- Lunch Rountable 2: Cooperation between DPAs under the GDPR: the issue of the diversity of national legal systems
Budapest, Hungary, 25 May 2016, 14:30-17:30 (upon invitation)
In the framework of the European Conference of Data Protection Authorities (Joint Workshop of the WP29 Cooperation Subgroup & PHAEDRA II Project)
The Workshop will be split in two Panels.
- Panel I: Criminal justice and police cooperation – national differences.
There are different levels of cooperation between DPA’s. The most basic level is cooperation purely on a case-by-case level. For this kind of cooperation to be initiated, there are several conditions to be met. For instance, DPA’s need to become comfortable with each other. This means that we have to take time to establish trust and positive communication on a human level and between operational counterparts. Furthermore, DPA’s should recognize each other’s strengths and weaknesses, and make the most of each party’s strengths. Once cooperation on a case-by-case basis is successful and when there are sufficient common interests, cooperation on a case-by-case basis may be followed by a next level of cooperation: structural cooperation. This is the case in the European Union, for instance in the Article 29 Working Party, where EU DPA’s jointly work on large projects, such as the recent Opinion on the Privacy Shield. Structural cooperation may in the end be followed by a third of cooperation: a truly common responsibility. As a result of the General Data Protection Regulation, this kind of cooperation – a shared responsibility – needs to be achieved by the European DPA’s. In order to do this, our mind-set however needs to change: cooperation needs to be our starting point, if we are to achieve a consistent application of the Regulation. The Article 29 Working Party is currently working on implementing the Regulation. This is however not without obstacles. Although it is obvious that European DPA’s highly value cooperation, both on a case-by-case basis as well as on a structural basis, a truly common responsibility may be difficult to achieve, because of legal, practical and cultural differences and – ultimately –resistance to the actual transfer or sharing of competences. However, with an eye on the consistent application of the Regulation and the thorough protection of the fundamental right to privacy and data protection, this is not only necessary, but inevitable. EU DPA’s therefore need to truly commit themselves to enhance further cooperation. Naturally, this will also have consequences for non-EU DPA’s, who cooperate with their EU counterparts. This will take both time and resources, but this will also be an exciting new project for all DPA’s.
Can we achieve a fully shared responsibility with regard to the protection of the fundamental rights to privacy and data protection, as separate European DPA’s?
Panel II: The challenges of a consistent application. How level the playing field would be?
Common rules and national law – the effect of Member State law to the co-operation of DPAs According to the European Commission “[t]he Reform package will put an end to the patchwork of data protection rules that currently exists in the EU”.1 As a matter of fact, however, the General Data Protection Regulation provides Member State legislators with a leeway to introduce and maintain national data protection rules. The DPAs currently play and pursuant to the new regulatory framework will keep on playing a key role in ensuring the uniform application of European data protection norms. It seems obvious that the set of applicable rules, including both Union and Member State law, fundamentally affects DPAs’ co-operation, in particular with regard to cross-border processing situations. Against this background one of the targets of the workshop is to map the provisions of the GDPR in order to define the room for manoeuvre national lawmakers may make use of when implementing the Regulation in their respective legal systems. In addition, the workshop endeavours to explore the potential impact of national data protection legal norms to the co-operation of the DPAs. As a result of such an exercise practical tools and techniques with a potential to facilitate the application of the Regulation and relevant Member State law in a consistent manner are expected to be identified.
Participants of the workshop are invited to share their thoughts on the subject-matter and are encouraged to contribute to its goals with any suggestions for best practices.
- Lunch Roundtable 1: Cooperation of data protection authorities, inside and outside Europe
Brussels, Belgium, 28 January 2016, 12:00-14:00 (upon invitation)
in the framework of 9th CPDP Conference: http://www.cpdpconferences.org
This roundtable will be split into two parts. The first will discuss authorities’ views on the impact of the data protection framework reform on their cooperation in the EU. The PHAEDRA II project recently interviewed European DPAs regarding the main developments of the General Data Protection Regulation (GDPR) – including the consistency mechanism, one-stop shop, European Data Protection Board (EDPB) and their impact on cooperation between European DPAs; challenges to cooperation and coordination between European DPAs; cooperation on enforcement, and the perspectives of the DPAs on the activities of the PHAEDRA II project. The resulting report provides an overview of the perspectives of European DPAs at this key stage in the data protection reform process, and in particular of areas where further work is required, and identifies issues that will need to be debated in more detail.Therefore the first part will summarise the findings of PHAEDRA research thus far and move onto deeper discussion of key outstanding areas of debate, including the practical debate about the extent to which structure and formalisation are necessary or desirable for more effective cooperation and coordination between European DPAs, issues of language use and translation costs in cross-border cases, and the requirements for future tools and platforms.The second part will be devoted to the notion of cooperation of European data protection authorities with their counterparts from outside the EU in the reformed framework. While the proposal for the GDPR regulates extensively the cooperation of EU DPAs, it devotes only a single provision to the cooperation of these authorities with their counterparts outside the EU. Art 45 GDPR is very open and vague in its wording, therefore leaving a number of “open questions”, such as its rationale, planned action by EU DPAs and the European Commission or the prospects of such an approach.While Art 45 of GDPR constitutes a starting point for the extra-EU DPAs cooperation, two recent developments deserve our attention too. First, in the aftermath of the recent invalidation of the Safe Harbour Agreement by the Court of Justice of the European Union, the Art 29 Working Party called “on the Member States and the European institutions to open discussions with US authorities in order to find political, legal and technical solutions enabling data transfers to the territory of the United States that respect fundamental rights”. Second, after the conclusion of the 37th International Conference of Data Protection and Privacy Commissioners (Amsterdam 2015), a possibility for DPAs arrived to adhere to the Global Cross Border Enforcement Cooperation Arrangement, adopted at the 36th International Conference (Mauritius 2014). The said Arrangement, however, raises a number of practical problems worth debating and these concern its legal nature and efficiency, among others.The roundtable will contribute towards the PHAEDRA II project’s recommendations and identification of best practice.The event is addressed to data protection authorities (DPAs) from the European Union (EU) and worldwide, policy-makers, advocates and academics. Therefore, participation upon invitation only. To request and invitation, please send an e-mail to the Inspector General for Personal Data Protection at email@example.com prior to 15 January 2016.
