International Organisations Workshops: a vehicle for global data protection standards

Wojciech Wiewiórowski

Last week, on Tuesday 24 and Wednesday 25 October, I had the pleasure, once again, to co-organise the annual International Organisations Workshop dedicated to data protection.

This initiative, commenced in 2005 by the EDPS, aims to generate and foster global partnerships to share and promote good practices in the field of privacy, to protect individuals’ personal data. Each year, the EDPS co-organises a workshop with one of the 50 international organisations represented at the workshop. This year, I have to thank Interpol - The International Criminal Police Organisation - for hosting this important event in Lyon, France.

Reflecting on this edition of the International Organisations Workshop in particular, I sensed the ambition to continuously improve and adapt processes to elevate the standards of data protection, to set an example together, for each other, and globally. 

With their diverse purposes - from providing food assistance, advocating for human rights, to ensuring our safety, protecting our borders - each international organisation has their own set of challenges, which they have to tackle, whilst ensuring the protection of privacy. This is why it was important to give international organisations the opportunity to share significant legal, policy or technological updates affecting their work, and how these may impact data protection. By providing a platform, like these annual workshops, we were able to hit the ground running when brainstorming potential solutions to take on, collectively.

After taking stock of the International Organisations’ work so far, the workshop delved into an informative and productive session on digital identities and the processing of biometric data. During this session of the Workshop, some participants highlighted the need for digital identities to be user-centric, and to be mindful of the most vulnerable. Others underscored the importance of prioritising strong governance, to build trust in the use of digital identities.

It was then time to move on to the rest of the Workshop, which championed a forward-looking approach to different topics surrounding data protection.

Effectively protecting individuals’ privacy rights cannot be limited to learning from past or even current experiences. We must also be able to anticipate data protection trends and issues before they occur, and make an active plan on how to address these concretely.

With this outlook, follow-up panel discussions focused on the management of risks, especially when using cloud based service providers, during which EDPS colleagues used their hands-on knowledge to propose a series of tools to mitigate adverse effects on individuals’ personal data. Later during the workshop, the topic was broached again, this time with a more in-depth look on data transfers to and between international organisations, with a review of transfer tools, emphasising on the use of administrative arrangements, to ensure an adequate level of protection of personal information. In the EDPS’ view, a transfer tool that works is a transfer tool that offers appropriate data protection safeguards whilst being tailored to the international organisation that is using it.

Moving to the final part of the workshop, an interactive session on how to reconcile digital transformation with data protection took place. New and upcoming developments in technologies were explored, including artificial intelligence. Whilst most participants agreed that embracing technological advancements may be key to their work, caution should be exercised, and efforts should be made to ensure compliance with data protection rules, as well as ethical standards.

With each passing Workshop, I am convinced that international organisations have the ability to influence global data protection standards. I therefore already look forward to the next International Organisations Workshop to inform our collective work.