As data flows digitally across borders, there is a need to consider data protection in a global context. In addition to our cooperation with European data protection authorities, in particular in the framework of the European Data Protection Board, we also cooperate beyond the EU with international partners to develop cross-border, coordinated approaches to protect the rights of individuals.
Here we outline some areas of our cooperation work with a particular focus on the Global Privacy Assembly, the Spring conference, the Council of Europe, the OECD, the G7 DPAs roundtable, other Regional and International Networks, the Berlin Group and the Workshop with International Organisations.
International conferences and workshops
The EDPS is a member of the Global Privacy Assembly (GPA), which takes place every year in the autumn.
The GPA first met in 1979 as the International Conference of Data Protection and Privacy Commissioners. The Assembly has been the premier global forum for data protection and privacy authorities for more than four decades and seeks to provide leadership at international level in data protection and privacy. It does this by connecting the efforts of more than 130 data protection and privacy authorities from across the globe.
Together with the Bulgarian data protection authority, the EDPS hosted the 2018 International Conference in Brussels. The main theme of the conference was ethics and new technologies.The EDPS, jointly with the French data protection authority (CNIL), co-chairs the GPA working group on Ethics and Data Protection in AI (AIWG) and acted for instance as main sponsor for the GPA Resolution on generative AI systems, adopted in 2023. The EDPS also takes part to other GPA working groups (Global Frameworks and Standards, Digital Economy, Data Protection and Other Rights Freedoms, International Enforcement Cooperation, Digital Citizen and Consumer, The Role of Personal Data Protection in International Development Aid, International Humanitarian Aid and Crisis Management, Data Sharing, etc).
The data protection authorities from the Member States of the EU and of the Council of Europe meet annually for a European Conference, also called the “Spring Conference” to discuss matters of common interest and to exchange information and experiences on different topics. The EDPS actively contributes to the discussions. The conference usually ends with the adoption of a number of resolutions, available on the EDPS website.
The EDPS regularly participates in the annual case-handling workshops organised by national data protection authorities (DPAs) and supervisory authorities in Europe (including non-EU countries). These workshops are useful fora to discuss practical issues at working level and bring together DPAs staff (complaint handlers and inspectors in particular) from all over Europe.
Council of Europe
The Council of Europe is an important player in privacy and data protection law and policy, not only in Europe but increasingly on other continents where pan European norms are often taken as a source of inspiration for legislation and policies.
The Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) is open to accession by both European and non-European countries. The Convention 108 has been recently modernised to deal with challenges resulting from the use of new information and communication technologies and to strengthen the Convention’s effective implementation. In mid-January 2024, 31 States have ratified the Amending Protocol and seven ratifications are still required for the entry into force of the modernised Convention 108.
The EDPS is an observer at the Council of Europe’s expert groups on data protection, including the Consultative Committee (T-PD) of Convention 108 and represents the Global Privacy Assembly before the T-PD.
The EDPS also follows the ongoing negotiations on a Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law, in the framework of the Committee on Artificial Intelligence (CAI).
We attend the meetings of these expert groups and provide informal oral and written comments with a view to ensure a good level of protection and compatibility with EU data protection standards.
The EDPS participates as an observer to different working parties of the OECD, in particular the Working Party on Data Governance and Privacy (DGP), which is attached to the Committee on Digital Economy Policy, and the Working Party on Artificial Intelligence (AIGO).
The OECD and the EU share common values as regards the need for the digital transformation to be human-centric and fundamental rights-oriented.
We provide, where necessary, comments to the Working Party on recommendations relating to the protection of privacy and data protection.
The G7 DPAs roundtable
The EDPS, together with the EDPB is representing the EU in the G7 Roundtable of data protection and privacy authorities gathering also data protection and privacy authorities of Canada, France, Germany, Italy, Japan, the United Kingdom and the United States of America.
Together, G7 data protection and privacy authorities discuss joint actions on some of the key issues permeating to data protection. This included for instance recently the topic of Generative Artificial Intelligence and the topic of Data Free Flow with Trust. Exchange of views were also held on emerging technologies, and how these can embed the principles of data protection and privacy, as well as strategies to enforce data protection rules.
Shaping the global debate on data protection has long been one of the EDPS’ priorities; exchanging views allows for the development of common approaches on privacy, whilst taking into account the broader geopolitical contexts. It is also a chance for the EDPS to share and promote the EU’s perspective, notably its standards related to data protection and privacy, on the global stage, and to build cooperation on that basis.
The EDPS also follows the activities of other networks to support regional initiatives that aim to strengthen data protection worldwide.
These include in particular the Global Privacy Enforcement Network (GPEN), the Asia Pacific Privacy Forum (APPA), the French-speaking association of personal data protection authorities (AFAPDP), the Ibero-American data protection network (RIPD).
The International Working Group on Data Protection in Telecommunications (IWGDPT), also known as the Berlin Group, aims to contribute to ensuring at international level a consistent and high level of data protection and privacy, based on democratic principles and fundamental rights, by identifying emerging technologies and delivering positions and practical advice on them.
The Chair of the Group is the German Federal Commissioner for Data Protection and Freedom of Information (BfDI). The Group is composed of representatives of worldwide data protection supervisory authority as well as of some independent experts representing various sectors, including public authorities, private organizations, academia and civil society.
The EDPS regularly participates in the meetings and contributes to the various activities of the Group, in particular by leading or supporting the drafting of their papers.
One of the EDPS’ priorities is to generate and foster global partnerships in the field of data protection.
One way for the EDPS to pursue this goal is to co-organise, on a regular basis, workshops dedicated to data protection with International Organisations. These workshops, initiated in 2005, are an opportunity for all International Organisations to exchange their experiences and views on the most pressing issues they are facing.
Over the years, the relevance and significance of these workshops have grown consistently. This confirms the need for this platform for International Organisations to engage, share best practices and discuss common challenges, as well as increasing awareness on the importance of protecting individuals’ personal data around the world.
Co-organising a workshop with a different International Organisation each time gives room to discuss a variety of topics, from processing sensitive data relating to refugees, to artificial intelligence and biometric data for example.
On top of these various multilateral fora, the EDPS is also maintaining and promoting bilateral cooperation with key institutions and authorities.
For instance, the EDPS and the UK Information Commissioner’s Office signed on 9 November 2023 a Memorandum of Understanding (MoU), which reinforces their common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal.
The EDPS is also pursuing an active and strong bilateral cooperation with many other partners within and outside the EU.