The first day of the joint Western Balkans and Eastern Partnership Data Protection Week in Brussels, 9-13 September 2024, started with the Data Protection Academy at the European Commission. The participants of the Data Protection Week are data protection professionals from the Western Balkans and Eastern Partnership, who met again this year in Brussels to continue the multi-partner get-together dedicated to the most recent developments in the field of data protection.

The group was welcomed by Ms. Louisa KINGVALL, the Head of Unit for International Affairs and Data Flows at the Directorate-General for Justice and Consumers, who underlined the importance of this multi-partner approach to the organization of the DP Week and highlighted the relevance of the selected topic to be discussed for the development of international cooperation in the field. Ms. Anu TULUS, the Chair of the European Data Protection Board, welcomed the cohort and emphasized the importance of the wide composition of the group from numerous administrations and several EU institutions for the quality of discussion and exchange. On behalf of the event co-organizers, Mr. Nick THIJS senior expert for improvement in governance and management from SIGMA stressed that the data protection week is a unique opportunity for data protection authorities from the Western Balkans and Eastern Partnership Regions to learn and exchange with each other, but also exchange with key institutions as the European Commission (DG JUST), European Data Protection Board (EDPB), European Data Protection Supervisor (EDPS) and the Council of Europe. Data Protection has become increasingly important in this growing digital era. Therefore, this vast area is also included in the updated Principles of Public Administration via the attention for the legal framework for privacy and cyber security. Mitigating cyber security and privacy risks ensures data protection, particularly personal data protection, and builds public trust by applying prevention frameworks and building sufficient capacities. In addition, Mr. Hrachik YARMALOYAN, Regional Project Manager for the Eastern Partnership, “Eastern Partnership Regional Fund for Public Administration Reform” implemented by GIZ, highlighted that the Data Protection Academy strengthens regional cooperation with Western Balkans and Eastern Partnership. Ms. Tanja MARAŠ, an Expert on Digital Connectivity at RCC, underlined the increased pressure facing the field of data protection. With the data that only 21% of consumers feel confident that their data is used for the right purposes, the importance of continuing to strengthen regional integration and cooperation in all aspects of the digital landscape was highlighted. She emphasized that the success of regional integration is through the Common Regional Market as a crucial gateway for progressive integration into the EU Single Market. Ms. Jelisaveta TASEV, ReSPA Program Manager, emphasized that ReSPA is glad to be able to help bring the professionals in the field of data protection together to help tackle the challenges and respond to fast developments in the area through peer learning, seeing this as a unique event that connects European data protection officers, from the EU and beyond, in this tailor-made exchange week envisioned and developed following their needs. On behalf of the host of this part of the program Ms. Estelle MASSE from DG JUST expressed delight to host a Data Protection Academy for the Western Balkan and Eastern Partnership Region with so many key partners.

The representatives of the Belgian Data Protection Agency discussed the importance of securing the independence of data protection organizations and the challenges faced in this regard, including the issue of staff retention and recruitment, which is essential to be able to keep up with this fast-developing field. Mr. Gwendal le GRAND spoke about the work of the European Data Protection Board through a demonstration of some practical tools used by the board to process and optimize information exchange and audit that can be implemented in the national context. In addition, he presented the challenges concerning emerging technologies and the necessary cooperation between IT specialists and legal and policy development professionals to ensure an adequate level of personal data protection. The participants got to learn about the work of the French Data Protection Authority (CNIL) established in 1978 and its contribution in the EU data protection ecosystem. They engaged in a discussion about the opportunities and challenges of data protection in the digital transformation and emerging technologies era with the representatives of the Dutch Data Protection Agency with a particular focus on using AI in decision-making.  

