Jusletter IT

Improving Co-operation Between Data Protection Authorities: First Lessons from Competition Law

  • Authors: Dariusz Kloza / Anna Mościbroda / Gertjan Boulet
  • Category: Articles
  • Region: Belgium
  • Field of law: Data Protection
  • Collection: Tagungsband-IRIS-2013
  • Citation: Dariusz Kloza / Anna Mościbroda / Gertjan Boulet, Improving Co-operation Between Data Protection Authorities: First Lessons from Competition Law, in: Jusletter IT 20 February 2013
Globalization increases the likelihood of cross-border privacy and data protection cases, thus calling for co-operation amongst data protection authorities (DPAs). This paper provides an overview of the state-of-the-art in such co-operation as well as of proposed European reforms in the field, but also attempts to see whether enforcement co-operation in competition law could provide insight for improving co-operation between DPAs.

Inhaltsverzeichnis

  • 1. Introduction
  • 2. State-of-the-art of existing mechanisms of co-operation
  • 2.1. International level
  • 2.2. Regional level
  • 2.3. Observations
  • 3. Co-operation in the proposed reforms of the EU and the CoE data protection frameworks
  • 3.1. The reform of the EU data protection framework
  • 3.2. The modernization of the Council of Europe
  • 3.3. Observations
  • 4. Enforcement co-operation in competition matters
  • 4.1. Introduction
  • 4.2. International
  • 4.3. European Competition Network (ECN)
  • 4.4. Recent projects relating to enforcement cooperation in competition law
  • 5. Concluding remarks

1.

Introduction ^

[1]
Recent rapid development of information and communications technologies have resulted in the increase of cross-border flows of personal data and, in parallel, in elevating privacy and data protection risks. This requires an adequate response allowing tackling privacy and data protection breaches of a cross-border nature, and hence calls for co-operation amongst data protection authorities (DPAs). Such a need was observed as early as the 2000s, and although some efforts have been undertaken, it still remains one of the weakest links in privacy and data protection governance.
[2]
It is desirable to look at the experience of co-operation in other areas of law. In this paper we attempt to see how the functioning of the co-operation networks in competition law provide insight for improving co-operation between DPAs, in particular in the field of enforcement.
[3]
We start with a brief overview of the status quo of the co-operation between DPAs (section 2). Then we look how the two proposed reforms of data protection frameworks, i.e. of the European Union (EU) and of the Council of Europe (CoE), address the need for co-operation (section 3). In section 4 we look at the co-operation within competition law, using the examples of International- and European Competition Networks (ICN; ECN). Finally, we attempt to draw the very first lessons on what the co-operation between DPAs can learn from its counterpart in competition law, paving the way for further research. Due to its limitations, in this paper we omit the question of data protection in police and judicial co-operation as well as jurisdictional issues.

2.

State-of-the-art of existing mechanisms of co-operation ^

2.1.

International level ^

[4]

The Council of Europe was one of the first to express interest in co-operation in enforcing privacy and data protection laws. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data is a binding instrument ratified by almost all CoE Member States and open for accession by non-member states (Art 23).1 A detailed framework for mutual assistance between the parties has been set forth in Arts 13-17, dealing with an obligation to furnish information (Art 13), at no fees except for costs incurred for experts and interpretation (Art 17), subject to conformity with domestic legislation [Art 13(3)(b)] and certain safeguards [Art 15]; grounds for refusal are limited, e.g. incompatibility of powers of DPAs (Art 16). Furthermore, Art 1(5) of the Additional Protocol2 stipulates that the supervisory authorities «shall co-operate with one another to the extent necessary for the performance of their duties, in particular by exchanging all useful information.»

[5]

It has been relatively recent that co-operation between DPAs has been raised as an issue by other international forums. In 2006, the Organization for Economic Cooperation and Development (OECD) issued a report on the cross-border enforcement of privacy laws, favouring continued information exchange and co-ordination between DPAs.3 Further, in 2007 OECD issued a recommendation on cross-border co-operation in the enforcement of privacy laws, calling at its member economies to «foster the establishment of an informal network […] to discuss the practical aspects of privacy law enforcement co-operation, share best practices […], work to develop shared enforcement priorities, and support joint enforcement initiatives and awareness raising campaigns.»4 In 2010 eleven privacy enforcement authorities launched the Global Privacy Enforcement Network (GPEN) with a mission to «promote and support cooperation in cross-border enforcement of laws protecting privacy», primarily by exchanging information between DPAs.5 The GPEN was later joined by 16 additional DPAs. OECD provides administrative support to GPEN.

