Last month, Achieved Compliance attended the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong, hosted the event, which was attended by over 3,000 data protection authorities, privacy professionals, industry representatives and non-governmental organizations.

The Commissioners’ Conference convenes annually and offers one of the best opportunities to learn not only about the current state of data protection law, but to understand what is top-of-mind for regulators and what new challenges they see on the horizon. Among its goals is to promote and enhance personal data protection and privacy rights around the world, and to provide a forum that encourages dialogue, cooperation and information sharing. The theme of the conference this year was “Connecting West with East in Protecting and Respecting Data Privacy,” and several times conference discussion highlighted efforts to harmonize approaches to data protection across the globe to streamline requirements and enhance effectiveness of the laws and regulations.

Each year, data protection and privacy commissioners meet in a closed-door session and develop resolutions that highlight areas of concern and signal where authorities will likely turn their attention. This year’s resolutions centered on the following:

Data protection and privacy issues raised by automated and connected vehicles: The resolution called upon standards bodies, public authorities, vehicle and equipment manufacturers, personal transportation services and car rental providers, and providers of data driven devices such as speech recognition or remote maintenance, to take into account the rights of users to data protection at every stage of the creation and development of new devices or services.
Collaboration between Data Protection Authorities and Consumer Protection Authorities for Better Protection of Citizens and Consumers in the Digital Economy: The resolution establishes a Digital Citizen and Consumer Working Group to find ways to improve collaboration at the international level between Data Protection Authorities and Consumer Protection Authorities, with the goal of providing better protection of citizens and consumers in the digital economy. The Working Group is instructed to review and analyze existing legal instruments to see how they can be used to enhance this cooperation and, if necessary, identify instances where these can be improved to further this goal. This working group will report on their findings at the Commissioners’ Conference in 2018.
Options for International Enforcement Cooperation: The conference resolved to encourage efforts to build on previous efforts and bring about even more effective cooperation in cross-border enforcement in cases of violation of data protection law. It highlighted legal instruments designed to foster this cooperation, encouraging countries to adapt them to their needs. It also mandated work by conference committees to explore existing and possible additional initiatives and tools available for privacy enforcement cooperation, and the creation of a working group to explore the feasibility of a framework that would broaden cooperation of privacy enforcement.

The topics covered in the official conference sessions were wide ranging. Of particular interest was “Accountability as the Basis for Governance When Consent Is Not Enough.” This session addressed timely questions related to traditional notice and consent, and how accountability can support lawful data processing and responsible data governance.

In addition to the conference sessions, privacy organizations convened official “side events.” These highlighted issues of particular concern for policymakers and practitioners. Achieved Compliance participated in several, most notably a round table hosted by the Centre for Information Policy Leadership (a Washington DC and London-based think tank and policy development organization focused on privacy and information policy issues) and Citibank on the EU General Data Protection Regulation (GDPR) and the APEC Cross-Border Privacy Rules (CBPR) system – a framework for transfer of data throughout the Asia Pacific region. The round table convened representatives of industry and the European Commission to discuss key issues and exchange views on topical APEC CBPR concerns. These ranged from updates on implementation to movement toward interoperability between EU transfer mechanisms and APEC that would ease the burden on businesses and streamline data transfers worldwide.

Also of interest was an event hosted by the International Association of Privacy Professionals, which considered the critical and expanding role of the privacy and data protection officer. Discussion centered on the skills necessary to perform privacy jobs and what kind of training is appropriate for the role as it exists in different organizations.

The 40th International Conference of Data Protection and Privacy Commissioners will be held in Brussels, Belgium in October 2018.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact