about the tion and privacy authorities Orchestra and their interna- We are pleased to announce that Eberhard van der Laan, have already registered for the tional performances. On the mayor of the city of Amster- Conference website, you will Conference, and we look dam, will officially open the forward to welcome you all to find more information about public Conference on Amsterdam on Sunday 25 the dinner and the musical Wednesday 28 October. October 2015. Also for the rehearsal. Open Session, the number of If you have not yet registered registrations is growing fast. We are looking at a full Con- for the Conference, please do ference week. Next to the 1,5 so in the coming days to make sure you won’t miss the For those of you attending the days of Closed Session and 1,5 chance to take part in all these days of Open Session, both Closed Session dinner on International Conference Monday evening, we have a the Tuesday and Thursday events. If you can’t find your special treat in store. The afternoons have been filled registration code, please do Royal Concertgebouw Or- with various interesting side not hesitate to contact Rosali- chestra (RCO), will be re- events. We certainly encour- en Stroot at the Dutch DPA: hearsing at the dinner venue age you to attend some of [email protected] and has agreed to allow all these events, and maybe join By Paul Breitbarth, Senior Inter- guests to attend part of their IAPP for their George Orwell- national Officer , Dutch DPA rehearsal. They will be playing themed welcome reception the first part of Rimsky- on Tuesday night. More infor-
“The Privacy Fringe”: Side events in vicinity of October Conference
Nowadays major established that have been arranged. Please events are often accompanied note that some events are invita- by peripheral happenings. tion-only or member-only or Sometimes these ‘fringe’ events may in some cases already be are orthodox meetings simply booked out. Details of side- taking advantage of the pres- events that are open to attend- ence of a groups of people ance can be found through the having a common interest. In links at other cases they offer some- www.privacyconference2015.org thing a little more ‘edgy’ or /side-events/: NGFG & CEDPO: DPO: Building Bridges Between International Legislation and the Data-Driven avant-garde than the main of- NYMITY: Getting to Ac- fering. countability: Maximizing World Your Privacy Management Common Thread Network: Next Steps for Data The Dutch DPA has successful- Program Protection in the Commonwealth ly encouraged other organisa- PHAEDRA Workshop: Microsoft: Data Centre Tour tions to arrange their events on Cooperation between Working Group on Digital Education: Competi- the margins of the Amsterdam DPAs under the GDPR: tions and tutorial kits on privacy: Which best ap- conference and this will likely prospects, practicalities and proach to efficiently target at young people? make delegates’ travel to the a to-do list Future of Privacy Forum: New Technologies – 37th Conference more worth- GPEN Meeting: 2016 and New Privacy Approaches? while. beyond – A New Era in Symantec: Privacy perceptions of European con-
Two large public events are the Global Enforcement Coop- sumers 2015/ Preventing Personal Data Loss in the APC and PLSC Conferences - eration Corporate Environment the Amsterdam Privacy Con- CIPL & NYMITY: Bridging University researchers: The Anonymization of ference and the Privacy Law Disparate Privacy Regimes Clinical Trial Data in Practice Scholars Conference.. through Organizational Information Accountability Foundation: Ethical Accountability Data Stewardship for a 21st Century Data World The following list mentions a IAPP: Privacy in Art – Or- UN Global Pulse Privacy Advisory Group Annual selection of the smaller events well’s 1984 Meeting Page 6 Executive Committee ICDPPC
GPEN - Networking the networks
The GPEN Network of Net- and seek to identify suitable globe, networks based on works project was launched in areas for collaboration be- linguistic commonalities, and networks from multiple sec- June at the International En- tween the networks. Perhaps tors. In this way, this new forcement Cooperation Meet- most importantly, the Liaison GPEN project should maxim- ing in Ottawa, Canada. The Officer will provide a day-to- ize the transfer of good en- project is based on recogni- day contact point between the forcement practices among tion that there are many net- two networks. Where the networks and, ultimately, en- works of privacy enforcement Liaison Officer is a member of hance and promote the priva- authorities globally, as well as GPEN they will be able to cy enforcement community’s development. other enforcement-related share information about their
If you are a member of anoth- er Network and would like to explore the possibility of es- tablishing greater links be- tween that network and GPEN, please contact the GPEN Committee, via the GPEN site to discuss partici- pation in the Network of Net- works initiative.
