This week, Turkey hosted the 44th Global Privacy Assembly. The four-day event was staged at a conference center in the heart of Istanbul along the Golden Horn. It gathered regulators, government officials and many other stakeholders from all continents. The European contingent included European Data Protection Board Chair Andrea Jelinek, EDPS Wojciech Wiewiórowski, commissioners from data protection authorities such as France’s Commission nationale de l'informatique et des libertés, Germany’s Federal Commissioner for Data Protection and Freedom of Information, and Italy’s the Garante among other distinguished delegates.
Under a theme of “A Matter of Balance: Privacy in The Era of Rapid Technological Advancement,” the open conference was largely devoted to discussions on privacy and human rights, with panels touching on surveillance in the commercial area, data protection challenges in humanitarian crises, as well as discussions on data protection and competition. It also left room to more “traditional” panels addressing many current topics across artificial intelligence, children’s privacy and cross-border data transfers.
Across panel and corridor chatter were many interesting discussions, but for readers most interested in European updates, here are a couple that stuck with me.
Jelinek announced she will not be seeking a second term at the helm of the European regulators’ group. Jelinek came into the job as the EPDB’s first chair when it was created by the EU General Data Protection Regulation, setting up the board and institutionalizing cooperation among European regulators. Her current term will run until May 25, 2023 so she still has a solid six months to push through a few more initiatives. The EPDB currently has three Article 65 cases pending, under the co-called consistency mechanism, which will continue to run their course.
By the end of the year, the EDPB will also close its first coordinated enforcement action with 22 participating DPAs on the use of cloud services in the public sector, and open its second action focused on the role of data protection officers early next year. Jelinek will discuss all these issues and many more at the IAPP’s upcoming European Data Protection Congress in Brussels.
Another interesting development was mentioned by U.S. Department of Justice acting Chief Privacy and Civil Liberties Officer Peter Winn during a panel on the efficiency of mechanisms developed for cross-border data transfers. Winn confirmed what many heard through the grapevine in recent weeks that the Organisation for Economic Co-operation and Development is reaching a breakthrough in its discussions on OECD members’ government access practices. These talks have been on the community’s radar as they have the potential to release some of the friction on cross-jurisdiction data transfers, short of being the silver bullet that may or may not exist in the field. The development could be endorsed formally during the OECD Ministerial in December.
The second part of the Global Privacy Assembly was a two-day closed-door session for regulators only to discuss and likely adopt several resolutions. Among others, GPA leadership will consider a resolution with a set of six principles on AI, aimed at ensuring demonstrable accountability, necessity and proportionality.
The next GPA will be organized in Bermuda. Until then, I hope to see many of you at the IAPP Data Protection Congress in Brussels in a few weeks. Fewer beaches, more chocolate.