You need to
read the latest resolution of the international conference of data protection
and privacy commissioners on enforcement cooperation a couple of times before
much of its meaning becomes apparent.
It may be
just over 900 words long, but crystal clear it aint.
It recalls
previous resolutions from the 29th, 33rd, 34th
and 35th conferences and the Montreux Declaration from the 27th
Conference. It recalls earlier decisions to set up an International Enforcement
Coordination Working Group, and notes that the Working Group reported back with
six recommended co-ordination principles.
It further
notes that the previous conference mandated the Working Group to “work with
other networks to develop a common approach to cross border case handling and
enforcement co-operation, to be expressed in a multilateral framework document
addressing the sharing of enforcement-related information, including how such
information id to be treated by recipients thereof, and that this work was not
intended to replace existing national and regional conditions for sharing
information, or to interfere with similar arrangements by other networks.”
It also notes progress on developing “arrangements for cross-border cooperation in the enforcement of laws protecting privacy, including efforts by APEC, the data protection authorities of the Article 29 Working Party, the OECD, the Council of Europe, the network of Francophone authorities, the Ibero-American network and the Global Privacy Enforcement Network (GPEN)”
The resolution goes on (and on, and on) until you get to to (perhaps the most significant bit, which is “To support the development of a secure international information platform which offers a ‘safe space’ for members of the International Conference and their partners to share confidential information and, to facilitate the initiation of coordinated enforcement action and, complement other international enforcement coordination mechanisms, adding value to the international enforcement operational framework.”
What (slightly) surprises me is why, after some 36 international meetings, it is still necessary for privacy commissioners to bang on about the need for international co-operation amongst themselves.
It also notes progress on developing “arrangements for cross-border cooperation in the enforcement of laws protecting privacy, including efforts by APEC, the data protection authorities of the Article 29 Working Party, the OECD, the Council of Europe, the network of Francophone authorities, the Ibero-American network and the Global Privacy Enforcement Network (GPEN)”
The resolution goes on (and on, and on) until you get to to (perhaps the most significant bit, which is “To support the development of a secure international information platform which offers a ‘safe space’ for members of the International Conference and their partners to share confidential information and, to facilitate the initiation of coordinated enforcement action and, complement other international enforcement coordination mechanisms, adding value to the international enforcement operational framework.”
What (slightly) surprises me is why, after some 36 international meetings, it is still necessary for privacy commissioners to bang on about the need for international co-operation amongst themselves.
Why do they need additional mandates to facilitate a greater sense of
working together – is it because some regulators find it hard to cooperate with
others? They all ought to be working together anyway, and it would be scandalous
if they weren’t.
Or is it because they need to send more messages to data controllers to
reassure them that scarce tools and resources are being pooled, and that,
perhaps one day, they may be sufficient to deal with the behemoths that seek to
transgress?
Footnote:
The
reference in the resolution to the sharing of confidential information caught
my attention, particularly as the Data Protection Act has a few things to say
about this.
Section 54 of the DPA provides a gateway for
the ICO to exchange some information with supervisory authorities in the colonies,
other EEA States or with the European Commission. The Act does not refer to
cases where it may be prudent to share information with authorities elsewhere
around the globe.
Section 59 places various constraints on the ability of the ICO to
disclose certain types of confidential information. Presumably, the
Commissioner will argue that any disclosures for fellow regulators of
information supplied to it in confidence will be lawful as the disclosure will,
of necessity, be in the public interest.
Source:
http://www.privacyconference2014.org/media/16430/Resolution-International-cooperation.pdf
.
Posts
