On October 28, 2022, the Office of the Privacy Commissioner of Canada (the OPC) announced that data protection authorities around the world endorsed resolutions on facial recognition technology (FRT) and cybersecurity at the 44th Global Privacy Assembly (GPA) in Istanbul, Türkiye.

The GPA is an international forum where data protection and privacy authorities from more than 130 countries meet to discuss privacy matters of interest and coordinate efforts on an international scale.  The theme of the public portion of the event was, “A matter of balance – Privacy in the era of rapid technological advancement”.

During the conference, the GPA members adopted a resolution on the use of personal information in FRT, which outlined a series of principles and expectations that they would promote to external stakeholders, assess the real-world application therein, and report back on. These principles require an organization to do the following:

  1. Lawful basis:  have a lawful basis for collecting and using biometrics;
  2. Reasonableness, necessity and proportionality: demonstrate the reasonableness, necessity, and proportionality of their use of FRT;
  3. Protection of human rights: assess and protect against unlawful interference with privacy and other human rights;
  4. Transparency: ensure that the use of FRT is transparent to affected individuals and groups;
  5. Accountability: include clear and effective accountability mechanisms for the use of FRT; and
  6. Data protection principles: ensure that FRT is used in a way that respects all data protection principles.

The GPA also saw the adoption of a resolution for international cooperation in improving cybersecurity regulation and understanding the harms that results from cyber incidents. As part of this resolution, the endorsing GPA members would take steps to understand the responsibilities of data protection authorities regarding cybersecurity, and explore possibilities for international cooperation amongst members to avoid duplication in investigations and other regulatory activities.

Summary By: Imtiaz Karamat


22 11 16

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.