A number of international government agencies have joined to form a Global Privacy Enforcement Network (GPEN) in order to facilitate greater cooperation in the global enforcement of privacy laws.
“Because modern commerce increasingly relies on the flow of personal information across national and jurisdictional borders, privacy-related law violations often involve multiple jurisdictions,” says Yael Weinman, counsel for international consumer protection at the U.S. Federal Trade Commission (FTC). “This requires both a better understanding of the different privacy regimes around the world as well as actual cooperation among privacy enforcement authorities.”
The GPEN aims to facilitate cross-border points of contact, bilateral investigations and enforcement cooperation among privacy authorities. GPEN participants will discuss enforcement trends and experiences, share investigative techniques, take part in periodic conference calls and meetings and provide content for a restricted-access GPEN Web site to be operated under the Organisation for Economic Cooperation and Development (OECD).
The need for greater cooperation among regulators has been increasingly recognized by a number of international groups, including the OECD and the Asia-Pacific Economic Cooperation (APEC). In 2007, the OECD published an action plan calling for its member countries to create an informal network of privacy enforcement authorities and “other appropriate stakeholders to discuss the practical aspects of privacy law enforcement cooperation,” share best practices and work to develop shared priorities, among other initiatives.
“These days, we are seeing more and more cases where the practices of foreign companies are affecting the privacy of our citizens. This will only increase in the future,” said New Zealand Privacy Commissioner Marie Shroff. “Privacy enforcement authorities increasingly have been cooperating with each other across borders in their efforts to understand emerging privacy risks and to influence the behaviour of multi-national companies. However, until recent initiatives by the OECD and APEC, there have been few available mechanisms to assist with cross-border enforcement cooperation. GPEN will provide a practical platform for privacy enforcement cooperation across national boundaries.”
The FTC contacted various counterparts inviting them to be a part of the network, but the commission will not necessarily play a leading role. The commission may establish committees to focus on specific areas in the future.
“The expectation is that this initiative should result in data protection authorities taking a more harmonized approach to issues,” said Canadian Privacy Commissioner Jennifer Stoddart.
Privacy authorities seeking to join GPEN must apply through the OECD’s secretariat and endorse the network’s action plan.
The 12 entities involved in the GPEN so far include the U.S. Federal Trade Commission; Office of the Privacy Commissioner of Canada; Commission Nationale de l’Informatique et des Libertés (CNIL, France); Office of the Privacy Commissioner, New Zealand; Israeli Law, Information and Technology Authority; Office of the Privacy Commissioner, Australia; Office of the Data Protection Commissioner, Ireland; Agencia Española de Protección de Datos (Spain); Information Commissioner’s Office (United Kingdom); Garante Per La Protezione Dei Dati Personali (Italy); Dutch Data Protection Authority, and Federal Commissioner for Data Protection and Freedom of Information (Germany).