- Lunch Roundtable 1: Authorities’ views on the impact of the data protection framework reform on their co-operation in the EU [cancelled]
Brussels, Belgium, 25 November 2015, 13:00 – 15:00 (upon invitation)
|Due to the present circumstances and the security measures currently taken in Brussels, the Lunch Roundtable originally foreseen for 25 November 2015 is hereby cancelled. Registered participants have already received a dedicated e-mail.|
The PHAEDRA II project has recently interviewed European DPAs. The interviews covered the main developments of the General Data Protection Regulation (GDPR) – including the consistency mechanism, one-stop shop, European Data Protection Board, and their impact on cooperation between European DPAs; challenges to cooperation and coordination between European DPAs; cooperation on enforcement, and the perspectives of the DPAs on the activities of the PHAEDRA II project. The resulting report provides an overview of the perspectives of European DPAs at this key stage in the data protection reform process, and in particular of areas where further work is required, and identifies issues that will need to be debated in more detail.
This roundtable will summarise the findings of this research and move onto deeper discussion of key outstanding areas of debate, including the practical debate about the extent to which structure and formalisation are necessary or desirable for more effective cooperation and coordination between European DPAs, issues of language use and translation costs in cross-border cases, and the requirements for future tools and platforms. The workshop will contribute towards the PHAEDRA II project’s recommendations and identification of best practice.
- Workshop 1: Cooperation between DPAs under the GDPR: prospects, practicalities and a to-do list
Amsterdam, the Netherlands, 27 October 2015, 14:00-16:00
in the framework of 37th ICDPPC: https://www.privacyconference2015.org
The goal of the workshop, addressed to European Data Protection Authorities (DPAs) and selected policy-makers, is to present the first results of the project, as well as discuss several urgent issues concerning the new model of cooperation under the General Data Protection Regulation (GDPR), overcoming the barriers for efficient cooperation between DPAs and the upcoming agenda for data protection reform. We will have opportunity to host the prominent speakers representing DPAs, European Commission, European Data Protection Supervisor, Council of Europe and scientific community.
PHAEDRA I events (2013-2014)
Workshop 4: Further cooperation between DPAs, PCs and PEAs
Balaclava Fort (Mauritius), 14 October 2014, 14.00-17.00h
The Data Protection Office, the DPA of Mauritius, hosted the 36th International Conference of Data Protection and Privacy Commissioners (ICDPPC), that took place from 13-16 October 2014 in Mauritius. The fourth workshop under the PHAEDRA project was organised as a side event to the ICDPPC, and focussed on the presentation of the results of the project achieved till now and on discussing the mechanisms boosting international enforcement coordination, considering the legal, technical, political or organisational barriers identified under the PHAEDRA project.