[6]

Next, the International Conference of Data Protection and Privacy Commissioners (ICDPPC), an annual multi-stakeholder gathering for exchange of best practice and shaping policies, on a number of occasions called for increased international co-operation.6 Most importantly, the 33rd ICDPPC (2011) adopted a resolution urging DPAs to «share experience», «participate in the cross-border enforcement cooperation networks» and «use the cross-border enforcement cooperation tools already developed, and to enhance and supplement these tools as experience grows».7

[7]

On a bilateral level, in 2005 a memorandum of understanding was signed between the Spanish DPA and the US Federal Trade Commission on mutual enforcement assistance in commercial email matters.8 Similar arrangements have been established, among others, between Australia and New Zealand (2008)9 as well as between Germany and Canada (2012).10 Regional conferences,11 networks12 and associations often facilitate conclusion of such arrangements. All such arrangements usually deal with information sharing and joint investigations.

[8]
It is worth to mention that the 2010 amendment to the New Zealand’s Privacy Act 1993 added provisions on the «referral of complaint to overseas privacy enforcement authorities», in case the complaint relates to a matter that is more properly within the latter’s jurisdiction (Sec 72C).13

2.2.

Regional level ^

[9]
On a regional level, first, in the framework of the Asia-Pacific Economic Cooperation (APEC), the Cross-border Privacy Enforcement Arrangement (CPEA; 2010) encourages, on a voluntary basis (§§ 6.1), information sharing among DPAs both in and outside the APEC economies (§§ 9.4-9.5). The agreement offers extensive co-operation mechanisms dealing with, among others, an obligation to assist (§9.1), prioritisation (§ 9.2), a procedure to follow (§§ 9.6-9.12), protection of confidential information (§ 10) and contact point designation (§ 11).14
[10]
Second, several platforms have been established for exchange and co-operation, such as the Asia-Pacific Privacy Authorities (APPA),15 the Ibero-American Data Protection Network (RIPD),16 the French-speaking Association of Personal Data Protection Authorities (AFAPDP),17 the Central and Eastern European Data Protection Authorities (CEEC)18 as well as an annual conference gathering authorities from the majority of ex-USSR countries.19
[11]
Third, within the EU, the only provision on co-operation is found in Art 28(6) of the Directive 95/46/EC requiring the supervisory authorities to «cooperate with one another to the extent necessary for the performance of their duties, in particular by exchanging all useful information.’20 This very general provision was subject to scrutiny of the Art 29 Working Party (WP29) who has identified a number of obstacles in its practical application. WP29 has pointed out that in the new data protection framework such provisions should be developed «in a more detailed and specific way», especially rules for practical cooperation («such as time limits or translation of documents») and – what is of crucial importance – rules for the exchange of information («duty to inform each other»). There is a need to «provide clarity on the extent to which information can be shared between DPAs»;21 the question of information sharing is essential and has been already posed several times on various forums.22

2.3.

Observations ^

[12]
It seems that the states and DPAs have already acknowledged the need for a closer co-operation in enforcing privacy and data protection laws. To that end, a patchwork of formal and informal arrangements on various levels has been developed to facilitate such co-operation.23 However, the example of shortcomings identified by WP29 and similar forums proves that still more work is needed to ensure efficient co-operation (e.g. specific rules on information sharing). In the following section we will look how the two proposed reforms of data protection frameworks, i.e. of the EU and of the CoE, address the need for co-operation.

3.

Co-operation in the proposed reforms of the EU and the CoE data protection frameworks ^

3.1.

The reform of the EU data protection framework ^

[13]

In January 2012 the Commission proposed a reform of the EU data protection framework.24 With regard to enforcement, the proposal makes the reference to the WP29’s advice (cf. supra) and further notices that «experience has shown that the progressive increase in cross-border transfers and of data controllers operating across several Member States did not lead, by itself, to increased cooperation […]. The legal uncertainty caused by inconsistent – and sometimes contradictory – decisions taken by DPAs will therefore increase, as will related costs.»25

[14]

As a result, the reform devotes considerable attention to the need for co-operation between DPAs in order to ensure «consistent enforcement of data protection rules».26 In particular, the Commission aimed «to ensure stronger powers and adequate levels of resources [to DPAs] for enforcement and control» and to «develop binding cooperation procedures and effective mutual assistance between DPAs» (emphasis added).27 The draft Regulation foresees that such co-operation would have two dimensions: (1) regional, among the EU DPAs [Arts 52 and 55-72], and (2) international, with third countries» authorities [Art 45].