By Adam Stevens, Team Manag- er– Intelligence Hub (Enforcement), Information Com- missioner’s Office, UK
networks, and there is signifi- network directly via a Net- cant value in leveraging the work Page on the GPEN web- combined strengths of these site. networks in furtherance of our respective mandates. To start with, the GPEN Committee have identified a number of networks to join a Under the project, GPEN project pilot, and welcomed plans to reach out to other the Asia Pacific Privacy Au- networks involving privacy thorities group and the Lon- enforcement authorities, and don Action Plan as the first other relevant enforcement two networks. These net- authorities, and offer to pro- works have provided a Liaison vide a link into GPEN through Officer, and we will be looking a ‘Liaison Officer Programme’. to develop these relationships A Liaison Officer will, in most over the coming months. Feedback so far has been posi- cases, be a member of GPEN tive, with the London Action and the connecting network. Plan seeking to pursue a simi- Practically speaking, members lar project in the anti-spam of GPEN and other participat- world. ing networks will be able to, via the Liaison Officer, share GPEN aims to include regional information and knowledge, networks from around the Volume 1, Issue 6 Page 7
Highlights of the Executive Committee meeting
The Executive Committee to recommend to the met on 22/23 September 2015 Conference a set of via teleconference. Particular changes to the rules. focus was on settling matters for the forthcoming closed The Committee adopted session of the annual confer- a proposed strategic plan ence. A few highlights: to guide the Conference for the next 3 years. The Committee consid- The Committee en- ered 5 applications for dorsed the notices pre- The Committee rejected accreditation as new pared by the Secretariat New Zealand’s proposal members and 14 observ- to enable implementation for a workable plan to er applications. of the Enforcement Co- fund the Secretariat. operation Arrangement. The Committee resolved
Invitation to submit proposals to host 2017 proposals
Member authorities are submitting proposals is avail- Executive Committee invited to submit proposals able on the website. The Secretariat is 30 Novem- to host the 39th Confer- deadline for submitting writ- ber 2015. ence in 2017. Guidance for ten proposals to the
Comings and goings Allan Chiang completed a José Alejandro Bermúdez Durana, Data Protection five year term as the Superintendent for Co- Hong Kong Privacy Com- lombia retired in July and missioner for Personal has been replaced by Data in August. The new commissioner is Stephen German Bacca. Kai-yi Wong. José Luis Rodríguez Álva- rez, director of the Span- Australian Privacy Com- ish Data Protection missioner Timothy Pilgrim Agency retired in July and became acting Australian is replaced by Mar España Information Commission- er in July replacing John Martí. McMillan. John has be- come NSW Ombudsman. Page 8 Executive Committee ICDPPC
37th Conference Closed Session: Profiles of Panel Speakers
This year the Conference has award (2010), the IEEE/ACM- individual’s preferences? Does two themes - Genetics and CS HPC award (2008), and he the individual have reason to Health Data: Challenges for was selected as one of 2010 accept the use? If all efforts tomorrow and Data Protec- Tomorrow’s PIs team of Ge- are made to let people know tion Oversight of Security and nome Technology. how their data are used, if Intelligence: the role of data protection authorities in a What is the biggest privacy changing society. Below you risk of an increasing trend will find profiles of panel to collect and study of peo- speakers. We asked panel ple’s genetic information? speakers questions related to their topic to give you a fla- Studying genetic data has a vour of what lies ahead in strong potential for improving Amsterdam. human health. However, the premise of this process relies Panel speakers for the on participation from patients, Genetics and Genetics and family members, and healthy Health Data: Challenges donors. My biggest fear is that for tomorrow. the combination of bad sci- ence (e.g. rasicm or unsus- Dr. Yaniv Erlich is a Core tained claims) and data individual preferences regard- Member at the New York mishendling will erode public ing use are maximally upheld Genome Center and Assistant trust in this important endeav- (consistent with mutual re- Professor of Computer Sci- our. spect for all), and, importantly, ence at Columbia University compelling reasons can be and. Prior to these positions, Dr Mark Taylor is Senior offered to accept use (even he was a Principal Investigator Lecturer in the School of Law, when not expected or pre- at the Whitehead Institute, University of Sheffield. He is a ferred), then both privacy and MIT. He received a Bachelor’s mid-career Fellow of the Brit- the public interest in genetic ish Academy, Chair of the research may be respected. Confidentiality Advisory Group for the Health Re- (For more see, http:// search Authority (HRA), a bit.ly/1MBeroC). member of the National Data Guardian’s Panel, the Ethics Laurent Alexandre is a Advisory Committee for Ge- panel speaker for Genetics nomics England, and the Eth- and Health Data: Challenges ics, Regulation & Public In- for tomorrow. He wasn’t volvement Committee available to provide his profile. (ERPIC) for the Medical Re- search Council.
