Data Protection Day, also known as Data Privacy Day outside of Europe, is held on 28 January each year on the anniversary for when the Council of Europe's Convention of Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention 108'), the first legally binding international treaty for privacy and data protection, was opened for signature. Various data protection authorities and public authorities have been releasing statements to help raise awareness and to celebrate the protection of personal data. We have also released a number of resources to help you celebrate the day, which you can access here.

For further information about Convention 108 and its signatories, you can read related news stories here and Insight articles here. Last year, OneTrust DataGuidance published an Insight article explaining why we celebrate Convention 108: International: Origins of Data Protection Day – Convention 108.

This year, to mark Data Privacy Day, OneTrust DataGuidance has published an Insight article providing a short history of the right to privacy: International: The evolution of the right to privacy and data protection. 

From the Team at OneTrust DataGuidance, we would like to wish you all a happy Data Privacy Day!

Statements

Council of Europe

The Council of Europe celebrated Data Protection Day 2023 by reflecting on data protection related developments from 2022. 

You can access the dedicated page here.

EU

EDPB

The European Data Protection Board ('EDPB') published, on 27 January 2023, a video on the occasion of Data Protection Day, inviting the public to take a look back at the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') enforcement over the last few years and explore how the EDPB helps all European data protection authorities act as one to safeguard individuals' rights.

You can read the statement and watch the video here.

ENISA

The European Union Agency for Cybersecurity ('ENISA') announced, on 27 January 2023, the publication of its report 'Engineering Personal Data Sharing' to celebrate Data Protection Day. In particular, ENISA noted that the report addresses how cybersecurity technologies and techniques can support the implementation of the principles under the GDPR when sharing personal data.

More specifially, the report attempts to look closer at use cases relating to personal data sharing, with a specific focus on the health sector, and discusses how specific technologies and considerations of implementation can support the meeting of specific data protection. Further, the report demonstrates how to engineer specific technologies and techniques in order to enable privacy preserving data sharing.

You can read the press release here and the report here.

EDPS

The European Data Protection Supervisor ('EDPS') published, on 26 January 2023, a factsheet on data subjects' rights, to mark Data Protection Day 2023. Moreover, the EDPB published, on 27 January 2023, additional resources on the Data Protection Day, including a video.

You can read the factsheet here and watch the video here.

France

The French data protection authority ('CNIL') published, on 28 January 2023, via LinkedIn, a video summarising the application of the GDPR and the manner in which the EDPB aids supervisory authorities to act in harmony in order to guarantee the protection of data subject rights.

You can read the post, only available in French, here.

Albania

The Information and Data Protection Commissioner ('IDP') announced, on 28 January 2023,  the publication of an awareness-raising video, which was distributed to the central public authorities to be published on their official websites, as well as to public and private media subjects to be broadcast on audiovisual channels.

You can read the post, only available in Albanian, here.

Denmark

The Danish data protection authority ('Datatilsynet') announced, on 28 January 2023, that it had launched a new campaign focused on the GDPR's utility for citizens. In particular, the Datatilsynet stated that in its new campaign, it addresses citizens directly with the message of what GDPR can do for them, highlighting that the GDPR aims to ensure that citizens' private information is properly looked after when entrusted to private and public bodies. 

You can read the press release, only available in Danish, here. 

Kenya

The Office of the Data Protection Commission ('ODPC') announced, on 28 January 2023, via Twitter, that the President of Kenya, Dr William Samoei Ruto, affirmed Kenya's commitment to the signing, ratification, and accession of the African Union Convention on Cyber Security and Personal Data Protection ('the Malabo Convention') in his speech during the Data Privacy Day 2023 commemoration conference. 

You can read the post here. 

Estonia

The Data Protection Inspectorate ('DPI') held, on 25 January 2023, a webinar to celebrate Data Protection Day, which focused on data protection in the employment sector, specifically looking at protecting employees' personal data throughout the life cycle of the employment relationship.

You can read the announcement and watch the webinar, only available in Estonian, here.

Montenegro

The Agency for Personal Data Protection and Free Access to Information ('AZLP') issued, on 26 January 2023, a statement on Data Protection Day, highlighting, among other things, its objective of harmonising the data protection framework in Montenegro with the legal acquis of the European Union.

You can read the statement, only available in Bosnian, here.

Turkey

The Personal Data Protection Authority ('KVKK') celebrated Data Protection Day 2023 by reflecting on data protection related developments from 2022. In particular, the president of the KVKK, Faruk Bilir, noted that the KVKK "[…] continues its efforts to ensure that the right to protect personal data can continue to exist as an effective remedy". He noted that it was announced on the website of the [KVKK], that 911 legal opinions were given on matters falling within the scope of the [KVKK], and that 5 undertakings with sufficient qualifications for the transfer of personal data abroad were approved by the Board.

You can read the press release, only available in Turkish, here.

Slovakia

The Office for the Protection of Personal Data for the Slovak Republic ('ÚOOÚ') issued, on 27 January 2023, a statement to mark Data Protection Day 2023 together with a presentation with educational content on the topic of safety of children and teenagers on the internet. In particular, the ÚOOÚ highlighted that its aim, among other things, is to develop an initiative towards the protection of personal data of young people in the digital space.

You can read the press release here and the presentation here, both only available in Slovak.

Argentina

The Argentinian data protection authority ('AAIP') issued, on 28 January 2023, a statement to mark Data Protection Day 2023. In particular, the AAIP reminded of the following data subject rights:

• right to request information;
• right of access; and
• right to update, rectify, or delete personal data.

You can read the statement, only available in Spanish, here.

Bulgaria

The Commission for Personal Data Protection ('CPDP') issued, on 27 January 2023, a statement to mark Data Protection Day 2023. In particular, the CPDP detailed that it had published information material to mark the occasion, sharing good practices from its supervisory activity.

You can read the statement here and the information material here, both only available in Bulgarian.

Georgia

The Personal Data Protection Service ('PDPS') announced, on 28 January 2023, an open lesson to the children on the importance of personal data protection to celebrate Data Protection Day.

You can read the announcement, only available in Georgian, here.

British Columbia

The Office of the Information and Privacy Commissioner for British Columbia ('OIPC') released, on 27 January 2023, a statement to mark Data Protection Day on the importance of protecting our personal information online, recommending that we keep privacy at the forefront when providing our personal information, but, crucially, that organisations comply with their legal obligations to protect the personal information they collect, use and disclose.

You can read the statement here.

Sweden 

The Swedish Authority for Privacy Protection ('IMY') published, on 27 January 2023, a report on Data Protection in Practice. In particular, the IMY highlighted that the report shows only 4 out of 10 data protection officers ('DPOs') who responded to a survey believe their own organisations work continuously and systematically with data protection issues. 

You can read the announcement here and the report here, both only available in Swedish. 

Brazil

The Brazilian data protection authority's ('ANPD') released, on 28 January 2023, a statement celebrating International Data Protection Day. In particular, the ANPD highlighted the importance of the fundamental right to the protection of personal data and fostering a culture of personal data protection in Brazil and globally. Furthermore, the ANPD noted that data protection day provides an opportunity to promote awareness within the scope of public institutions and the private sector to alert and make citizens aware of the full enjoyment of their fundamental right to the protection of personal data.

You can read the press release, only available in Portuguese, here.

Portugal

The Portuguese data protection authority ('CNPD') published, on 27 January 2023, a statement celebrating Data Protection Day, encouraging citizens to look at existing digital alternatives and selecting options which most value their privacy.

You can read the press release, only available in Portuguese, here.