The Data Protection Authorities’ Global Privacy Enforcement Network, GPEN, has increased its information exchange by way of conference calls. The network, which at the end of 2016 consisted of 64 privacy enforcement authorities in 47 jurisdictions around the world, organised ten Atlantic teleconferences and nine Pacific teleconferences during 2016. This was in addition to face-to-face meetings in Manchester and Marrakesh.
The GPEN’s 3rd Annual Report for 2016, published yesterday, lists the teleconferences as one of GPEN’s most successful activities. DPA staff discuss enforcement issues, trends, and experiences with other members. Subjects included: whether loyalty cards could be anonymous, genetics, accountability, GPEN Sweeps and strategies for releasing results, challenges of commercial utilisation of personal data, Privacy Impact Assessments, handling breach notifications, improving consumer awareness, blockchain technologies and cryptocurrencies.
In 2016, a joint investigation was carried out by Canada’s and Australia’s Privacy Commissioners into the Ashley Madison data breach – http://www.privacylaws.com/Publications/enews/International-E-news/Dates/2016/8/Ashley-Madison-site-used-a-fabricated-security-trustmark/.
In 2016, GPEN’s privacy sweep looked into the privacy challenges associated with Internet of Things devices. 25 authorities took part in the Sweep, which examined the practices of 314 devices/companies.
GPEN shares its expertise with regulators from other sectors, such as consumer protection authorities.
The GPEN Committee shares the work so, for example, the website is hosted and managed in Canada, Israel provides the secretariat and led the survey on members’ enforcement powers, and the UK is organizing the 2017 Sweep.