christopher docksey - global privacy...
TRANSCRIPT
![Page 1: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/1.jpg)
Christopher DockseyHon. Director General, EDPSGuernsey Data Protection Authority
#ICDPPC2019
![Page 2: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/2.jpg)
The ICDPPC and Accountability
#ICDPPC2019
The responsible person shall:• Take all the necessary measures to observe the principles and
obligations set out in this Document …, and• Have the necessary internal mechanisms in place for
demonstrating such observance both to data subjects and to the supervisory authorities
Madrid Resolution on International Standards for the Protection of Privacy6 November 2009, Article 11
![Page 3: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/3.jpg)
#ICDPPC2019
![Page 4: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/4.jpg)
Rechenschaftspflicht – rozliczalność - responsabilité
la responsabilidad proactiva y demostrada
Actively developing compliance and being ableto demonstrate compliance
“A rose by any other name would smell as sweet”
The Meaning of Accountability
#ICDPPC2019
![Page 5: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/5.jpg)
Accountability across the world
#ICDPPC2019
1980 2000 2005 2013 2014 2015 2016 2017 2018 20192009 2010 2011 2012
Guidelines on the Protection of Privacy
and Transborder Flows of Personal
DataAPEC Privacy Framework
PIPEDA Schedule 14.1Principle 1 :
Accountability
WP29 Opinion 3/2010 on
Accountability
EU: General Data
Protection Regulation
Brazil: General Data
Protection Law
Colombia: Guide for the
Implementation of Accountability in Organisations
Australia: Privacy
Management Framework
Philippines Privacy
Accountability and Compliance
Framework
Singapore PDPC
Based on diagram by Maastricht University
Hong Kong:Privacy
Management Program Best Practice Guide
Canada: Getting Accountability Right With a
Privacy Management
Program
The Madrid Resolution
Global Accountability Dialogue
Mexico: Law 2010, Regulations 2011
OECD Revised Guidelines
Convention 108+
Guernsey: Data Protection Law
![Page 6: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/6.jpg)
• accountability is a global standard• both law and guidance are required
• GPEN 2018 Data Sweep• IAPP / EY 2018 Report
• the solution, not the problem
Accountability as the solution
#ICDPPC2019
![Page 7: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/7.jpg)
Accountability as a toolbox
#ICDPPC2019
• Privacy by design and privacy by default• Records of processing activities• Security measures and• data breach notification procedures• DPO – privacy officer• DPIA – privacy impact assessment• Codes of conduct• Certification
![Page 8: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/8.jpg)
The “Aha!” Moment
#ICDPPC2019
A philosophy of being a responsible and ethical steward of personal information
![Page 9: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/9.jpg)
Accountability in action
#ICDPPC2019
“the first among the principles because it is the means by which organisations are
expected to give life to the rest”.
•Organisational commitment•Privacy Management Program•DPO – privacy officer• Transparency – to individuals,
regulators and the public
![Page 10: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/10.jpg)
Why accountability: advantages for regulators
#ICDPPC2019
• Satisfies due diligence, enables prioritisation• Minimises over-reporting• Provides a bridge between jurisdictions
• Means leadership, support and guidance, in addition to enforcement
![Page 11: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/11.jpg)
Why accountability: advantages for organisations
#ICDPPC2019
• Preparation for the known unknowns• Ready for the regulator• Reputation and competitive advantage• Methodology for dealing with AI
![Page 12: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/12.jpg)
“Whatever can go wrong will go wrong”
• Fail to plan, plan to fail• Fines support accountability• Enforced accountability• Damage to reputation, damage to business
Accountability when things go wrong
#ICDPPC2019
![Page 13: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/13.jpg)
• “Privacy has a cost” – US Supreme Court• “Privacy is the constitutional core of human
dignity” – Indian Supreme Court• “Effective and complete protection” - CJEU• by way of “high levels of accountability” in
view of the “central theme” of accountability
Accountability and the courts
#ICDPPC2019
![Page 14: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/14.jpg)
• Accountability is world-wide• “Crucial, crucial” for data protection• Proactive and demonstrable responsibility
woven into the cultural and business fabric of organisations
• Regulators must explain and enforce• Leads to the flowering of Accountability 2.0
Conclusions
#ICDPPC2019
![Page 15: Christopher Docksey - Global Privacy Assemblyglobalprivacyassembly.org/wp-content/uploads/2019/... · WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation](https://reader033.vdocuments.us/reader033/viewer/2022050405/5f828893096abf47503aa7cb/html5/thumbnails/15.jpg)
“Not everything that is legallycompliant and technically
feasible is morally sustainable”- Giovanni Buttarelli
1957 - 2019
#ICDPPC2019