He has written extensively on the subject of information governance and genetic priva- cy and is author of “Genetic Data and the Law” (CUP,2012). Dr Taylor is currently on secondment as Data Policy Advisor to the HRA. degree from Tel-Aviv Univer- sity, Israel (2006) and a PhD What kind of oversight is from the Watson School of needed to ensure genetic Biological Sciences at Cold research accommodates a Spring Harbor Laboratory person’s right to privacy? (2010). Dr. Erlich’s research interests are computational Oversight must be able to ask, human genetics. Dr. Erlich is and answer, three questions: the recipient of the Burroughs Does the individual have rea- Wellcome Career Award son to expect this research? (2013), Harold M. Weintraub Does this use respect the Volume 1, Issue 6 Page 9
Panel speakers for Data tection is open to debate.. Will it be possible to resist Protection Oversight of the increasing tracking Security and Intelligence: As data collection becomes and recording of our eve- the role of data protection more and more ubiquitous, ryday lives? authorities in a changing is it inevitable that that society. trend will be matched by Certainly it is increasingly data protection and privacy difficult. Cookies and other Sir David Omand GCB is a authorities getting more online tracking devices remain visiting professor in the War enforcement powers? ubiquitous. Networked sen- Studies Department, King's Yes, this trend is already evi- sors and recording devices in College London. His career in public spaces are proliferating, thereby adding images, sounds, and movement to the massive personal dossiers already maintained on orid- nary individuals by govern- ment agencies and private firms alike. Unfortunately, the processes for capturing, stor- ing, managing, and analyzing personal data remain opaque and the tools for controlling such data inadequate. We need a simple and easy meth- od for individuals to signall their resistance to tracking and recording in both online and offline settings along with dent in the deliberations on new technical designs and legal UK government service in- principles to ensure that such the new European Data Pro- cluded the posts of Security signals are received and acted and Intelligence Coordinator, tection Regulation with the upon consistent with funda- and surveillance. His book, responsibilities placed on na- mental rights of privacy. And Securing the State, was pub- tional authorities and the pro- these new methods must be lished in 2010. posed higher level of financial as convenient and automated penalties on companies that as the underlying data collec- Permanent Secretary of the fail adequately to protect cus- tion techniques or indiviauls Home Office and Director of will remain forever at a disad- GCHQ, the signals intelligence tomer data. vantage. and cybersecurity organisa- tion. He served for 7 years on Ira Rubinstein is a Senior the Joint Intelligence Commit- Fellow at the Information Law tee. He is Senior Independent Institute, NYU School of Law, Director of Babcock Interna- where he teaches courses in tional Group plc and a mem- privacy law. Rubinstein lec- ber of the Bildt Commission on Global Internet Govern- tures and publishes widely on ance and was a member of the issues of privacy and security recent UK inquiry into privacy and has testified before Con- and surveillance. His book, gress on these topics five Securing the State, was pub- times. Until 2007, he was an lished in 2010. Associate General Counsel in Microsoft's law department. Do we need an Interpol for In 2010, he joined the Board data protection? of Directors of the Center for We need enhanced coopera- Democracy and Technology. tion between national data He also serves as Rapporteur protection authorities working of the EU-US Privacy Bridges on issues concerning transna- Project, and on the Board of tional companies. Whether Interpol or some other inter- Advisers, American Law Insti- national institutional frame- tute, Restatement Third, In- work is the right model for formation Privacy Principles. governance and facilitating the Rubinstein graduated from necessary liaisons in data pro- Yale Law School in 1985. Page 10 Executive Committee ICDPPC
