Data Protection for Organisations
International Cooperation
As part of its mandate, the Office of the Information and Data Protection Commissioner (IDPC) participates as active and contributing member to European and international networks, conferences and working groups. Attendance to these fora ensures that the IDPC maintains the highest standards in executing its tasks as data protection regulator in Malta.
In addition to this, the IDPC promotes mechanisms such as memoranda of understanding with the aim of furthering international cooperation and international mutual assistance in the enforcement of legislation for the protection of personal data. By establishing these structures, the IDPC streamlines the exchange of documentation about personal data protection legislation and practice, including on jurisdictional conflicts with third countries.
The international and European networks to which the IDPC takes part and the bilateral instruments entered into by the IDPC are listed here below.
Global Privacy Assembly
The recently renamed “Global Privacy Assembly” or “GPA” (formerly the “International Conference of Data Protection and Privacy Commissioners”) first met in 1979. The GPA has grown exponentially throughout the years to become a forum which gathers more than a hundred data protection and privacy authorities across the globe. The IDPC has been accredited as a member of this group since 2003. Since then, the IDPC has participated with great interest in the events organised by the assembly, considering them a high calibre and fruitful forum to monitor the development and evolution of data protection and privacy law from a truly international perspective.
More information on the GPA may be accessed on the following link:
https://globalprivacyassembly.org/
Common Thread Network
The Common Thread Network (“CTN”) is a forum aimed at bringing together the data protection and privacy authorities of Commonwealth countries, with representation from Europe, Africa, Asia, the Pacific, the Americas and the Caribbean. In so doing, it facilitates cross-border cooperation and building capacity by sharing knowledge on emerging trends, regulatory changes and best practices for effective data protection.
More information on the CTN may be accessed on the following link:
https://www.commonthreadnetwork.org/
Global Privacy Enforcement Network
The IDPC is part of the Global Privacy Enforcement Network (“GPEN”) since 2015. The GPEN is a network intended to foster cross border cooperation among privacy and data protection authorities. By virtue of a Recommendation adopted in June 2007 by OECD Governments, member countries were mandated to develop an informal network for the specific purpose of exchanging information and discuss practical aspects of enforcement cooperation through a dedicated online platform. In June 2012, the GPEN Action Plan was adopted.
More information on the GPEN may be accessed on the following link:
https://www.privacyenforcement.net/
British, Irish and Islands’ Data Protection Authorities
The British, Irish and Islands’ Data Protection Authorities (“BIIDPA”) is an informal meeting held on an annual basis where the organisation is volunteered by one of the respective participants, being Bermuda, Cayman Islands, the Republic of Cyprus, Gibraltar, Guernsey, the Republic of Ireland, Isle of Man, Jersey, Malta and the United Kingdom. Discussions at these meetings are informal in nature and provide the right platform for the exchange of useful information to ensure a consistent approach to the treatment of issues which are of common interest. The Commissioner actively participates to the BIIDPA meetings.
International Working Group on Data Protection in Telecommunications (Berlin Group)
The International Working Group on Data Protection in Telecommunications (IWGDPT), also informally referred to as the Berlin Group, was established in 1983 on the initiative of a number of national data protection authorities in the world. The secretariat has since then been provided by the data protection authority of Berlin (Berliner Datenschutz-beauftragter). Membership in the Group is not limited to national data protection authorities, but it extends also to representatives from the private and NGO sectors. Over the last years, the Group has focused on data protection and privacy related issues of information technology in the wide sense, with a special focus on Internet-related developments.
More information on the Berlin Group may be accessed on the following link (in German):
https://www.datenschutz-berlin.de/datenschutz/gremien/berlin-group
Spring Conference of the European Data Protection authorities
Started back in the 90’s, the Conference of European Data Protection Authorities, also known as the “Spring Conference” given that it is generally held during Spring, was formed with the aim of bringing together the data protection authorities of Europe and other intergovernmental organisations to address practical issues of common interest in relation with the rights to privacy and data protection. With the passing years, and with the evolution of the data protection legislative framework in Europe, the mandate of the Spring Conference has been progressively extended to include matters of more operational nature, such as cooperation between authorities in cross-border cases. The IDPC is a permanent member of the Spring Conference and considers this meeting as an important platform to exchange information, expertise and good practices in the context of debating key data protection matters.
More information about the past editions of the Spring Conference, including copies of the resolutions issued by the group, may be accessed on the following link:
https://edps.europa.eu/european-conferences_en
Council of Europe Consultative Committee
The Republic of Malta is a party to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention ETS no. 108) and a member of the consultative committee (T-PD) set up in terms of Chapter V of the Convention. The T-PD is responsible inter alia for making proposals to facilitate or improve the application of the Convention, and suggest amendments to the same Convention. The IDPC attends the plenary sessions which are held twice a year in Strasbourg.
More information about the T-PD may be accessed on the following link:
https://www.coe.int/en/web/data-protection/consultative-committee-tpd
Coordinated Supervision Committee
Established within the framework of the EDPB and composed of representatives of the national data protection authorities of each EU Member State and the EDPS, as well as of national data protection authorities of non-EU Members of the Schengen Area when foreseen under EU law, the Coordinated Supervision Committee (“CSC”) is tasked with ensuring coordinated supervision of large-scale IT systems and of EU bodies, offices, and agencies. Other functions include exchanging relevant information, assisting supervisory authorities in carrying out audits and inspections and identifying any of their difficulties, as well as examining difficulties of interpretation or application of the EU legal act, drawing up harmonised proposals for solutions to problems, promoting awareness of data protection rights.
