In June 2007, members of the OECD adopted a Recommendation on Cross-border Cooperation in the Enforcement of Laws Protecting Privacy. This Recommendation required member countries to foster the establishment of an informal network of Privacy Enforcement Authorities (PEAs). This network of authorities would be responsible for the following activities:
- Discuss practical aspects of privacy law enforcement cooperation
- Share best practices in addressing cross-border challenges
- Work to develop shared enforcement priorities
- Support joint enforcement initiatives and awareness campaigns
Forming the Network
In October 2010, thirteen PEAs came together to form the Global Privacy Enforcement Network (GPEN) to aid cross-border cooperation. These countries included: Canada, US, France, New Zealand, Israel, Italy Australia, Ireland, Spain, the UK, the Netherlands and Germany. The GPEN is responsible for enforcing laws and investigations to protect personal data and encourages its members to develop shared enforcement policies and support joint enforcement initiatives.
Upon announcement of the new network, Marie Shroff, New Zealand Privacy Commissioner commented,
“The challenges in obtaining redress for consumers whose privacy has been compromised in today’s digital environment can be daunting. GPEN is part of a collective effort to provide more effective cross-border enforcement and complaints resolution. This is as relevant for a small economy in the South Pacific as it is for Europe and North America. And New Zealand is pleased to play its part.”
Mission & Committee
According to its statement of mission:
GPEN connects privacy enforcement authorities from around the world to promote and support cooperation in cross-border enforcement of laws protecting privacy.
It primarily seeks to promote cooperation by:
- Exchanging information about relevant issues, trends and experiences;
- Encouraging training opportunities and sharing of enforcement know-how, expertise and good practice;
- Promoting dialogue with organizations having a role in privacy enforcement;
- Creating, maintaining and supporting processes or mechanisms useful to bilateral or multilateral cooperation; and
- Undertaking or supporting specific activities
The GPEN Committee is made up of a four to five person committee to perform the following tasks:
- Process applications from authorities wishing to participate in GPEN and make recommendations for membership to participating authorities.
- Activate user accounts for access to GPEN website.
- Edit public pages of website.
- Facilitate arrangements from GPEN teleconferences and meetings.
- Liaise with OECD Secretariat over administration of website.
In general, the GPEN Committee performs functions that support the network’s mission.
This article introduces the Global Privacy Enforcement Network (GPEN), an international group of privacy enforcement officials who have come together to aid information sharing efforts and provide international support of global privacy issues. The GPEN was established in 2010, as a result of an OECD recommendation published in 2007.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Cross-border enforcement issues – GPEN (I.B.g.)