Cheryl Gwyn was appointed Authorities in helping make as New Zealand’s Inspector- intelligence agencies more General of Intelligence and effective organisations? Security commencing 5 May 2014, for a three year term. Intelligence services have a The Inspector-General’s role strong interest in ensuring includes reviewing the legality that information they hold on and propriety of intelligence legitimate targets is fair, accu- rate and up-to-date. Failure to do so will affect their effec- tiveness and reputation. DPAs have a significant role in as- sisting effectiveness, including through:
Close cooperation be- tween DPAs and be- tween DPAs and special- ist intelligence and securi- ty oversight bodies: intel- ligence and security agen- cies cooperate and share information across na- tional boundaries, so should oversight bodies. Cooperation can ensure clarity as to which na- tional legislation applies and avoid a lacuna in oversight. Keeping up with techno- logical developments: in order to keep the public informed of technical Photo: Hagen Hopkins/NZ Listener solutions to issues such and security agency activities as the need for bulk col- and investigating complaints lection of data by SIG relating to the agencies. The INT agencies; means to Inspector-General has power control personal data. to initiate her own inquiries. Contributing to policy and legislative develop- Ms Gwyn has broad public law ments. experience, having spent ten years as Deputy Solicitor- General in the New Zealand Crown Law Office, where she provided legal advice and rep- resentation to Ministers and Departments, principally in constitutional matters.
That position was preceded by two years managing a large policy group, as Deputy Secre- tary for Justice.
Before entering the public service, Ms Gwyn was a litiga- tion partner at two of New Zealand’s largest law firms.
What’s the most important role for Data Protection Volume 1, Issue 6 Page 11
Profile of partners in Privacy: Council of Europe
Sophie Kwasny (my maid- privacy? the European Court of Hu- en name immediately indi- man rights, which protects cates Polish origins, which the right to private life as enables our Polish col- I have the incredible chance of enshrined in Article 8 of the leagues to tell me off for being civil servant for a Hu- European Convention on my poor linguistic skills…) man rights based organisation Human Rights, the Parlia- – I am the Head of the in which I deeply believe. Law- mentary Assembly of the Data protection Unit of yer by education, the princi- Council of Europe, The Com- the Council of Europe ples and values we defend and missioner for Human Rights, (international organisation promote in the Council of and at intergovernmental level based in Strasbourg, Europe are at the basis of my (or rather inter-country as France). The Unit is locat- professional path. I have been several countries are repre- ed within the Human working for this organisation sented by their independent Rights and Rule of Law for nearly twenty years, work- authorities), the Committee of General Directorate, ing on various topics such as Convention 108,, together which I often underline to prisons’ reform, independence with the Unit providing sup- recall that our work is of the judiciary, nationality law port to it, the Data Protection about protecting human and, more lately privacy and Unit. The present profile is rights, and the human data protection. I have to say the one of the Data Protec- beings behind such rights. that joining the privacy com- munity, or rather family, at a tion Unit solely. time when fathers and moth- What does your position/ ers of the first generation of role involve? How long have laws were still around to guide you been performing this us, has been an immense privi- role? lege.
