By John W. Kropf, CIPP/G
The data protection authorities (DPAs) of France and Germany co-hosted the 30th International Conference of Data Protection and Privacy Commission- ers in Strasbourg, France, late last year. During the first two days, more than 600 privacy professionals from government, DPAs, academia, and the private sector participated in open sessions.
Meetings of the commissioner's subgroups—the Asia Pacific Privacy Association (APPA) and the International Working Group on Data Protection in Telecommunications (the "Berlin Group")—preceded the event.
A closed session devoted to administrative measures and the commissioners' discussion of conference resolutions comprised the last half day. Invited by the German and French co-hosts, officials from the U.S. Department of Homeland Security (DHS) and the U.S. Federal Trade Commission (FTC) followed the proceedings as "official observers."
The Commissioners' members began the closed session by considering applicants for new membership. They granted full member status to: Croatia, Burkina Faso, and the German state of North Rhine Westphalia. Macau was invited to re-apply on the condition of certain developments in its privacy framework.
Spain was added on the credentials committee for the coming year.
By the end of the meeting, the group had adopted six resolutions. Of greatest significance was a resolution calling on the United Nations (UN)—through the International Law Commission (ILC)—to set forth a UN convention on a binding set of international privacy standards. The resolution, co-sponsored by Spain and Switzerland, is more explicitly Euro-centric than similar resolutions passed during the last three years, stating that such a convention should be based on the European Convention 108.
The commissioners adopted two resolutions supporting outreach efforts. The first called for the creation of a permanent Web site to support the group and its future conference. A representative from the Organisation for Economic Co-operation and Development (OECD) demonstrated what the Web site might look like. The site would likely contain information on future conferences and would serve to archive commissioners' past resolutions.
The Australian privacy commissioner also proposed a resolution, ultimately adopted, calling for the exploration of a day or week to commemorate a recognition of privacy. Currently, the EU recognizes 28 January as its International Privacy Day, while the Asia-Pacific Privacy Association (APPA) organizes Privacy Awareness Week (PAW) each year during the last week in August. A working group will be established to reconcile the different dates.
The group also adopted a resolution proposed by the privacy commissioner of New Zealand for the creation of a steering group to coordinate commissioners with international forums—including OECD, ISO, the Council of Europe, APEC, the UN International Law Commission, and, by amendment, UNESCO.
The last two resolutions expressed concerns over privacy protections for social networking and children's activities on the Internet.
While the resolutions have no legally binding effect, they are nonetheless an expression of those commissioners who meet the group's membership criteria. The resolutions can be viewed at the Conference's official Web site: www.privacyconference2008.org.
This year's conference will be held in November in Madrid