Print

International cooperation in data protection: not an option, but vital to our tasks

Leonardo CERVERA NAVAS

This week, the EDPS Supervisor, Wojciech Wiewiórowski, and I had the pleasure to attend a high-level event titled "Data-protection in the Western Balkans and Eastern Partnership Region", arranged by the SIGMA Programme; the Eastern Partnership Regional Fund for Public Administration; the Regional Cooperation Council and the Regional School of Public Administration.

Thanks to the organisers, we had the opportunity to listen, learn from, but also discuss and exchange with representatives from data protection authorities and public institutions from Albania; Armenia; Azerbaijan; Bosnia and Herzegovina; Georgia; Kosovo; Moldova; Montenegro; North-Macedonia; Serbia and Ukraine. These 11 countries shared their insights, unique perspectives, as well as the challenges and opportunities they encounter when advocating for digital rights and the protection of individuals’ personal data.

Whilst there is no United Nations’ Universal Binding Declaration or Convention on data protection, the challenges that we are facing in this remit are international, if not global. The General Data Protection (GDPR) often serves as an inspirational model for many countries outside the EU/EEA. The GDPR has the potential to play an influential role in defining global standards in the field, together with the Modernised Convention 108 of the Council of Europe, which also plays a decisive role. But, for this to be achieved, we need continued, international cooperation, which is why this event, as well as other international fora, are all the more special, and conducive to elevating data protection standards according to shared values and rights.

One of the ways to build stronger convergence of data protection standards with different countries from around the world is through the cooperation of Data Protection Authorities (DPAs). In fact, this cooperation is no longer an option, it is essential, if not vital, to move forward in this field.

In this respect, during this one-week event, I shared my reflections and provided recommendations based on the work that the EDPS does, both as the independent data protection authority supervising the EU institutions, bodies, offices and agencies (EUIs), and as a member of the European Data Protection Board collaborating with other DPAs of the EU/EEA. In summary, DPAs must demonstrate flexibility in light of the rapidly changing digital regulatory landscape, and the increasing development of technologies impacting data protection. At their core, DPAs should strive to always act with independence to guarantee their effectiveness when putting in place data protection measures for a sustainable digital economy that upholds individuals’ privacy rights. Selecting priorities to work on, and strategizing actions to take, in alignment with often competing data protection preoccupations, are also key to enhancing DPAs’ respective efficiency.  

Complementing these recommendations and further discussions on the role that DPAs have to play and how they can cooperate with each other, I am glad that, during this event, time was carved out for exchanges at a more technical level. As such, EDPS colleagues from the Policy & Consultation; Supervision & Enforcement and Technology & Privacy Units shared some of their on-the-ground experiences with EUIs, as well as with international partners in the data protection field.

Wojciech Wiewiórowski and I are grateful for the enlightening and thought-provoking remarks that were made by Western Balkan and Eastern Partnership countries during this event. Initiatives like these inspire us and confirm our ambition to act with others in a way that promotes global data protection standards, in the interest of all. We look forward to continuing such partnerships.