I have been managing the Data Is there anything else about Protection Unit for nearly five yourself you wish to add? years now. A deep dive into a sea of review, revision and modernisation! The Council of I am French by nationality (and Europe had just started the mood often ;) and if I complain modernisation work of the and object strongly, please data protection Convention understand that this is a fault I (‘Convention 108’) when I was taught since I was a child. arrived and it was a perfect I grew up in the South of time to start working on France, on the Mediterranean those issues. I have really en- sea, and have been living in the joyed working in this field, North for quite some time especially as my position im- now, I can bring the best of plies a variety of roles: manag- those two very different ing the intergovernmental worlds together and maintain work (the standard-setting warmth while acting with and policy work of the Com- rigour. mittee of Convention 108), promoting the Convention and our achievements What is the name of the throughout the world, provid- entity you are profiling? If it ing bilateral assistance to is a committee please ex- countries wishing to work plain how it relates to the with us, and also supporting structure of the organisa- the work of our data protec- tion. tion Commissioner.
The difficulty here is that sev- What is your background? eral bodies within the Council How did you become in- of Europe deal with privacy: volved in data protection or Page 12 Executive Committee ICDPPC
What is the role of the enti- The fact that the Convention Data Protection Unit ty? What are its objectives? now counts a non-European Council of Europe country (Uruguay) and that Email: [email protected] Our Data Protection Unit is several others are in the pro- Website: www.coe.int/ entrusted with the task of cess of acceding (currently dataprotection providing the Secretariat to Morocco, Mauritius, Senegal the Committee established by and Tunisia) is a great oppor- Convention 108. This notably tunity for our protection implies convening and organis- through the Convention. ing meetings, liaising and A number of soft-law instru- working with experts in sup- ments are to be mentioned porting the further develop- too, such as for instance our ment of right-based legislative new text on the processing of and regulatory frameworks on personal data in the context data protection and the effec- of employment, or the ones tive implementation of data regarding the protection of protection principles in all human rights and search en- Parties to the Convention and gines, and human rights and candidate countries, promot- social networking services. ing Convention 108 through- out the world, as well as rep- During 2015 what is the resenting the Committee in- entity focusing on? What house. For the past years, an might be of most interest to important part of the work Data Protection and Privacy has been to deal with the Commissioners? modernisation of Convention 108, and in that context, the We have a lot to work on in Unit also provided the Secre- the coming months, starting tariat to an ad hoc Commit- with the finalisation of the tee. Furthermore, we are very modernisation of Convention active in the field of technical 108, that everyone is now co-operation, that is providing eager to witness. On more support (legal expertise, train- specific topics, we will contin- ings, etc.) to a country or an ue our work on issues such as authority requesting our assis- mass surveillance, use of per- tance. This can be done on a sonal data in a law enforce- bilateral or multilateral (for ment context, big data, as well instance regional) basis. Our as the processing of health main objective is the efficiency data. Our work plan can be and sustainability of the pro- found on our website for tection system established by further details (see the ad- Convention 108, which is dress below). unique in its kind.
Is there anything else about What have been its most yourself you wish to add? notable achievements in the last few years? What has the I would like to thank the Exec- entity being working on utive Committee for its great recently? work and for offering us the opportunity to introduce our A series of achievements can Unit and present our work to be noted, but the most publi- persons who are not neces- cised one is certainly the pro- sarily aware of it. I will be, gress made on the moderni- together with my colleagues, sation of Convention 108 (to attending the 37th Interna- deal with new technological tional Conference in Amster- challenges and enhance the dam and would be very happy follow-up mechanism of the to meet any of the readers Convention). This work is not interested in learning more yet completed, we are waiting about Convention 108 and for the final step. our work, or simply willing to practice a bit of French ...