[15]
First, with regard to co-operation within the EU, the proposed Regulation strengthens the obligations and powers of DPAs. Among their duties, the DPAs shall «share information with and provide mutual assistance to other supervisory authorities» [Art 52(1)(c)] and shall «conduct investigations […] on request of another supervisory authority» [Art 52(1)(d)]. They would be empowered to advise, upon request, «any data subject […] and, if appropriate, co-operate with the supervisory authorities in other Member States to this end» [Art 52(3)]. DPAs should be provided with sufficient resources (human, technical and financial) to perform their tasks, including those to be carried out in context of international co-operation [Art 47(5)].
[16]
The Regulation further specifies binding modalities of co-operation. First, Art 55 (mutual assistance) imposes an obligation to respond, by providing, free of charge, relevant information and assistance, to a request from another DPA without delay; grounds for refusal are limited. Second, Art 56 provides for joint operations (e.g. joint investigative tasks), including a right of relevant DPAs to participate therein. Third, Art 57 introduces a detailed procedure (consistency mechanism) to ensure co-ordination among the various DPAs involved and to consult each other before adopting a measure. Finally, Art 64 reincarnates WP29 into the European Data Protection Board.
[17]
Second, when it comes to international co-operation, the proposal acknowledges its importance but does not go into further detail. Art 45 only states that the Commission and DPAs should take appropriate steps to, inter alia, «develop effective international co-operation mechanisms to facilitate the enforcement» and – to that end – «provide international mutual assistance», favouring those jurisdictions offering an adequate level of protection.

3.2.

The modernization of the Council of Europe ^

[18]
The current wording of the Convention 108 and the Additional Protocol thereto already provide for mutual assistance (Arts 13-17). The proposed modernisation only strengthens these provisions. To the existing rules on «exchanging useful information» [Art 1(5)], the modernization adds «coordinating […] investigation or interventions or conducting joint actions» as well as «providing information on […] law and administrative practice relating to data protection» [Art 12bis(7)(b)-(c)]. Next, the Convention Committee, an advisory body composed of representatives of all parties, would be obliged to «facilitate, where necessary, the friendly settlement of all difficulties related to the application of [the] Convention» [Art 19(i)]. Last but not least, the DPAs, in order to organize their co-operation and to perform their duties, should «form a conference/network» [Art 12bis(8)].28

3.3.

Observations ^

[19]
If adopted, and if in the current reading, the proposed Regulation would introduce mechanisms for a regional co-operation among the DPAs within the EU. Such co-operation would be based on a single and uniform set of substantive rules imposing certain modalities for co-operation, aiming at ensuring consistency. This would be an essential development in comparison with the current state-of-the-art, i.e. Art 28(6) of the Directive. However, the proposal is not precise as regards the co-operation with third countries» authorities as well as international organizations: only «appropriate steps» to «develop» should be undertaken. Some clue to the shape of such co-operation might come from the explanatory note to the proposal where the Commission explicitly stated that such international co-operation should take into account the OECD Recommendation (cf. supra).
[20]
The Council of Europe’s Convention 108 already provides for certain modalities of international co-operation. While its modernization, in the current reading, foresees no major changes with regard to the mutual assistance,29 the revised Convention would offer certain novelties, like co-ordination of investigations. Notably, the proposed modernisation foresees the creation of a «conference/network» to «organize co-operation» of DPAs. Thanks to the fact that the Convention is open for accession to non-Member States of the Council of Europe as well as international organizations, the revision of the Convention would offer a possibility of global co-operation, based on a set of harmonised, yet not unified, substantive rules.
[21]
While these proposals would improve co-operation, we observe that a few issues, such as the question of sharing confidential information, are still not addressed. Assuming that it is likely that both DPAs and competition authorities would face similar obstacles, we now turn to competition law to see how the question of co-operation is addressed therein.

4.

Enforcement co-operation in competition matters ^

4.1.

