International Organisations demonstrate dedication to data protection

Wojciech Wiewiórowski

Data flows digitally across borders. It is therefore vital that we address data protection in a global context.

Though they may be exempt from national laws, including those relating to data protection, international organisations are influential advocates for the development of a privacy culture. Their position means that they are able to spread knowledge about data protection and privacy in parts of the world where, for various reasons, it has not necessarily been high on the agenda.

The EDPS supports international organisations in their efforts to develop their own data protection frameworks and to share knowledge and experience with one another. An important part of this work takes place as part of a series of workshops; an initiative launched by the EDPS in 2005.

A few days ago, I participated in the seventh edition of this workshop, which we had the pleasure of co-organising in Copenhagen alongside our hosts, the Office of the United Nations High Commissioner for Refugees. The event was very well organised and I would like to thank our colleagues in UN City in Copenhagen for their professionalism and excellent cooperation.

The workshop focused on a range of topics. These included privacy standards and oversight mechanisms for international organisations, how to put the principle of accountability into practice, international transfers and the legal grounds for processing personal data in the international organisations context.

It was also an opportunity for an in-depth discussion about some of the challenges faced by international organisations. In particular, with the General Data Protection Regulation (GDPR) now fully applicable, the question of the impact of the GDPR on international organisations, particularly in relation to data transfers from public administrations and private entities in EU Member States to international organisations, was a topic of discussion. Many of these transfers are integral to the work of international organisations. Solutions must therefore be found to ensure that these data flows can continue in full compliance with the GDPR.

With around 70 participants representing 38 organisations from across the world, our discussions were lively and engaging. International organisations are on the front line when it comes to addressing the challenges and uncertainty of globalisation and, as a result, are expected to show leadership in improving data protection standards. Our discussions filled me with confidence that they are strongly committed to doing this.

The increasingly important role of Data Protection Officers (DPOs) within international organisations is an excellent example of this. The appointment of DPOs across the wide range of international organisations is therefore an encouraging and welcome demonstration of the proactive approach of international organisations to data protection and accountability.

Throughout our discussions I noted a common determination to make data protection part of the working culture of international organisations and to ensure that these organisations are held accountable. I was especially interested to learn about new initiatives to organise independent control mechanisms for the data processing activities of international organisations. This is very promising as independent supervision is a key component of a strong data protection regime.

I have no doubt that the fruitful dialogues initiated at this workshop will lead to further collaboration between international organisations as they continue to develop their approaches to data protection. The EDPS will continue to lend our full support to this effort.