Role of data protection authorities to evolve

The outcome will be greater standardisation in the way data protection laws are applied around the world, as well as a streamlining of regulatory processes.

Businesses should welcome the direction of travel, which was recognised recently at an international gathering of data privacy regulators.

The International Conference of Data Protection and Privacy Commissioners

Representatives from data protection and privacy regulators around the world met in Tirana, Albania, in October. Standardisation of data protection regulations and the interaction amongst privacy, competition and consumer law were topics high on the agenda.

New data protection provisions are being approved worldwide, and while Convention 108 from the Council of Europe and the EU's GDPR are clear inspirations for the new regulations emerging, a higher degree of global standardisation remains an ambition.

One of the mechanisms that will help to achieve a higher standardisation is cooperation amongst authorities. The conference issued a resolution on cooperation in cross-border enforcement with the aim of achieving higher cooperation amongst data protection authorities worldwide.

Cooperation amongst data protection authorities

Through the resolution, the members of the ICDPPC have pledged to:

• contribute their knowledge and expertise continuously to a new public information portal on the ICDPPC website and to ensure that the repository remains a living project and is streamlined;
• consider how the ICDPPC website might be developed to bring together information made available by individual authorities and move towards a comprehensive authorities database;
• identify the legal impediments that relate to enforcement cooperation, including through a potential mapping exercise,with a view to challenging and eventually overcoming those impediments;
• continue to operate a mutual observation arrangement with the OECD, as the OECD sets up its new working group on privacy

Interaction between data protection, consumer and competition authorities

Regulatory cooperation between data protection authorities, consumer protection authorities and competition authorities was the topic of another resolution adopted at the conference.

To increase such cooperation, the conference agreed to:

• explore, understand and map the substantive overlaps between legislation regulating the data protection and/or privacy rights of individuals and legislation regulating competition or consumer protection laws;
• further sensitise authorities and networks to the intersections between privacy, consumer protection and competition such that competition and/or consumer protection authorities and data protection/privacy authorities can recognise the underlying principles which the different regulatory frameworks are subject to and can apply these principles into their regulatory activities to improve their enforcement practice;
• identify strategies, tools and collaboration vehicles that provide for cooperation across regulatory spheres.

Looking to the future

A higher degree of cooperation amongst authorities would be welcome from a business perspective, but such cooperation should not limited to enforcement. It is imperative that cooperation extends to the interpretation of data protection provisions. In particular, businesses need much greater clarity on some of more newly introduced concepts, like data portability, data breach notification and privacy-by-design.

In Spain, data protection authority the Agencia española de protección de datos (AEPD) has published a number of guidelines for businesses to help them comply with their legal obligations, but there is a demand for even greater certainty.

The close interaction between data protection, competition and consumer regulations in this digital age means regulators responsible for regulating each area must coordinate with one another regularly to ensure consumers are fully protected from harm and can benefit from competition and innovation in digital markets.

Personal data is increasingly important to businesses, and authorities need to ensure that there is fair competition in the market while guaranteeing the protection of individuals' privacy.