FB pixel

Privacy professionals compare how shifting data protection laws are addressed

Discussion at PrivacyNama conference highlights common priorities, different approaches
Privacy professionals compare how shifting data protection laws are addressed
 

In a world of endless biometric data, what can a data commissioner do? A virtual panel convened for the 2023 edition of PrivacyNama, a conference focused on rulemaking around India’s new Digital Personal Data Protection Act, offers insights into some of the key concerns facing data privacy officials around the globe.

“It’s a very exciting and dynamic time to be having this conversation,” says Malavika Raghavan, a senior fellow at the Future of Privacy Forum, who hosts co-panelists Junichi Ishii of Japan’s Personal Information Protection Commission and Valborg Steingrímsdóttir from Persónuvernd, the Icelandic Data Protection Authority. Raghavan points to the long-awaited passage of the Digital Personal Data Protection Act in September 2023 as a turning point in digital governance for India, where questions around data security have nagged at the Aadhaar national ID program. (Parallel questions have arisen around the data protection law.)

Valborg Steingrímsdóttir identifies the duties of Persónuvernd as being twofold: “On the one hand, we have to carry out supervision – or surveillance,” she says. “We resolve disputes regarding data protection, and we also examine, for instance, data breach notifications. On the other hand, we have a supporting role: we must provide other government entities with guidance, education, opinions, and so forth.”

Junichi Ishii says Japan’s Personal Information Protection Commission (PPC) was established in 2016 as a way to centralize the previous system of multiple supervisory schemes, which he calls “overcomplicated.” The commission covers both private and public sector entities in monitoring and handling personal information, and enforcing the law.

He notes a key difference between Japan’s system and the EU: the PPC has an additional office that is focused on policy making and reform, rather than strict regulation. In other words, they can make rules as well as enforce them, as long as they follow established law. Raghavan points out that India’s scheme is limited to enforcement and compliance, with policy and rules set by central government ministries.

Regulators say independence is a key piece

In response to a question about the best advice for regulators and rulemakers navigating a new law, Steingrímsdóttir again underlined the importance of being an independent supervising authority, not subject to the orders of external ministries.

“I think it’s very important that the data protection authorities are independent, even if it’s within the government.” She also mentions enhanced cooperation with other European countries since the implementation of the EU General Data Protection Regulation (GDPR), the benefit of shared knowledge in addressing domestic issues, and how Iceland’s centralized data model plays a role in effective regulation.

Ishii agrees that independent oversight is important, as is simplicity. “The rules and regulations should be as simple as possible, for the sake of compliance,” he says, pointing out that the dual regulatory-legislative model means there can be a lot for people and businesses to take in.

The issue of cross-border data transfer is also salient to the discussion, as a factor that brings additional layers of requirements in terms of safeguarding personal data. Iceland is bound by the European Commission as to which countries are considered safe for data transfer, and has a seat in the European privacy and data protection council, which advises on the matter.  Steingrímsdóttir, however, acknowledges the wisdom of establishing broad principles and guidelines, to make different scenarios of international data transfer less complex, which can then be broken down domestically into more nuanced regulations based on context.

Ishii also says cooperation with foreign counterparts, to understand other legislative systems and philosophies, is essential.

Focus areas include youth, healthcare, social media

Children’s data, health data and social media regulation around the issue of election advertising are on the radar in each nation represented on the panel. Steingrímsdóttir explains that the Data Protection Authority of Iceland monitors alerts and complaints and data breach notifications to prioritize issues that need attention, and seeks to accumulate a certain threshold of data on which to base its decisions. In Japan, by contrast, priorities are coded in law, but also take formal inquiries into account.

In much the same way that the values established for digital ID frameworks vary from region to region, data privacy regulation has no standard approach. Managing it from a global perspective remains an ongoing conversation.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Cameroon ends 2024 biometric voter registration drive with 755k new enrollments

The Director General in charge of Elections at Cameroon’s elections management agency (ELECAM), Dr Erik Essousse, says 755,085 new potential…

 

Malaysia completes biometric border clearance pilot at Singapore border

Authorities in the Malaysian state of Johor say plans are being finalized for the implementation of a biometric border clearance…

 

New Burkina Faso biometric passport further cements ECOWAS departure

The government of Burkina Faso has unveiled a new generation biometric passport in a move that highlights the countries unwillingness…

 

India to digitize the agricultural sector through unique digital farmer ID

India’s Finance Minister Nirmala Sitharaman announced the implementation of DPI for agriculture in the Union Budget 2024-25. The approved Digital…

 

Protean acknowledged for leadership in digital public infrastructure

Protean Tech has been recognized for its contributions to the digital public infrastructure (DPI) sector at the 2024 Global Fintech…

 

Federal law enforcement must now conduct transparent, standardized AI field testing

A White House advisory panel voted to approve a 24-page report that sets forth specific actions that all federal law…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

DIGITAL ID for ALL NEWS

Featured Company

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS