Friday, Jan. 28, is Data Protection Day (in the EU) or Data Privacy Day (in the U.S.). But how did this day originate?
The history of January 28
The day was initiated by the Committee of Ministers of the Council of Europe in 2006. Often synonymous and confused with the EU, the Council of Europe formed in the wake of World War II. Resolutions from the Council of Europe on the privacy of individuals preceded and even served as partial catalyst to the earliest national data protection laws in Austria, Denmark, France, Germany, Luxembourg, Norway, and Sweden.
Jan. 28 was chosen for Data Protection Day because it marks the anniversary of the opening for signature of the Council of Europe’s Convention 108 in 1981. One writer has described Convention 108 as “the seed from which the right to data protection sprouted” and the basis for Data Protection Day. Convention 108 holds special status as the first legally binding international agreement on data protection and continues to influence data protection laws around the world to this day.
Moreover, the CoE has worked in recent years to ensure the principles of Convention 108 do not fall behind as technology advances. On May 18, 2018, (just one week ahead of the GDPR’s entrance into force), Convention 108 took on a modernized form as Convention 108+. This update to the agreement incorporated some of the key principles of EU law and definitions laid out in the GDPR, such as the concept of proportionality and the notion that processing should be based on “free, specific, informed and unambiguous consent.” In addition, in 2019, the CoE adopted New Guidelines on Artificial Intelligence and Data Protection, uncoincidentally, to mark the occasion of Data Protection Day that year.
As Convention 108/108+ has continued to draw non-European signatories — adding nine non-members of the CoE since 2013 — it plays a truly unique role as an international treaty for personal data protection. University of New South Wales professor Graham Greenleaf has described the standards of 108+ as “arguably mid-way between 108 and those of the EU’s GDPR.”
Thus, tracing the genealogy of Data Privacy/Protection Day to Convention 108+ reveals the inherently diplomatic and globally oriented nature of the day and events surrounding it.
Data Privacy Day 2022
This year will be the 16th Data Protection/Privacy Day. And, if one day only whets your appetite for more privacy-themed celebrations, the National Cybersecurity Alliance has also expanded things this year, dubbing Jan. 24-28 to be Data Privacy Week. To mark Data Privacy Day/Week, there will be a host of events discussing everything under the sun in privacy. Here’s a sampling of some of the events occurring that week:
- On Jan. 26, the National Cybersecurity Alliance will convene “The Data Privacy Balancing Act,” featuring more than a dozen guests, including FTC Commissioner Noah Joshua Phillips; Uber Chief Privacy Officer Ruby Zefo, CIPP/US, CIPM, FIP; and Northeastern University Law and Computer Science professor Woody Hartzog.
- To mark the day itself, J. Trevor Hughes, CIPP, will host a LinkedIn Live event on Data Privacy Day and 2022 Predictions with IAPP Country Leader, Ireland, and Pembroke Privacy Director Kate Colleary, CIPP/E, CIPM; Norton Rose Fulbright Partner, Head of Information Governance, Privacy and Cybersecurity, APAC, Anna Gamvros, CIPP/A, CIPT, FIP; Perkins Coie Partner, Privacy and Security, Ad Tech Privacy and Data Management Co-chair Dominique Shelton Leipzig, CIPP/US; and Tsaaro Co-founder and CEO Akarsh Singh, CIPP/E, CIPT, FIP.
- Also on Jan. 28, IAPP will hold a web conference entitled “Data Privacy Day 2022 - Framing the Data Protection Landscape in the Year Ahead,” which will feature J. Trevor Hughes, CIPP; BigID Chief Privacy Officer Heather Federman, CIPP/US; and Goodwin Procter Partner and IAPP Senior Fellow Omer Tene.
Perhaps given that Data Privacy Day takes place in January, many of these events and perspectives center around predictions for the year ahead, although new laws and enforcement seem to be the top issues. The lead-up to Data Privacy Day has also been a busy time for privacy professionals. On Jan. 13, I participated in a panel entitled “Privacy in Practice: Our ‘Top Three’ for 2022” alongside IAPP Director of Research & Insights Mark Thompson, CIPP/E, CIPM, CIPT, FIP, and Senior Fellow of Privacy Engineering Katharina Koerner, CIPP/US, to discuss the top issues we plan to focus on in 2022 regarding privacy program management, law and policy, and privacy engineering.
In the privacy law and policy arena, my top three issues (PIPL, interplay of U.S. state/federal law, EU’s data governance) are all connected by the notion of consumer trust, as it remains a motivating factor behind the efforts of lawmakers from Brussels to Beijing. As public awareness around privacy grows — as evidenced by global celebrations of Data Privacy Day, itself — increasing consumer trust is a goal that legislators and regulators will continue to pursue, via new laws, regulations, and enforcement actions.
More days for privacy?
In case you cannot catch up with one or more of these events, remember that Data Privacy Day/Week is not the only time there is to celebrate the world of privacy. There’s also Deletion Day (April 4, but organizations can undertake their data housekeeping at any time), Computer Security Day (Nov. 30), while the entire month of October is dedicated Cybersecurity Awareness Month. Another important (non-recurring) one is GDPR Day, which was “celebrated” on May 25, 2018, although each year it is marked by events and look-back perspectives (GDPR at One, at Two, at Three, etc.). And, who knows, maybe another will be added to the calendar: What about having a “Schrems II Day” (July 15) or an “ePrivacy Regulation Day” to celebrate this year?
Given all of the events and resources being made available for Data Privacy Day, it’s an important time to tune into the discussions, connect with others in the privacy community, and learn about the key questions on top of the agenda for privacy professionals.
Privacy pros work all year long, struggling to understand complex multijurisdictional issues while aiming to make privacy for employees and customers a reality each day. Data Privacy Day also provides an opportunity to raise the internal and external bar for privacy pros, increasing the transparency of the work organizations are doing and helping to bring others along on the journey
Happy Data Privacy Day.
Photo by Erwan Hesry on Unsplash
If you want to comment on this post, you need to login.