The second day of the program was dedicated to the implementation and enforcement of the data protection legal framework, especially in the wider legal context and in balance with other legal requirements. The representative of the Belgian Data Protection Authority explained in detail the work of its inspection, which consists of professionals of legal background, IT specialists, and auditors. The importance of the role of data protection officers for the functioning of the personal data protection system was discussed in detail, together with challenges related to sufficient training and allocated funds for these individuals to be able to work at full capacity. The participants got to learn more about the wider context regarding which data protection needs to be considered from Ms Nevena RUŽIĆ a data protection expert. Specifically, the relationship between freedom of information, freedom of expression and data protection was the focus of the discussion. Ms Estelle MASSE from the European Commission elaborated on the data sharing in investigations, prosecution and judicial proceedings in the context of cooperation agreements with EUROPOL and Eurojust. The participants engaged in numerous discussions on these topics complementing the program with examples from their practice comparatively.

The participants were welcomed at the European Data Protection Supervisor’s (EDPS) offices, where they were greeted by Mr Wojciech WIEWIOROWSKI, the European Data Protection Supervisor, who emphasized that this gathering is truly one of a kind considering the importance of international cooperation for further development of data protection. In addition, this is a priority for the EDPS on its path toward ensuring the EU's personal data protection rules and regulations become a global standard in the field. He underlined the importance of the DPA’s Spring Conference as an event that hallmarks the institutional cooperation that is of pivotal importance for the necessary support to strengthen institutions and development. Mr Leonardo CERVERA-NAVAS, the Secretary-General of the EDPS, welcomed the cohort to the Data Protection House, i.e the offices of the European Data Protection Supervisor and the European Data Protection Board (EDPB), calling attention to the role of international cooperation in advancing the field of data protection. Furthermore, he focused on the use of AI and the relationship between the newly adopted EU AI Act and fundamental rights, ethics, safety, and security. In this regard, he recognized governance as the key aspect of maintaining the balance between using emerging technologies and safeguarding personal data. ReSPA director Ms Maja HANDJISKA-TRENDAFILOVA expressed immense appreciation for this learning, networking, and capacity-building initiative for data protection authorities and thanked the various partners for their great contributions. She emphasized that this initiative is enriching on various levels, bringing together two geographically different regions in Europe and the EU representatives and institutions over joint interests and addressing the same dynamic challenges. The fact that this is the second edition of this capacity-building initiative clearly shows its added value and how beneficial it is to regional and international cooperation and strengthened administrative capacities.

The topics of the sessions dealt in more detail with the relationship between the digital rulebook, consisting of DSA, DMA, DGA and Data Act, and data protection and e-privacy. The representative of the EDPS presented the intricacies of the interplay between these EU legal acts, especially bearing in mind that they stipulate different objectives. This complex discussion was followed by the presentation of the investigation policy and methodology of the EDPS complemented by practical examples and case studies. The representative of the Council of Europe presented the legal framework, in particular Conventions 108 and 108+, and the organization's cooperation with partners in the field of data protection. The Council of Europe offers an array of online courses available free of charge with a number of them dedicated to data protection. The program entailed a presentation and interactive discussion on international transfers of data and data flow moderated by Ms Estelle MASSE from the European Commission and Mr Olivier MATTER, Head of International Cooperation, Policy and Consultation Unit at the EDPS. The participants briefly presented their own needs and strategies related to data flows. This discussion was further elaborated by explaining the challenges of international data transfers under the Law Enforcement Directive. The data protection expert from the Council of Europe presented the most up-to-date data protection requirements in relation to the use of biometrics and facial recognition.

The last day of the program is a session between the participants to update on the state of play in their respective countries and nominate some of the areas of interest for future activities. The need for more information on case handling was suggested for future events, and the topics were expanded to refer to privacy issues, including examples of good practice outside Europe, for example, the United States. The upcoming Spring conference was recognized as a significant event for data protection authorities to get together and discuss the developments. It would be useful to map the available aid and funding to support data protection to be aware of the available resources. Similarly, gathering examples of practice and cases that represent milestones in data protection development in the two regions, including court decisions, should be considered when handling cases. The participants learned more about the capacity-building opportunities offered in the field of data protection provided to the regions by EIPA.