Solidarity & Digital Solidarity: 2022 International Organisations Data Protection Workshop

Wojciech Wiewiórowski


Having marked Europe day a few days earlier at EU Open Day in Brussels, I attended the 2022 edition of the International Organisations workshop, co-organised this year by the EDPS and the World Food Programme at their premises in Rome on 12-13 May. 

Mulling over the two events, I recall my introduction to an uplifting blog post by EDPS trainees to mark Europe Day on 9 May 2020 which looked forward to a post Covid-19 Future of continued #Solidarity #FreedomofMovement #DataProtection.

The COVID-19 pandemic has immeasurably changed the social, economic and political priorities of many actors around the world. Moreover, the health crisis accelerated the pace of digital transformation and triggered public debate on the legal measures and technical solutions adopted in response to the pandemic.

The world is also having to deal with the repercussions of a slew of humanitarian crises, not least the war in Ukraine. So it was in this context that International Organisations gathered to discuss pertinent data protection issues.

Although the EDPS hosted an online edition in October 2020, the last in-person meeting took place in 2019, before COVID-19 went global. The data protection landscape has been impacted dramatically by the pandemic and subsequent events requiring increased humanitarian action by international organisations.

The workshop was an important opportunity for international organisations to share the complexities they face including how to meet the requirements of data protection law when acting on humanitarian grounds in the field. 

The EDPS’ objective for these workshops when we initiated them in 2005 was to provide a platform to bring together international organisations to share experience, practice and analysis of common challenges. This rationale appears to be more relevant than ever in 2022, with over 100 participants and more than 50 organisations represented at the workshop.

A pertinent keynote speech on behalf of a private sector consultancy kicked off the agenda proper on the current ethical dilemmas arising from the use of technology. 

The first panel session of the workshop was an opportunity to hear from various stakeholders and from international organisations about significant legal, policy or technological updates related to privacy & data protection from the perspective of their work.  

In a keynote speech that followed, I reminded the workshop that the meeting is an occasion to recognise the place in time and history that we are at today, why it matters for International Organisations and why International Organisations in themselves matter.

In these dangerous and uncertain times, the work of International Organisations is more essential and important than ever. Together we need to defend the attacks on multilateralism.

The second panel session considered Data Subjects’ Rights, specifically the challenges and opportunities for International Organisations. The aim was to get an overview of current best practices and the challenges of enforcing data subjects’ rights and discussions included governance, response time and technology used.

The participants were then invited to take part in a practical discussion about responding to a data breach. The panellists kicked off the session with an overview on how an appropriate response to a data breach should be planned and implemented. This was then followed by an engaging Q&A and the sharing of experiences and best practice by participants.

To keep the momentum going, the workshop divided into breakout groups for a practical simulation exercise of an organisational response to a hypothetical data breach.

The regular participants of this workshop are mainly data protection practitioners so a practical and specific session on international data transfers which started the second day of the workshop was very welcome and covered concrete actions and practical solutions to overcome some of the issues faced by international organisations. 

The main objective of the following session, on privacy risk management, was to share views on how privacy and data protection risks are being managed by International Organisations, from governance, technical and resource management perspectives. 

The final session of the workshop “Digital Transformation and Data Protection an Oxymoron?” looked at the tension between innovation and data protection and considered the challenges including anonymisation, role determination, security, data sharing, for instance in AI, cloud computing or Blockchain.

The discussions on both days of the workshop demonstrated the commitment of the international organisations’ data protection community. The EDPS will continue to support their efforts and continue to contribute to increasing global cooperation.

Solidarity, including digital solidarity and responsible processing, will allow data protection to serve humankind during these extraordinary tests of our experience, knowledge, skills and values.

I would like to extend my thanks once again to the World Food Programme for hosting the 2022 workshop of international organisations. I look forward to meeting colleagues again at the 2023 workshop under the auspices of Interpol.