Volume 1, Issue 6 Page 13
Commissioner Profile Hong Kong: Stephan Kai-yi WONG
Stephen Kai-yi WONG; the opportunity for Privacy Commissioner for experience and Personal Data, Hong knowledge sharing. Kong; Office of the Privacy Commissioner for Person- al Data, Hong Kong; Hong What did you do Kong Special Administra- before you became tive Region, PRC a Commissioner? Barrister-at-law; Sec- retary, Law Reform Where did you grow up? Commission of Hong Hong Kong Kong; Deputy Solici- tor-General of Hong
Kong When did you first become involved in data protection or privacy? What is the best thing about tween the protection of indi- participating in the Interna- viduals’ data and the free flow 1990 of information in the best tional Conference? interests of the community. Sharing of knowledge and What was the first Interna- experience; picking wisdom of tional Conference that you others attended? (City and if you can remember it, the year)? Being a newly appointed Priva- What is the best thing about cy Commissioner for Hong being Data Protection Com- Kong, I look forward to my missioner? first International Conference Embracing the challenge of in Amsterdam to meet with trying to strike a balance be- my learned colleagues and also
Commissioner Profile Gibraltar: Paul Canessa
Paul Canessa. C.E.O. Gi- London 2006. braltar Regulatory Au-
thority & Data Protection What did you do before you Commissioner. became a Commissioner? I Gibraltar. worked as a broadcast jour-
nalist/producer with the Gi- Where did you grow up? Gibraltar. braltar Broadcasting Corpora- tion and was Head of News When did you first become for 10 years. Took over as involved in data protection C.E.O. of the Gibraltar Regu- or privacy? latory Authority (GRA) on its January 2004 creation in October 2000 with
What was the first Interna- responsibility for regulating tional Conference that you the telecommunications and attended? (City and if you broadcasting sectors in Gibral- can remember it, the year)? tar. In 2004, the Data Protec-
Page 14 Executive Committee ICDPPC
tion Act assigned the duties of hours at the Mexico City con- What is your favourite pri- Data Protection Commission- ference in 2011. vacy quotation?
er to the GRA. Ireland's Data Protection What is the best thing about Commissioner’s comment on What was the funniest thing participating in the Interna- social networks in 2013: that you saw, or happened tional Conference? to you, at an International Exchanging ideas with other “Acknowledge the ‘right to be Conference? Commissioners and meeting silly’. Sharing your life with Not very funny at the time, colleagues from around the the world may not be a good but losing my luggage for 48 world. idea, but its your life!”.
Commissioner Profile Zurich, Switzerland: Bruno Baeriswyl
Bruno Baeriswyl, Privacy pany data protection was an about privacy now and in the Commissioner, Data Pro- issue in its data security as- future! tection Authority Canton pect. In that period Switzer- of Zurich, Switzerland. land hadn’t yet got a data pro- What is the best thing about participating in the Interna- Where did you grow up? tection legislation. tional Conference? In the German speaking part I’m expecting from an Interna- What was the first Interna- of Switzerland, in a small town tional Conference good talks tional Conference that you not far from Zurich. by speakers with different attended? (City and if you backgrounds and I’m looking can remember it, the year)? for the opportunity to net- 1995, Copenhagen, Denmark work with other participants
What did you do before you Please explain the meaning became a Commissioner? of privacy and why it is im- Prior to my appointment as portant in the form of a the Privacy Commissioner of ‘tweet’ the Canton of Zurich, I held Privacy and democracy are management positions in the twins. You don’t get the one public administration sector, without the other. Take care at the International Commit- of both of them. tee of the Red Cross (ICRC), and at an international com- puter company.
What was the funniest thing that you saw, or happened to you, at an International Conference? At first it wasn’t very funny but it turned out to be. At the International Conference in Hong Kong (1999) a tornado When did you first become deranged a whole conference involved in data protection day in a way that all partici- or privacy? pants were blocked in their In my former position with an hotels. In the lobby of my international computer com- hotel we had the most inten- sive and funniest discussion Volume 1, Issue 6
Factoid
Member authorities in selected networks
The International Conference of Data Protection and Privacy Commissioners Executive Committee Secretariat ICDPPC member authorities in other networks
NZ Office of the Privacy Commissioner: Blair Stewart Vanya Vida Linda Williams
Email: ICDPPCExCo[at] privacy.org.nz
Executive CommitteeICDPPC [email protected] Population statistics