- Presentation of the PHAEDRA project, Beata Batorowicz, GIODO
- Results of the PHAEDRA survey of data protection authorities, David Wright, Trilateral Research & Consulting LLP
- The future landscape of effective privacy enforcement – the challenges ahead, Drudeisha Madhub, Data Protection Commissioner (Mauritius)
- International cooperation on the protection of personal data: Moroccan practice, Said Ihrai, La Commission Nationale des données personnelles (Morocco)
- The Building Blocks of Successful Cross-Border Enforcement Cooperation, Edith Ramirez, US Federal Trade Commission
- International Cooperation of Privacy and Data Protection Commissioners, Wojciech Rafał Wiewiórowski, GIODO
- A new perspective of the personal information protection system in Japan, Masao Horibe, Specific Personal Information Protection Commission (Japan)
- The conditions for and the means of effective enforcement cooperation between DPAs, Dariusz Kloza, Vrije Universiteit Brussel
- PHAEDRA II project – presentation of the new project, David Wright, Trilateral Research & Consulting LLP & Artemi Rallo, Universitat Jaume I
Workshop 3: The EU Data Protection Regulation and regional perspectives on improving international cooperation between DPAs, PCs and PEAs
Seoul (South Korea), 18 June 2014, 13.20-15.20h
The Personal Information Protection Commission, the DPA of South Korea, hosted the 41st Asia Pacific Privacy Authorities (APPA) Forum, that took place from 17-18 June 2014 in Seoul. The third workshop was organized during the open session of the APPA Forum, and was on the theme “The EU Data Protection Regulation and regional perspectives on improving international cooperation between DPAs, PCs and PEAs”. Wojciech Rafał Wiewiórowski and Gertjan Boulet, members of the PHAEDRA consortium, reflected on the EU Data Protection Reform, and presented the results of the PHAEDRA project so far. Two speakers from outside Europe presented regional perspectives on the topic, reflecting on the current practices of interregional and international cooperation between DPAs, PCs and PEAs, more particularly in relation to identified legal, cultural, organizational, technical or other barriers and challenges, and giving perspectives about the adoption of a new EU Data Protection Regulation.
Agenda: The EU Data Protection Regulation and regional perspectives on improving international cooperation between DPAs, PCs and PEAs
The Communiqué of the 41st APPA Forum: 41st APPA Forum — Communiqué
Report: Results of the third PHAEDRA workshop on ‘the EU Data Protection Regulation and regional perspectives on improving international cooperation between DPAs, PCs and PEAs’
Workshop 2: Challenges and barriers for cooperation and coordination between DPAs
Skopje (Republic of Macedonia), 6 May 2014, 14.30-16.30h
The Directorate for Personal Data Protection, the DPA of the Republic of Macedonia, hosted the 55th meeting of the International Working Group on Data Protection in Telecommunications (IWGDPT), the so-called Berlin Group, that took place from 5-6 May 2014 in Skopje. The second workshop under the PHAEDRA project was organised as a side event to the meeting of the Berlin Group. During the workshop, organized in the form of a roundtable, members of the PHAEDRA consortium presented the results of the project so far, and representatives of DPAs gave short presentations. Most of the time was dedicated to an open discussion, in order to invite the participants’s views regarding barriers in international cooperation and coordination between DPAs, PCs, and PEAs as well as regarding ways to overcome them.
Agenda: Challenges and barriers for cooperation and coordination between DPAs
Report: Results of the second PHAEDRA workshop on ‘Challenges and barriers for cooperation and coordination between DPAs’
- PHAEDRA project – General information, Beata Batorowicz, GIODO
- Introduction to the PHAEDRA workshop, David Wright, Trilateral Research & Consulting LLP (presented by Artemi Rallo, Universitat Jaume I)
- Enforcing privacy: PHAEDRA findings, David Wright, Trilateral Research & Consulting LLP (presented by Artemi Rallo, Universitat Jaume I)
- The WhatsApp Experience: Practical lessons learned from an international joint investigation, Rob van Eijk, Dutch Data Protection Authority (The Netherlands) & Steven Johnston, Office of the Privacy Commissioner (Canada) (presented by Rob van Eijk)
- Practical experience of cooperation and coordination during DP investigations and audits, Ultan O’Carroll, Office of Data Protection Commissioner (Ireland)
Workshop 1: Improving cooperation and coordination between DPAs
Warsaw (Poland), 24 September 2013, 14.00-17.00h
GIODO hosted the 35th International Conference of Data Protection and Privacy Commissioners (ICDPPC), that took place from 23-26 September 2013 in Warsaw (https://privacyconference2013.org/). The first workshop under the PHAEDRA project was organised as a side event to the ICDPPC. During this workshop the problems of cooperation and coordination between DPAs and privacy commissioners were discussed.
Invitation: Improving cooperation and coordination between DPAs
Agenda: Improving cooperation and coordination between DPAs
Report: Results of the first PHAEDRA workshop aimed at improving privacy enforcement co- operation and co-ordination
Press release: Results of the first PHAEDRA workshop aimed at improving privacy enforcement co-operation and co-ordination
- The PHAEDRA project – first results, David Wright, Trilateral Research & Consulting LLP
- Legislative review: overview & preliminary results, Paul De Hert, Vrije Universiteit Brussel
- The role of Convention 108 in the international cooperation, Jean-Philippe Walter, Chair T-PD & Deputy Commissioner, Federal Data Protection and Information Commissioner, Switzerland
- Practical Enforcement Cooperation: Lessons Learned, Hugh Stevenson, United States Federal Trade Commission
- Cooperation beyond DPAs, Blair Stewart, Assistant Privacy Commissioner New Zealand
- An Operational Role for WP29?, Rafael García Gozalo, Agencia Española de Protección de Datos;
- The PHAEDRA project: Possible tasks for the second year, David Wright, Trilateral Research & Consulting LLP