On September 23 and 24, 2013, a declaration and eight resolutions were adopted by the closed session of the 35th International Conference of Data Protection and Privacy Commissioners and have been published on the conference website. This blog post provides an overview of the declaration and the most significant resolutions.
Warsaw Declaration on the “Appification of Society”
The declaration (Warsaw Declaration on the ‘Appification’ of Society) discusses the challenges posed by the increased use of mobile applications and expresses the clear commitment of data protection commissioners to ensure that app users are offered a better privacy experience. In particular, the declaration emphasizes that “apps should be developed on the basis of surprise minimisation: no hidden features, nor unverifiable background data collection.”
In addition, the declaration makes clear that app developers aren’t the only parties responsible for privacy; providers of operating systems also bear responsibility for their platforms. The declaration indicates that the data protection commissioners intend to focus on improving privacy and data protection in this area and that they will revisit the subject during the 36th International Conference next year.
Resolution on Profiling
The first major resolution (Resolution on Profiling) makes six recommendations for all parties that engage in profiling:
- clearly determine the need and the practical use of a specific profiling operation and ensure appropriate safeguards before beginning;
- limit assumptions and data collection to that which is necessary for the intended lawful purpose, and ensure that the data is sufficiently up-to-date and accurate, where appropriate;
- ensure that the profiles and the underlying algorithms are subject to continuous validation;
- inform individuals about profiling operations to the maximum extent possible;
- ensure that individuals are informed about their data protection rights, and that human intervention is provided where appropriate (particularly with respect to decisions that have significant legal effects on individuals or that affect benefits or status); and
- ensure that all profiling operations are subject to appropriate oversight.
Resolution on International Enforcement Coordination
The second major resolution (Resolution on International Enforcement Coordination) recognizes that the Global Privacy Enforcement Network (“GPEN”) is still the only global network devoted solely to enforcement cooperation and encourages authorities to join GPEN and help make it more effective. The aim of the resolution is to build on previous efforts, including the work of GPEN and the work of the International Enforcement Coordination Working Group, which was created at the 33rd International Conference. To this end, the resolution mandates that the International Enforcement Coordination Working Group (1) work with other networks to develop a common approach to cross-border case handling and enforcement coordination, and (2) set forth the approach in a multilateral framework document to be adopted at next year’s Conference. The resolution further supports the development of a secure information platform that would allow privacy enforcement authorities to share confidential information.
Resolution on Anchoring Data Protection and the Protection of Privacy in International Law
The third major resolution (Resolution on Anchoring Data Protection and the Protection of Privacy in International Law) recognizes the pressing need for a binding international agreement on data protection and urges national governments to advocate the adoption of an additional protocol to Article 17 of the International Covenant on Civil and Political Rights (“ICCPR”) to create globally-applicable data protection standards. The resolution recommends adopting this additional protocol in accordance with the standards that have already been developed and endorsed by the International Conference and the provisions in General Comment No. 16 to the ICCPR.
Resolution on Web Tracking and Privacy
Another major resolution is the Resolution on Web Tracking and Privacy, which was adopted by all of the data protection commissioners except the Slovenian and French Commissioners (who abstained from voting). This resolution urges all stakeholders to follow ten recommendations, including:
- observe the principle of purpose limitation;
- refrain from the use of invisible tracking elements for purposes other than security or fraud detection or network management;
- ensure adequate transparency about all types of web tracking practices to enable informed consumer choices;
- conduct a privacy impact assessment at the start of new projects;
- use techniques that reduce the privacy impact, such as anonymization and pseudonymization; and
- promote technical standards for better user control (e.g., an effective Do-Not-Track standard).
Mauritius’ Data Protection Authority announced that it will host the next International Conference on September 22, 2014.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code