Introduction ^

[22]
As in the fields of privacy and data protection, growing globalization increased the likelihood of cross-border competition cases. Thus, there is a risk of inconsistent outcomes for cases dealt concurrently across different jurisdictions or the risk of the under-enforcement (e.g. due to inability to deal with cross-border cases by one jurisdiction only). All these called for the international co-operation in the competition field.
[23]
Co-operation between antitrust enforcement agencies may take different forms: from general discussions on the points of law and co-ordination of the procedural or investigatory measures (e.g. co-ordination of simultaneous inspections) to assistance in evidence gathering (e.g. making inspection or interviewing the witness on behalf of other agency). Such co-operation will often require exchange of information between agencies.
[24]

Frameworks for co-operation in antitrust investigations may also vary. It may be based on purely informal contracts between the staff of the enforcement agencies. Informal co-operation is facilitated and structured by multilateral forums such as OECD (which promotes its soft laws in competition matters, including recommendations on international co-operation)30 or International Competition Network (ICN), an international forum devoted exclusively to competition policies. The European Competition Network (ECN), operating within the EU, is a unique form of tight and more formalized co-operation in the enforcement of competition law.31

4.2.

International ^

[25]
In 2001, sixteen competition agencies established the International Competition Network (ICN). Today, the ICN is the most extensive network of competition authorities worldwide, with 114 member agencies from 100 jurisdictions (2011).32 The ICN is an informal and voluntary network of national or multinational antitrust agencies. While being largely a virtual network (no premises, or secretariat),33 it remains structured: overseen by the Steering Group of elected members, the majority of its work is undertaken within Working Groups, discussed and approved on the broader platform of an annual conference. Its work is project-oriented and consensus-based.34
[26]
The ICN aims to promote convergence of competition laws and practices across the world, to disseminate expertise and best practices, and seeks to facilitate co-operation between enforcement agencies.35 To this effect, the ICN compares antitrust legislations (recording its results in e.g. charts); hosts thematic workshops; issues non-binding recommendations and best practices, both on substantive and procedural issues; produces case-handling and enforcement manuals, reports, toolkits,36 and templates (e.g. a model waiver of confidentiality).
[27]
The ICN is a valuable, practice-oriented forum, regarded as particularly successful for sharing knowledge and best practices. Its informal character prevents the «minimum» harmonization approach and enables looking for optimal solutions, which then can be propagated. At the same time, it is purely voluntary with no binding output. The ICN itself is not a forum to co-operate on cases, however practical aspects of enforcement co-operation are at the core of its interests. Above all, it provides a forum for regular contacts between the agencies» staff.

4.3.

European Competition Network (ECN) ^

[28]
The European Competition Network (ECN) is a forum for co-operation of European competition authorities in the application of the EU competition law. Established in 2004 under Regulation 1/2003,37 the ECN consists of the Commission and Member States» National Competition Authorities (NCAs). Both the Commission and NCAs are equally empowered and obliged to apply Arts 101 and 102 of the Treaty on the Functioning of the EU (TFEU) in full.38 The provisions are typically applicable to cross-border cases and thus a mechanism of allocation of cases between the ECN members was needed, enabling the best-placed agency to deal with the case and discharging other agencies from the obligation to act.39 However, a parallel investigation by more than one agency of the same conduct is not entirely precluded.
[29]
It was therefore necessary to ensure that competition authorities avoid contradictory decisions and apply the EU competition law in a consistent manner, ensuring the coherent development of the competition law and policy. To this effect, Regulation 1/2003 provides for the mechanisms of consultation and assistance amongst the ECN authorities, in particular by the obligation imposed on an NCA to inform the Commission on the envisaged decision based on the EU competition law no later than 30 days before its adoption, thus giving the Commission the possibility to make observations on a draft decision. In turn, the Commission consults the Advisory Committee, composed of the representatives of NCAs, before using enforcement tools [Arts 11 and 14]. Regulation 1/2003 also confirms that Commission’s decisions take precedence over those of NCAs, as well as obliges NCAs to stay their proceeding should the Commission decide to act on the case [Arts 16 and 11(6)].
[30]
Another objective of the ECN is an efficient division of work between participating NCAs and overall effective enforcement of the EU competition law. Regulation 1/2003 allows for the co-operation and assistance between the authorities as regards the evidence-gathering and information exchange, in particular by: (1) exchange of information on the initiation of the investigations (obligatory),40 (2) exchange of information, including confidential information, which may be shared without the consent of the parties concerned; such information may be used as evidence (subject to some guarantees, e.g. limiting their use in criminal proceeding) [Art 12], (3) assistance in inspections: the Commission is obliged to inform an NCA on planed inspection in its jurisdiction; on the other hand, an NCA is obliged to assist the Commission and the latter may also request an NCA to carry out inspection on its behalf [Art 22(2)], and (4) an NCA may assist another NCA and undertake on its behalf fact-finding measures (e.g. inspections and interviews) [Art 22(1)].
[31]
The ECN is an example of co-operation between NCAs based on a clear legal basis and allowing closer co-operation (including exchange of confidential information) than traditional international instruments. For that reason it became the reference point for co-operation in antitrust enforcement. The co-operation within the ECN applies only to the enforcement of the EU competition law and is largely driven by the need to ensure consistency of a unified framework. Still, the ECN co-operation faces certain impediments, such as those connected with the administrative burden of co-operation (e.g. language issues and related costs). Also, remaining differences between the Member States as regards leniency programs41 or differences as regards criminal liability for antirust infringement may render the exchange of information more complex and subject to certain additional safeguards.

