An annual exchange between 80 countries on privacy protection
The Global Privacy Assembly (or Global Privacy Assembly – GPA) is a forum for global discussion, bringing together more than 80 countries on issues of common concern related to privacy.
On the occasion of his 44the annual meetingorganized from 25th to 28th October 2022 in Turkey, the GPA mainly accepted two important resolutions one about cybersecurity, the other about facial recognition. The CNIL actively contributed to this work and was co-author of these two resolutions.
The resolutions adopted
Capacity building for international cooperation in cybersecurity
This resolution aims to improve cybersecurity regulations and understanding of the damage caused by cyber incidents.
In particular, opportunities for international collaboration, knowledge and information sharing, including technical expertise and best practices, between GPA members will be explored to facilitate investigations and regulatory activities related to cybersecurity and privacy issues. A dedicated working group will propose exploratory work on this topic before autumn 2023.
Principles and expectations of facial recognition
In this resolution, the GPA recognizes the need have clear global standards for facial recognitiongiven the challenges to data protection and individual privacy.
To that extent it agreed six main principles and expectations towards organizations using such devices:
- define a clear legal basis;
- Ensuring appropriate, necessary and proportionate use of the personal data collected;
- protecting the fundamental rights of individuals, including their privacy;
- ensure transparency;
- define accountability mechanisms;
- respect the principles of data protection.
International convergence on digital education for young people
In addition, the GPA carried out work on digital education piloted by the CNIL. On this occasion, the dissemination of educational programs, actions and awareness campaigns, as well as the creation of a multitude of resources for children, teachers, educators and parents, witnessing the strong mobilization of the protection authorities were welcomed around the world.
Playful videos, comics, online tests or interactive games to attract the attention of young and adolescent viewers are increasingly being produced by the authorities, with child-specific images, iconography and vocabularies adapted to each stage of their development and maturity .
The Digital Education Working Group Action Plan 2022-2023, adopted by the World Assembly on Surrogacy, calls for the implementation of multi-stakeholder strategies and collaborations with data protection authorities to ensure the effective exercise of young people’s rights.
The Rise of Data Protection Authorities in Artificial Intelligence
Finally, the CNIL presented the first results of a survey on the competence and expertise of data protection authorities in dealing with artificial intelligence issues. These initial results will be further developed to provide useful recommendations for data protection authorities and to help them grasp this structuring issue for their future.
In 2023, the GPA Artificial Intelligence Working Group will also continue its work on addressing the risks to rights and freedoms posed by AI and the use of AI in the recruitment industry, and will follow up and promote the facial recognition resolution to stakeholders.