Email this page

Send this page to a friend.

This page is printer friendly.

28th International conference of data protection and Privacy Commissioners

2ND & 3RD NOVEMBER 2006
LONDON, UNITED KINGDOM

CLOSING COMMUNIQUÉ


The 28th International Conference of Data Protection and Privacy Commissioners was held in London on 2nd and 3rd November. It was attended by delegates representing 58 data protection and privacy authorities from around the world.

The main part of the Conference, at which representatives of a wide range of governmental, law enforcement, civil society and private sector organisations were also present, considered the implications of a surveillance society.

A number of themes were emphasised by Commissioners.

The ‘Surveillance Society’ is already with us. Surveillance involves the purposeful, routine and systematic recording by technology of individuals’ movements and activities in public and private spaces. Everyday encounters with modern and developing technology which records, sorts and sifts personal information include:

  • systematic tracking, monitoring and recording of identities, movements and activities;
  • analysis of spending habits, financial transactions and other interactions;
  • ever-growing use of new technologies, such as automated video cameras, RFID etc;
  • monitoring of telephones, e-mails and internet use; and
  • monitoring of workplace activity.


Surveillance activities can be well-intentioned and bring benefits. So far the expansion of these activities has developed in relatively benign and piecemeal ways in democratic societies - not because governments or businesses necessarily wish to intrude into the lives of individuals in an unwarranted way. Some of these activities are necessary or desirable in principle - for example, to fight terrorism and serious crime, to improve entitlement and access to public services, and to improve healthcare.

But unseen, uncontrolled or excessive surveillance activities also pose risks that go much further than just affecting privacy. They can foster a climate of suspicion and undermine trust. The collection and use of vast amounts of personal information by public and private organisations leads to decisions which directly influence peoples’ lives. By classifying and profiling automatically or arbitrarily, they can stigmatise in ways which create risks for individuals and affect their access to services. There is particularly an increasing risk of social exclusion.

Privacy and data protection regulation is an important safeguard but not the sole answer. The effects of surveillance on individuals do not just reduce their privacy. They also can affect their opportunities, life chances and lifestyle. Excessive surveillance also impacts on the very nature of society. Privacy and data protection rules help to keep surveillance within legitimate limits and include safeguards. However, more sophisticated approaches to regulation need to be adopted.

A systematic use of impact assessments should be adopted. Such assessments would include but be wider than privacy impact assessments, identifying social impact and opportunities for minimising undesirable consequences for individuals and society.

The issues are wide ranging and cannot be taken forward by data protection/privacy regulators alone. Engagement should be a common cause for all who are concerned about developments. Commissioners should work alongside relevant civil society organisations and also governments, private sector, elected representatives and individuals themselves to guard against unwarranted
consequences.

Public trust and confidence is paramount. Although much of the infrastructure of the surveillance society has been assembled for benign purposes, continued public trust cannot be taken for granted. Individuals must feel confident that any intrusion into their lives is for necessary and proportionate purposes. Public confidence is like personal privacy - once lost it is difficult if not impossible to regain.

Although surveillance society issues are broader than data protection and privacy, data protection authorities have an indispensable role to play. Increasingly in a surveillance society individuals often have no realistic choices, little control and few opportunities for self help. Personal information is collected and used in ways invisible to the ordinary individual.

During the lifetime of data protection regulation the world has not stood still. The demands of states, private sector and citizens have changed and information processing technology has moved on at a fast pace. It is right for data protection authorities to reflect upon whether their traditional approaches remain relevant and effective. Activities such as complaint handling and audit/inspection are as important as ever but continued improvement in areas such as effective engagement with citizens and policy makers is now essential.

During the closed session of the Conference, the Commissioners welcomed an initiative from Alex Turk, President of the French Commission Nationale de l'Informatique et des Libertés (CNIL), urging them to re-state the fundamental importance of data protection and privacy in a fast-changing world and the need for urgent action to face new challenges. A copy of the Statement – "Communicating Data Protection and Making It More Effective" - is attached to this Communiqué.

The Commissioners reflected upon their own role and the challenges that these changes pose for them. Commissioners identified the following areas as necessary to allow them to rise to the challenges:

  • Protection of citizens’ privacy and personal data is vital for any democratic society, on the same level as freedom of the press or freedom of movement. Privacy and data protection may in fact be as precious as the air we breathe: both are invisible, but when they are no longer available, the effects may be equally disastrous.
  • Commissioners should develop a new communication strategy in order to make the public and relevant stakeholders more aware of these rights and their importance. Commissioners should initiate powerful and long term awareness raising campaigns and measure the effects of these actions.
  • Commissioners should also communicate better about their own activities and make data protection more concrete. Only when these activities are meaningful, accessible and relevant for the public at large, is it possible to gain the necessary power to influence public opinion and to be heard by decision makers.
  • Commissioners should assess their efficiency and effectiveness, and where necessary adapt their practices. They should be granted sufficient powers and resources, but should also use them in a selective and pragmatic manner, while concentrating at serious and likely harms, or main risks facing individuals.
  • Commissioners should reinforce their capacities in technological areas, with a view to advanced studies, expert opinions and interventions, in close interaction with research and industry in the field of new technology, and share this work together. The excessively “legal” image of data protection must be corrected.
  • Commissioners should restructure the International Conference to become a stronger voice on international issues and an unavoidable discussion partner for international initiatives with an incidence on data protection.
  • Commissioners should support the need of an International Convention and the development of other global instruments. Problems that can only be dealt with effectively at international level – either in general or in specific sectors – should be addressed in this way with appropriate means.
  • Commissioners should promote the involvement of other stakeholders of data protection and privacy, at national or international level, such as civil society and NGOs, to develop strategic partnerships where appropriate, with a view to making their work more effective.


Commissioners will undertake a programme of follow-up activities along these lines and will consider and evaluate progress made at their next international conference. In addition to considering their own role, Commissioners also adopted the following important resolutions.

Accreditation of eight new members - the data protection authorities of:

  • Andorra
  • Liechtenstein
  • Estonia
  • Romania
  • Canada - New Brunswick
  • Canada - Northwest Territories
  • Canada - Nunavut
  • Gibraltar
  • Resolution on conference organisational arrangements
  • Resolution on privacy protection and search engines


In conclusion - the challenges facing society and Data Protection and Privacy Commissioners are substantial. Not just in terms of surveillance but also due to the rapid changes in information processing technology, increased globalisation, irreversibility of some developments and lack of public awareness and education. Data protection safeguards, and the independent authorities which help set and enforce these safeguards, are indispensable in the modern information age. Commissioners have risen to the challenge and are committed to redoubling their efforts to ensure that data protection controls are even more relevant today and in the future than they were when many of today’s developments were in their infancy.

Downloads

file icon 28th International Conference - Closing Communique PDF, 65 KB