4.4.

Recent projects relating to enforcement cooperation in competition law ^

[32]
In recent years both the ICN and OECD looked more closely and methodically into the issues of enforcement co-operation between agencies, and conducted several project related thereto.42 These projects looked at the available instruments for international enforcement co-operation (such as treaties dealing with enforcement issues), aimed at identifying remaining obstacles and, ultimately, proposing recommendations for closer co-operation. Currently, the ICN and OECD run common surveys on related issues. The next OECD Global Forum on Competition will present its results.43
[33]

Based on preliminary findings of the above-mentioned projects, one of the main obstacles to efficient co-operation is sharing information between agencies, especially if it concerns confidential or otherwise protected information. Informal co-operation has its limits: it does not allow for exchange of such information. Therefore, agencies need to resort to: (1) confidentiality waivers, where the provider of confidential information to one enforcement agency agrees to sharing it with another agency; (2) national legislation permitting exchange of information (yet it is rather rare),44 and (3) international agreements, such as mutual legal assistance treaties (MLAT),45 regional economic co-operation agreements,46 free trade agreements, including regional ones,47 or competition-specific co-operation agreements.48

[34]
All those solutions have their limits: confidentiality wavers are subject to the will of the parties, and are mostly used in cases where the parties have interests to share and facilitate co-operation between various jurisdictions (e.g. in a merger review). As regards MLATs, these agreements are usually restricted to co-operation in criminal investigations and require the underlying offence to be a crime in at least the requesting country or in both (i.e. requesting and requested jurisdictions). However, in most countries competition infringement are not criminal offences, which may impede the applicability of MLATs.49 Competition policy might also be excluded from the scope of a MLAT. Finally, competition-specific co-operation agreements are becoming more frequent, but it is still far from being a universal solution. More importantly, they often include a clause allowing an agency to decline to communicate information if national confidentiality provisions protect it. The so-called «second generation» agreements allow for exchange of confidential information, however those agreements remain rare.50 The ECN (cf. supra) remain a unique example of co-operation where exchange of confidential information has been to large extent resolved.
[35]
There are also other factors that might impede exchange of confidential information, including limits on admissibility as evidence of exchanged information and lack of transparency on the scope of protection of confidential information in different agencies. Also, problems are caused by different understandings of what confidential and/or privileged information is. Such ambiguity also affects what can be shared informally. Trust (personal, institutional) also plays a major role.
[36]
Amongst other factors affecting international enforcement co-operation, usually mentioned are: (1) differences in timetables and investigation procedures generally; (2) lack of systematic notification/ information on cases in other jurisdictions; (3) complexity and duration of formal cooperation mechanisms; (4) little available written guidance on co-operation; (5) limits to agencies» resources to devote to international enforcement co-operation; and (6) linguistic concerns and time zone differences.

5.

