Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues.

The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation and differing cultural and political frameworks.

The Resolutions

The conference adopted the following “Resolutions”:

  • International Competency Framework on Privacy Education
  • Developing new metrics of data protection regulation
  • Human Rights Defenders
  • International enforcement cooperation

Each of the Resolutions promotes effective cooperation between the DPAs. A notable example was the resolution on international enforcement cooperation. Although it had been recognised that over the last decade “great strides” had been made to forge new connections and share knowledge, there was a need for more ways to cooperate. As a result, the following solutions were agreed at the conference:

  • New working group: to bring about more effective cooperation in cross-border investigation and enforcement. The new working group would facilitate greater enforcement cooperation between the conference members and report on its work at the 39th International Conference.
  • Nominating leader participant authorities: the nomination of leader participant authorities in each of the global regions to serve as a point of contact for promoting International Conference members’ participation in the Global Cross Border Enforcement Cooperation Arrangement.
  • Linking with Global Privacy Enforcement Network (“GPEN”): the Executive Committee of International Conference of Data Protection and Privacy Commissioners were called upon to have further discussions with GPEN and other relevant networks with the aim of creating practical projects to coordinate global enforcement cooperation.


With some of the topics focussing on the implications for artificial intelligence, machine learning and robotics, the European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, subsequently commented on this conference as being one of the “most forward-looking” he had ever seen.

Big data, profiling and automated decision making are key themes arising from the development of new technologies and have an impact on an individual’s right to privacy. From these discussions, it was made clear that being transparent to individuals about the use of their data in machine learning and big data scenarios is essential.

In the new digital world, the EDPS encouraged the increase of free data flows, but stressed that an individual’s right to privacy must be respected and should be integral to the development of new technologies. To summarise, the EDPS gave three key messages:

  1. Respect must be had for an individual’s right to privacy which is “sacrosanct”.
  2. Flows of data should be freed up around the world to ensure everyone is able to enjoy the digital dividend of technological change and globalization.
  3. There is the need for a common framework of reference for ethics in the new digital age and which requires a new global political consensus on the principles of data processing.

In light of the Resolutions, it will be interesting to see what developments are reported at the next annual conference. The 39th International Privacy Conference will be held in Hong Kong on 25-29 September 2017.