Privacy Advisor

Global Privacy Dispatches- Privacy Commissioners Conference

December 1, 2007

GLOBAL PRIVACY

By John W. Kropf, CIPP

Calls for International Standards for Airlines, Science and Technology and General Cooperation

The Privacy Commissioner's Office of Canada hosted the 29th International Conference of Data Protection and Privacy Commissioners in Montreal September 26-28. This international group is composed of national and sub-national representatives, mainly from European and Canadian data protection authorities. Countries such as the U.S. and Japan are permitted to attend as observers.

During the conference's closed sessions, the commissioners issued three resolutions. While there is no voting record of how each representative voted, the resolutions provide the name of the proposing authority and its co-sponsors.

The Canadian privacy commissioner proposed a "Resolution on International Co-operation" that was co-sponsored by the data authorities of the UK, New Zealand, Alberta and Saskatchewan. The measure recognizes the cross-border enforcement work being conducted in regional bodies such as OECD and APEC. As a potentially helpful development for countries that do not follow the European model of an independent data protection authority, the commissioners first recognize that countries have adopted different approaches to protecting personal information and enhancing privacy rights.

In a second measure, Germany proposed a "Resolution on the urgent need for global standards for safeguarding passenger data to be used by governments for law enforcement and border security purposes." The document reaffirms the "data protection and privacy rights, as enshrined in Article 12 of the Universal Declaration of Human Rights" and "other legal instruments." The language is unusual since "privacy" is mentioned in Article 12 of the UN Declaration but not "data protection," which must therefore be referenced in the unspecified "legal instruments." The resolution applies the standard fair information practice principles to the collection of passenger data, but also calls on industry groups and commissioners to seek binding global solutions.

In what may be the most unusual of the three resolutions, the Canadian commissioner's office proposed a "Resolution on the Development of International Standards." The document, which was co-sponsored by the data protection authorities of Germany, Belgium, Berlin, Ontario, Spain and Switzerland, is unlike the other measures in structure. It provides a significant narrative and then offers six sub-resolutions that call upon data protection authorities to actively become more involved in the International Organization for Standardization (ISO). ISO is a non-governmental organization made up of a network of the national standards institutes of 157, mostly European countries, which has generally set technical specifications for industry.

The resolutions can be viewed at: www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html. The resolutions have no binding legal effect.

The next conference will be co-hosted by the data protection authorities of France and Germany in October 2008.


John Kropf is the Deputy Chief Privacy Officer and Senior Adviser for the U.S. Department of Homeland Security's Privacy Office. The views expressed here are his and not those of the Department of Homeland Security or the U.S. Government. He may be reached at john.kropf@dhs.gov.