Concluding remarks ^

[37]
There are certain similarities between enforcement of privacy and data protection laws and competition law. In both, certain basics already exist. In this regard, various formal and informal arrangements, of various geographical reach (i.e. international, regional and bilateral), coexist. In both fields, the convergence of legal frameworks facilitates co-operation, and vice versa. When it comes to trans-border cases, DPAs and competition authorities have comparable needs: in both situations, efficient enforcement requires closer co-operation between authorities, such as assistance in evidence gathering and exchange of case-related information. It is also likely they would face similar obstacles. It would thus be advisable to examine the obstacles identified in the context of competition law enforcement and ways the competition authorities tackle them.
[38]
Let us draw the preliminary conclusions. First, co-operation in competition law enforcement takes a very practice-oriented approach. For example, the ICN – being a global, informal yet structured forum for exchange of best practice and shaping policies – pays a lot of attention to the creation of manuals for co-operation, templates, reports, toolkits, thematic workshops, etc. The existing international DPAs forums could follow that example more closely.
[39]
Second, we have noticed that (legal) limits in sharing confidential information constitute a serious obstacle in efficient enforcement in competition law, but also in data protection law. The antitrust agencies have found certain solutions, such as waivers based on consent to share information, relevant provisions in national laws unilaterally allowing transmitting information, and – finally – relevant provisions in international agreements; these solutions still have their own limits (cf. supra). Nevertheless, again, the co-operation between DPAs could be inspired by the best elements of these solutions.
[40]
Third, in the EU, the enforcement of competition law takes place within the ECN which is a framework encompassing a detailed set of mandatory rules (dealing with e.g. notification and allocation of cases as well as sharing of confidential information) and ensuring consistent application of the EU competition law. The ECN is usually given as a model for co-operation in competition context and it could equally provide inspiration for efficient enforcement co-operation between DPAs.
[41]
In addition, we observe that competition law has chosen informal mechanisms for sharing experience and shaping policies and more formal ones for the purposes of enforcement, and in particular for sharing confidential information. Experience in co-operation in competition law also teaches that trust and good communication play a crucial role.

 


 

This paper is based on the research project PHAEDRA (Improving Practical and Helpful cooperAtion bEtween Data PRotection Authorities), co-funded by the European Union under its Fundamental Rights and Citizenship Programme. The contents are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Commission. This paper does not present the final position of the PHAEDRA research consortium.

 

Dariusz Kloza, Anna Mościbroda, Gertjan Boulet, Vrije Universiteit Brussel (VUB) – Research Group on Law, Science, Technology and Society (LSTS).

 

The authors would like to thank Urszula Góral, Paul De Hert and Auke Willems for their useful comments.

 


 

