The recent International Conference of Data Protection and Privacy Commissioners (which took place in Warsaw at the end of September), attended by data protection and privacy enforcement authorities from around the world, looked at international data protection enforcement in the digital world and the challenges posed by the "appification of society".
Due to the ease with which personal data can be shared across the globe and the way in which many global organisations now operate and process personal data, security breaches often affect the personal information of individuals in more than one jurisdiction. Data protection and privacy enforcement authorities recognised this issue at this year's Conference and resolved to further encourage existing efforts to bring about more effective coordination of cross-border investigation and enforcement.
In particular, under the Resolution on International Enforcement Coordination, it was resolved to:
- mandate the International Enforcement Coordination Working Group to work with other networks (including the "Global Privacy Enforcement Network") to develop, and express in a multilateral framework document, a common approach to cross-border case handling and enforcement co-ordination;
- encourage privacy enforcement authorities to look for opportunities to cooperate in investigations with cross-border implications; and
- support the development of a secure information platform to enable national privacy enforcement authorities to share confidential information and coordinate international enforcement.
The resolution certainly shows an intention by national data protection authorities to improve international data protection enforcement. It will, however, be interesting to see whether the resolution leads to real action (and, if so, when).
"Appification" of society
The Conference also showed that there is an increased awareness amongst regulators of the privacy challenges arising out of individuals' increased use of apps and the rate at which apps are being developed (see the Warsaw declaration on the "appification" of society).
The declaration sets out some proposals in this area (including calling upon developers of apps, as well as their mobile operating systems like Android and iOS, to give users better information and control of their data and encouraging data protection commissioners to raise awareness of this issue within the app community). The declaration states, for instance, that apps "should be developed on the basis of surprise minimisation: no hidden features, nor unverifiable background data collection". It also notes the intention of national privacy authorities around the world to take serious steps over the coming year in this area and to revisit the subject at next year's Conference.
The Conference's resolutions and declarations are only binding on their signatories and will not directly affect organisations controlling and processing data (e.g., by changing existing laws). Nevertheless, the resolutions above do suggest that data protection authorities are (perhaps belatedly) waking up to the data protection challenges arising out of recent advances in technology. However, it’s a case of "watch this space" in terms of whether this all results in meaningful changes in practice.