During the October 14, 2014 closed session of the 36th International Conference of Data Protection and Privacy Commissioners (the “Conference”) held in Balaclava, Mauritius, the host, the Data Protection Office of Mauritius, and member authorities of the Conference issued the “Mauritius Declaration on the Internet of Things,” and four new resolutions – a “Resolution on Accreditation” of new members, a “Resolution on Big Data,” a “Resolution on enforcement cooperation,” and a “Resolution on Privacy in the digital age.” Brief summaries of each of these documents are below.
Mauritius Declaration on the Internet of Things
The closed session featured a discussion on the benefits and risks of the Internet of Things among four experts from academia and the private sector and the Conference member authorities. Key observations contained in the Declaration issued by the host and the Conference’s Executive Committee included:
- The Internet of Things further magnifies the risks already inherent in big data.
- Data derived from Internet of Things devices should be considered personal data.
- Although Internet of Things business models are still evolving, it appears clear that key financial incentives do not pertain solely to Internet of Things devices themselves, but also to the new services related to the Internet of Things.
- To maintain trust in these connected systems, data protection should be the joint responsibility of all stakeholders and should be based on actionable transparency.
- Privacy by design is essential in the Internet of Things.
- The Internet of Things poses significant security challenges that can be controlled either by “local processing” (processing on the device) or end-to-end encryption.
- The Conference member authorities will monitor Internet of Things developments and compliance and will bring enforcement actions where necessary, either unilaterally or through international cooperation.
Resolution on Accreditation
This resolution lists newly admitted privacy authorities from Bremen (Germany), Ghana and Senegal, as well as organizations that received observer status to the Conference, including organizations from Bermuda, Japan, Mexico, Singapore and the U.S.
Resolution on Big Data
According to this resolution, big data may prove beneficial to society, but also poses risks to privacy and civil rights. Big data challenges the key privacy principles of purpose limitation and data minimization. These principles currently are more important than ever, as they are the foundation for safeguards against extensive profiling. Conference members called on big data users to take a number of actions, including the following:
- Respect the principle of purpose specification.
- Limit data collection to the level necessary for the purpose.
- Where appropriate, obtain valid consent for using personal data for analysis and profiling.
- Be transparent about data collection and use.
- Provide access and control tools to individuals.
- Carry out privacy impact assessments.
- Employ privacy by design.
- Make appropriate use of anonymization.
- Decisions based on big data must be fair, transparent and accountable. Algorithms require continuous assessment. Profiling results must be reviewed regularly to verify that they are responsible, fair and ethical as well as compatible with, and proportionate to, the purpose of the profiles. Avoid injustices resulting from fully automated decisions and undertake manual assessments of decisions that affect individuals.
Resolution on enforcement cooperation
This resolution recalls the numerous initiatives undertaken so far by the Conference and other organizations, such as the Asia-Pacific Economic Cooperation, the Organization for Economic Cooperation and Development and the Global Privacy Enforcement Network (“GPEN”), to further cross-border enforcement cooperation among privacy and data protection authorities and calls on member authorities to continue these efforts by:
- Accepting the “Global Cross-Border Enforcement Cooperation Arrangement,” a cooperation framework developed by Conference members.
- Continuing to hold annual meetings specifically for the purpose of discussing international enforcement cooperation.
- Improving coordination between the Conference’s Executive Committee and other enforcement cooperation networks such as GPEN.
- Supporting the development of a secure international information-sharing platform for privacy enforcement authorities and facilitating coordinated international enforcement actions.
Resolution on Privacy in the digital age
This resolution is a reaction to the ongoing revelations about government mass electronic surveillance and is intended to support the UN High Commissioner’s report on “The right to privacy in the digital age.” Among other things, it affirms that the Conference, through its Executive Committee, intends to participate in the multi-stakeholder dialogue that is proposed in the High Commissioner’s report to address the challenges related to the right to privacy in the context of modern communications technology. It also calls on Conference members to (1) advocate that electronic surveillance programs comply with certain specified international standards and (2) seek relevant enforcement powers.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code