  1. 1 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981, ETS 108 (hereinafter: Convention 108).
  2. 2 Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, Strasbourg, 8 November 2001, ETS 181.
  3. 3 OECD, Report on the cross-border enforcement of privacy laws, Paris, 2006, p. 22. http://www.oecd.org/internet/interneteconomy/37558845.pdf
  4. 4 OECD, Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy, Paris, 2007 (hereinafter: the OECD Recommendation). http://www.oecd.org/internet/interneteconomy/38770483.pdf.
  5. 5 GPEN, Action Plan for the Global Privacy Enforcement Network (GPEN), 15 June 2012. http://www.privacy enforcement.net/public/activities
  6. 6 Among others, the 29th ICDPPC (2007) adopted the Resolution on International Co-operation. http://www.priv.gc.ca/information/conf2007/res_coop_01_e.pdf. The 31st ICDPPC (2009), in its resolution on Standards on the Protection of Personal Data and Privacy, set forth proposals co-operation and co-ordination (Art 24). http://www.privacyconference2009.org/media/Publicaciones/ common/estandares_resolucion_madrid_en.pdf. The 34th ICDPPC (2012) hosted a panel on cooperation tools among DPAs. http://privacyconference2012.org
  7. 7 ICDPPC, Resolution on Privacy Enforcement Co-ordination at the International Level, 2011/GA/RES/001, Mexico City, 1 November 2011. http://www.privacyconference2011.org/htmls/adoptedResolutions/2011_Mexico/2011 _GA_ RES_001_%20Intl_Priv_Enforc_ENG.pdf.
  8. 8 Federal Trade Commission, Memorandum of understanding on mutual enforcement assistance in commercial email matters between the Federal Trade Commission of the United States of America and the Agencia Espanola de Proteccion de Datos, 2005. http://www.ftc.gov/os/2005/02/050224memounderstanding.pdf.
  9. 9 Office of the Privacy Commissioner, Memorandum of Understanding between the Office of the Australian Privacy Commissioner and the Office of the New Zealand Privacy Commissioner, 28 August 2008. http://privacy.org.nz/assets/Files/Australia-New-Zealand-signed-Memorandum-of-Understanding-27-August-2008.pdf; Office of the Privacy Commissioner of Canada, Memorandum of Understanding between the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta, and the Office of the Information and Privacy Commissioner of British Columbia with respect to Co-operation and Collaboration in Private Sector Privacy Policy, Enforcement, and Public Education. http://www.priv.gc.ca/au-ans/mou_e.pdf.
  10. 10 The Federal Commissioner of Data Protection and Freedom of Information, German and Canadian data protection authorities establish a basis for enhanced cooperation, Bonn/Berlin, 15 October 2012, http://www.bfdi.bund.de/EN/PublicRelations/PressReleases/2012/21_ DCANEstablishABasisForEnhancedCooporation.html?nn=410156.
  11. 11 Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, First conference on protection of personal data, 2010. http://www.rsoc.ru/personal-data/p450/p531.
  12. 12 Ibero-American Data Protection Network, http://www.redipd.org/documentacion/acuerdos_convenios/index-iden-idphp.php.
  13. 13 Privacy Act 1993. http://www.legislation.govt.nz/act/public/1993/0028/latest/DLM296639.html.
  14. 14 APEC, Cooperation Arrangement Cross-border Privacy Enforcement, 2010/SOM1/ECSG/DPS/013, 28 February 2010. http://aimp.apec.org/Documents/2010/ECSG/DPS1/10_ecsg_dps1_013.pdf.
  15. 15 Asia-Pacific Privacy Authorities (APPA). http://www.appaforum.org.
  16. 16 Ibero-American Data Protection Network (Red Iberoamericana de Protección de Datos; RIPD). http://www.redipd.org.
  17. 17 French-speaking Association of Personal Data Protection Authorities (Association francophone des autorités de protection des données personnelles; AFAPDP). http://www.afapdp.org
  18. 18 Conference of Central and Eastern Europe Personal Data Protection Authorities (CEEC). www.ceecprivacy.org.
  19. 19 Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, Third conference on protection of personal data, 2012. http://www.pd-forum.ru.
  20. 20 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
  21. 21 Art 29 Working Party, Advice paper on the practical implementation of the Article 28(6) of the Directive 95/46/EC, Brussels, 4 April 2011, pp. 10-11. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2011_04_20_ letter_artwp_mme_le_bail_directive_9546ec_annex3_en.pdf.
  22. 22 E.g. the 33rd ICDPPC in its Resolution (cf. footnote NOTEREF _Ref221711498 \h 9) resolved to «encourage privacy enforcement authorities to assess their legal authority to share information and cooperate with their counterparts in relation to appropriate standards of best practice […] and, if necessary, discuss with their governments proposals to amend existing legislation to facilitate greater cooperation».
  23. 23 OECD, Report on the Cross-Border Enforcement of Privacy Laws, Paris, 2006, p. 3. http://www.oecd.org/internet/interneteconomy/37558845.pdf.
  24. 24 European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25 January 2012, COM(2012) 11 final (hereinafter: the Regulation).
  25. 25 European Commission, Impact Assessment [accompanying the proposal for the General Data Protection Regulation], Brussels, 25 January 2012, SEC(2012) 72 final, p. 36.
  26. 26 Idem, p. 41.
  27. 27 Idem, p. 43.
  28. 28 Council of Europe, Modernisation of Convention 108, Strasbourg, 29 November 2012, T-PD(2012)4Rev3_en.
  29. 29 Council of Europe, Modernisation of Convention 108: new proposals, Strasbourg, 27 April 2012, T-PD-BUR(2012)01Rev2_en, p. 6.
