With the 35th International Conference of Data Protection and Privacy Commissioners, the Data Protection Authorities adopted a declaration and 6 resolutions on data protection (as well as a resolution on the strategy of its working group through 2016).
Resolution on openness of personal data practices
During the Conference, the Authorities recognized that individuals are now expecting greater accountability and transparency on both private sector organizations and governments with respect to how their personal data are collected and disclosed. However these expectations are not always respected.
This resolution was therefore adopted in order to urge (i) organizations collecting personal data to explain the purposes for collecting the data, the identity of the organization and to provide clear policies to individuals and (ii) governments to be more open with regard to data collection practices.
The Authorities also called upon all stakeholders making use of profiling methods to preliminarily assess the privacy impact of their activity and the needs to guarantee transparency to data subjects (with particular attention to minors). The Authorities underlined the necessity to inform about the profiling operations to the maximum extent and to ensure that said profiling operations are subject to appropriate review by the competent national authorities. At the same time the Authorities called upon the governments to ensure that both the general public and the relevant stakeholders are given the opportunity to express their opinions on profiling operations. Such position was supported by the Italian Data Protection Authority, which as you can see here, recently issued a public consultation on the information notice to be provided with respect to cookies.
Resolution on web tracking and privacy
This resolution recognized that tracking measures may bring benefits to the consumers (including fraud prevention and security) and may facilitate the development of new products and services. However, the Authorities believe that tracking activities may entail serious privacy risks. Accordingly the Authorities required the stakeholders to guarantee transparency and prioritize the protection of privacy over tracking operations, in particular through the so called “privacy by design“.
Resolution on international enforcement coordination
The Authorities further stressed the need to encourage the cooperation in cross-border privacy enforcement. This resolution therefore urges the governments to empower the Authorities with the necessary tools to coordinate and address cross-border data protection infringements. The Authorities also encouraged the creation of a secure information platform that could offer a “safe space” for privacy enforcement authorities, so as to share confidential information and facilitate coordination.
Resolution on anchoring data protection and the protection of privacy in international law
This resolution recognized the need for a binding international agreement on data protection that safeguards human rights and urged governments to call for the adoption of an additional protocol to Article 17 of the International Covenant on Civil and Political Rights. In particular the Authorities further stressed the principle that no individual can be subject to unlawful interference with his/her privacy.
Resolution on digital education for all
Finally, this resolution urged the national Authorities to adopt a common program on promoting knowledge about digital technologies. According to the resolution, the main principles set out in the document (namely (i) provide a specific protection to minors, (ii) foster trainings, (iii) look for an appropriate balance between the opportunities and the risks, fostering a critical thinking, (iv) promote the development of good customs and respect of other users) must be part of large-scale actions on digital technologies to be addressed in the main agenda of national Authorities.ì
The International Conference of Data Protection and Privacy Commissioners also issued a Declaration on the “appification” of society. The Declaration discussed the challenges deriving from the increased number of apps, underlying that “app developers are often unaware of the privacy implications of their work, and unfamiliar with concepts like privacy by design“.
The Authorities therefore recognized the need to raise awareness within the industry, underlying that, in order to ensure compliance with existing data protection law and, at the same time, maintain a positive user experience, privacy should be taken into account at the very start of the development of the app.
In addition to the above, the Declaration also recognized that the responsibility for privacy does not rest with app developers alone, but also with providers of operating systems bearing responsibility for their platforms.
Considering the above, it seems that the Authorities (in line with Italian Data Protection Authority) are concerned about profiling and web tracking operations, as well as enforcement mechanisms.
Besides the reaffirmation of general principles this Conference further stressed the desire of the Authorities to be provided with cooperation instruments to face the current global technologies. This is no doubt a positive step towards a more harmonized protection of personal data.