The Global Privacy Assembly, the worldwide conference of privacy commissioners, met this week to pursue a strategic plan, to address the challenges of the pandemic, and to adopt resolutions on emerging privacy issues. The Assembly is chaired by Elizabeth Denham, the UK Information Commissioner. In opening remarks, Denham spoke of the challenges of the past year and the creation of the COV-19 Task Force. She emphasized “Continued modernization. Collaboration. Community.”
The strategic planning sessions highlighted three goals: (1) advancing global privacy in the digital age, (2) maximizing the Assembly’s voice and influence, and (3) capacity building. Subsequent sessions reviewed the work of the GPA Task Force on COVID-19. Ada Chung, the Privacy Commissioner for Hong Kong, reported that data protection agencies have similar best practices for the pandemic, including privacy impact assessments, data minimization, and transparency. She said, “This indicates that GPA members worldwide share the same values and principles in personal data processing, which is encouraging.” A Resolution on Data Protection and COVID called upon those involved in contact tracing “to take a data protection and privacy by design approach when designing these measures and to recognise the pivotal role privacy and data protection play in promoting public trust.”
The Assembly adopted a significant Resolution on Accountability and AI that urged organizations deploying AI systems to implement accountability measures, including a human rights impact assessment. The Privacy Assembly also urged governments to make changes to data protection law “to make clear the legal obligations regarding accountability in the development and use of AI.” The GPA AI Accountability Resolution builds on the 2018 Declaration on Ethics and Data Protection in Artificial Intelligence as well as a recent GPA survey that identified accountability measures that are “very important or important for either AI developers or AI users.”
The Global Privacy Assembly also adopted a Resolution on Facial Recognition Technology. The Resolution reiterated several key principles for data protection, such as fairness and transparency, but stopped short of endorsing a formal ban which had been urged by many human rights advocates at the 2019 conference in Tirana. More than 100 organizations and 1,200 experts recommended that “countries suspend the further deployment of facial recognition technology for mass surveillance” and “establish the legal rules, technical standards, and ethical guidelines necessary to safeguard fundamental rights and comply with legal obligations before further deployment of this technology occurs.” The Assembly said it would consider the “circumstances when facial recognition technology poses the greatest risk to data protection and privacy rights,” and develop a set of principles that could be adopted at the next conference.
Civil society has traditionally had a strong presence at the international meeting of the privacy commissioners. However, there was little participation by civil society this year. The European consumer organization, BEUC, was the only organization granted observer status.
The next conference of the Global Privacy Assembly will be held in Mexico in 2021.
Marc Rotenberg, Director
Center for AI and Digital Policy at Michael Dukakis Institute
The Center for AI and Digital Policy, founded in 2020, advises governments on technology policy