  30. 30 Cf. OECD, Recommendation of the Council concerning Cooperation between Member Countries on Anticompetitive Practices affecting International Trade, Paris, 25 July 1995 (hereinafter: OECD 1995 Recommendation); Recommendation of the Council on Merger Review, Paris, 23 March 2005; Best practices for the formal exchange of information between competition authorities in hard core cartel investigations, Paris, October 2005. http://www.oecd.org/daf/competition/recommendations.htm.
  31. 31 Cf. ICN, Cartels Working Group, Report on Cooperation Between Competition Agencies in Cartel Investigations, Office for Official Publications of the European Communities, Luxembourg, May 2007, http://www.internationalcompetitionnetwork.org/working-groups/current/cartel.aspx; OECD, Policy Roundtable Improving International Co-operation in Cartel Investigations, Paris, 30 November 2012. http://www.oecd.org/daf/competition/ImprovingInternationalCooperationIn CartelInvestigations2012.pdf.
  32. 32 ICN, Statement of Achievements 2001-2011, May 2011. http://www.internationalcompetitionnetwork.org/uploads/ library/doc757.pdf.
  33. 33 Secretarial support is provided by one of the member agencies.
  34. 34 ICN, International Competition Network – Operational Framework, 13 February 2012. http://www.international competitionnetwork.org/uploads/library/doc784.pdf.
  35. 35 Cf. http://www.internationalcompetitionnetwork.org/about.aspx.
  36. 36 Cf. ICN, Recommended Practices for Merger Notification and Review Procedures (2004); Anti-Cartel Enforcement Manual (2008-2012); Report on Trends and Developments in Cartel Enforcement (2010). http://www.internationalcompetitionnetwork.org/ Cf. also ICN, Advocacy and Implementation Network (AIN), 2012. http://www.internationalcompetitionnetwork.org/uploads/library/doc770.pdf.
  37. 37 Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty (hereinafter: Regulation 1/2003).
  38. 38 Such decentralised enforcement has been established under Regulation 1/2003. Previously, only the European Commission could grant the exemption from the prohibition of the anticompetitive agreements in cases the conditions for such exception laid down in Art 101(3) were fulfilled. All undertaking wishing to benefit from the exemption were obliged to notify their agreements to the Commission
  39. 39 NCAs and the Commission may reject the complaint and/or suspend the proceeding on the ground that other authority is dealing with the case. Art 13 of Regulation 1/2003.
  40. 40 In practice, a standardised information is shared via common case-management system. ICN, Cartels Working Group, Report on Cooperation Between Competition Agencies in Cartel Investigations, op. cit., p. 20.
  41. 41 Leniency refers to the immunity from fines offered to cartelist who denounces the cartel and submits evidence to a competition agency. To minimize the problems with different leniency standards and procedures, the ECN developed the ECN Model Leniency Programme (2006, revised 2012), aiming at further harmonization within the EU.
  42. 42 Between 2005-2007 the ICN Cartel Working Group ran a project on co-operation between competition agencies. ICN, Cartels Working Group, Report on Cooperation between Competition Agencies in Cartel Investigations, op. cit. In March 2011 the ICN held a roundtable on enforcement co-operation, later followed by the establishment of the International Enforcement Cooperation Project (June 2011). ICN Steering Group, International Enforcement Cooperation Project (Proposal), 2012. http://www.internationalcompetitionnetwork.org/uploads/library/doc794.pdf; OECD, on its part, held in February 2012 a Global Forum on Competition discussing improving international cooperation in cartel investigations. OECD, Global Forum on Competition, Policy Roundtable Improving International Co-operation in Cartel Investigations, op. cit. See also OECD, Global Forum on Competition, Improving International Co-operation in Cartel Investigations – Background Note, OECD, DAF/COMP/GF(2012)6, February 2012; OECD, Limitations and Constraints to International Co-operation, DAF/COMP/WP3(2012)8, October 2012.
  43. 43 OECD, Global Forum on Competition. http://www.oecd.org/competition/globalforum.
  44. 44 Such provisions have been identified for Germany, the US, Canada, Romania.
  45. 45 Although such treaties regulate mechanisms of co-operation in criminal matters, they might be relevant for antirust enforcement co-operation in cases were antirust infringement is also qualified as criminal offence under national laws. In the context of criminal proceedings, the resource could also be made to extradition treaties or letters rogatory (i.e. a formal request for co-operation by judiciary of one country to an other, often involving diplomatic co-operation).
  46. 46 These include, among others, MERCOSUR (Mercado Común del Cono Sur [Southern Common Market]), NATFA (North American Free Trade Agreement), UEMOA (Union économique et monétaire ouest-africaine [West African Economic and Monetary Union]).
  47. 47 Currently there seem to be in place 214 Regional Trade Agreements in force, of which 98 contain competition provisions. OECD, Global Forum on Competition, Policy Roundtable, Improving International Co-operation in Cartel Investigations, op. cit.
  48. 48 The latter often concluded on the basis of the OECD 1995 Recommendation.
  49. 49 OECD, Global Forum on Competition, Policy Roundtable, Improving International Co-operation in Cartel Investigations, op. cit., p. 29.
  50. 50 The parties to such agreements may not refuse to share information with the exception of cases when such assistance would not be permitted by law or be against the public interest. See ICN, Cartels Working Group, Report on Cooperation Between Competition Agencies in Cartel Investigations, op. cit.