More information about the CSC may be accessed on the following link:
https://edpb.europa.eu/csc/about-csc/who-we-are-coordinated-supervision-committee_en
Customs Information System Supervision Coordination Group
The Customs Information System (“CIS”) is a computer system centralizing customs information aiming at preventing, investigating and prosecuting breaches of EU customs or agricultural legislation. The CIS is composed of a central database accessible through terminals in each Member State. The data entered in the CIS relate to goods, means of transport, businesses and people associated to such breaches. They also relate to trends in fraud, available competencies, goods detained, seized or confiscated and cash detained, seized or confiscated. The Customs Information System Supervision Coordination Group (CIS SCG) is set up by Regulation (EC) No 766/2008 to ensure a coordinated supervision in the area of personal data protection of the CIS information system. The CIS SCG consists of representatives of the national supervisory authorities of the Member States responsible for data protection, including the IDPC, and the EDPS.
Eurodac Supervision Coordination Group
The Eurodac is an EU fingerprint database established in 2013 for the purposes of identifying asylum seekers and irregular border-crossers. It facilitates the judicious and transparent receipt and processing of asylum applications from those who may need the protection afforded by Europe. It also helps Member States to determine responsibility for examining an asylum application by comparing fingerprint datasets. In order to ensure supervision coordination for Eurodac, representatives of the national data protection authorities, including the IDPC, and the EDPS meet usually twice a year.
Europol Cooperation Board
In line with Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 (the Europol Regulation), the EDPS has the task to supervise the lawfulness of personal data processing by Europol since 1 May 2017. Following the entry into force of the new Europol Regulation, the EDPS has taken over the supervision of Europol’s processing activities, whereas the Europol Cooperation Board (ECB) has been set up in order to facilitate the cooperation between the national supervisory authorities and the EDPS on issues requiring national involvement, thus keeping the legacy created by the former supervision structure operating under the Joint Supervisory Body (JSB) of Europol.
Schengen Information System II Supervision Coordination Group
The Schengen Information System II (“SIS II”) is a large-scale IT-system that is set up under Regulation (EC) No 1987/2006 as a compensatory measure for the abolition of internal border controls, the objective of which is to guarantee a high level of safety within an area of freedom, safety and justice of the European Union, through the enforcement of a public order, and safety and safeguarding of the safety on the territory of the member countries, among other things. SIS II is an information system that enables national law enforcement, judicial and administrative authorities to carry out specific tasks by sharing relevant data. The SIS II Supervision Coordination Group (SCG) is a group set up by the SIS II Regulation with the aim of coordinating supervision in the area of personal data protection. The group is made of representatives from the national supervisory authorities that are responsible for data protection, and of the EDPS. The group meets twice a year usually to share experience, discuss issues of interpretation and/ or application of SIS II legal framework and of supervision and, or exercise of rights of data subject, provide assistance in carrying out audits and inspections, and lastly draw up proposals for joint solutions and promote awareness of data protection rights.
Visa Information System Supervision Coordination Group
The Visa Information System (“VIS”) is established under Regulation (EC) 767/2008 for the purpose of facilitating the visa application procedure, prevent visa shopping and fraud, and facilitate border checks as well as identity checks within the territory of the Member States and to contribute to the prevention of threats to the internal security of the Member States. Article 43 of the VIS Regulation lays down the legal basis for cooperation between national supervisory authorities and the EDPS, which cooperation has been formalised under the VIS Supervision Coordination Group, which meets twice a year to allow for cooperation, discuss the new developments in relation to the VIS, and ensure that it maintains adequate levels of effective supervision.
Memorandum of Understanding between the IDPC and the Gibraltar Regulatory Authority
On the margins of the 2022 Global Privacy Assembly held in Istanbul, the IDPC and the Gibraltar Regulatory Authority signed a memorandum of understanding with the aim of enhancing bilateral cooperation. This collaboration caters for the strengthening of the interest of both parties through the implementation of collaboration mechanisms which will allow for the exchange of best practices and mutual assistance.
More information about this memorandum may be accessed on the following link:
https://idpc.org.mt/idpc-publications/idpc-and-gpa-gibraltar-mou/
Cooperation Agreement between the IDPC and Information and Data Protection Commissioner of Albania
On 12th September 2022, the IDPC and the Office of the Information and Data Protection Commissioner signed a cooperation agreement. The goal of this instrument is primarily that of deepening knowledge and experience in personal data protection. In addition, the agreement aims at strengthening bilateral cooperation as regard to cross-border flows of personal data between Albania and Malta, promoting the exchange of information and best practices and cater for the planning of joint activities to increase privacy awareness.
More information about this agreement may be accessed on the following link:
https://idpc.org.mt/idpc-publications/idpc-signs-cooperation-agreement-with-albania-commissioner/
Cooperation Agreement between the IDPC and the National Centre for Personal Data Protection of the Republic of Moldova
On the 18th November 2021, the IDPC and the National Centre for Personal Data Protection of the the Repoublic of Moldova signed a cooperation agreement to foster closer collaboration. The purpose of the cooperation agreement is to exchange of information on enforcement activities, mutual professional development and training, organisation of study visits and workshops.
More information about this agreement may be accessed on the following link:
https://idpc.org.mt/idpc-publications/international-cooperation-malta-moldova-dpas/