International Body to Approve Resolution for a Draft of International Standards on the Protection of Personal Data
Time 3 Minute Read
Categories: Centre for Information Policy Leadership, European Union, International

In November, the 31st International Conference of Data Protection and Privacy Commissioners will approve a resolution that will include an international standard for privacy protection called the “Joint Proposal for a Draft of International Standards on the Protection of Privacy with regard to the processing of Personal Data.”  The standard will be submitted to the United Nations as the basis for a treaty.  This is not the conference’s first attempt to reach consensus on an international standard, but it is the first to include robust processes that will begin to narrow the issues that divide nations on data protection law.

The standard is being developed under the leadership of the Spanish Data Protection Agency, working with a committee of data protection authorities through a process that has included participation by outside experts such as a Hunton & Williams partner and the Centre for Information Policy Leadership.  A third draft of the standard now has been circulated to which clearly the Spanish Data Protection Agency incorporated comments they received from fellow commissioners, businesses and the consumer advocacy community.  The first draft was based on the European Union Privacy Directive with added obligations from the APEC Privacy Framework and national laws outside Europe.

The third draft recognizes the concepts of organizational responsibility and accountability.  It replaces the data protection concept of “data controller” with the term “responsible person,” which is defined as “any natural person or organization, public or private that, in accordance with national law, decides on the existence of the [data] processing.”  The responsible person is, pursuant to the accountability principle, required to assure observance of all the principles and obligations set out in the standards document.  For example, data may only be transferred to a state or organization that affords a level of protection substantially similar to that provided by the standard; responsible persons who expect to carry out an international transfer must exercise “reasonable diligence” in making that assessment.  This aspect of the standard is very close to guidance regarding data transfers that was provided by the Canadian Federal Commissioner earlier this year.  The standard recognizes that organizations, rather than only states, may provide an adequate level of data protection, which is a major step forward in establishing that organizational accountability is a practical hook to facilitate transfers of data with appropriate obligations attached.

Tags: APEC, Spain
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
APEC Cross-Border Privacy Rules Go Global

On April 21, 2022, the United States, Canada, Japan, Singapore, the Philippines, the Republic of Korea and Chinese Taipei published a declaration (the “Declaration”) establishing the Global Cross-Border Privacy Rules Forum (the “Global CBPR Forum”). The Global CBPR Forum will establish an international certification system based on the existing APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems, enabling participation beyond APEC member economies. The Global CBPR and PRP Systems, as they will be known, are designed to support the free flow of data and effective data protection, and enable interoperability with other privacy frameworks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Spanish DPA Fines Supermarket Chain 2,520,000 EUR for Unlawful Use of Facial Recognition System

On July 27, 2021, the Spanish Data Protection Authority (the “AEPD”) imposed a €2,520,000 fine on Spanish supermarket chain Mercadona, S.A. for unlawful use of a facial recognition system.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
APEC Endorses the First U.S. Non-Profit Accountability Agent

On January 26, 2021, BBB National Programs announced that it has been endorsed as an Accountability Agent for the APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) systems. This makes BBB National Programs the seventh CBPR and PRP Accountability Agent worldwide and the first ever U.S. non-profit to be approved by APEC.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CIPL Publishes Concept Paper on an Interstate Privacy Interoperability Code of Conduct

The Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) recently published a concept paper titled Why We Need Interstate Privacy Rules for the U.S.

The paper acknowledges the possibility that the U.S. may not implement a comprehensive federal privacy law in the near future, and that instead a growing patchwork of state laws will emerge. It proposes an interstate privacy interoperability code of conduct or certification as a solution to the possibility of inconsistent and disparate privacy requirements across the U.S. The paper outlines the benefits and key features of the code, as well as potential models and sources for its structure and substantive rules, such as the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (“APEC CBPR”), ISO standards, existing state privacy laws, the EU General Data Protection Regulation (“GDPR”) and key federal privacy proposals. It also discusses the process that could be used to develop the code.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page