The “Catalan DPOs Network” celebrates its first anniversary in an event with more than a hundred members from all over Catalonia

Coinciding with the first year of life of the Catalan DPOs Network, 'DPD en Xarxa', the Catalan Data Protection Authority (APDCAT) has organized its First Meeting, to bring together in one forum the members from all over the territory, in order to promote collaboration and favor synergies.

Palau de Pedralbes was the venue chosen for this first face-to-face meeting, with nearly 150 attendees and the participation of international experts, such as Alessandro Mantelero, expert of the European Data Protection Committee and professor of Private Law and holder of the Jean Chair Monnet of Mediterranean Digital Societies and Law at the Polytechnic University of Turin, as well as Emese Savoia-Keleti, DPO of the European External Action Service (EEAS), diplomatic service of the European Union and Board Member of the DPO Network of EU institutions, bodies, offices and agencies. Dr. Emese Savoia-Keleti has a long-term experience of over 15 years dealing with privacy and processing personal data in EU institutions, after accomplishing a Fulbright scholarship in New York and an international advisory assignment in Germany.

During the welcome, the director of the APDCAT, Meritxell Borràs, highlighted the work carried out in this first year of 'DPD en xarxa', the first learning and collaboration network of data protection officers in Catalonia, promoted by the APDCAT. Borràs emphasized that this effort to strengthen knowledge and the data protection sector in our country, with nearly 240 members registered in the network.

In addition, he highlighted the joint work of the first working group on human rights impact assessments in processings with artificial intelligence, as well as the 7 training sessions on specialized topics linked to privacy.

The director has also announced the launch on October 14 of a new 'DPD en xarxa' app and platform, which improves the user experience, facilitates the exchange of experiences and interaction between DPO. Thus, the commitment of the APDCAT to this pioneering project that continues to advance is evident.

The role of the DPO in Europe

Dr. Emese Savoia-Keleti spoke about the role of the Data Protection Officer (DPO) in the public sector from a very specific perspective, as a DPO member of the equivalent network at European institutions level. Being the DPO of a diplomatic body of over 5000 staff members, including 145 countries around the globe, also gives the opportunity to work together not only wiht other DPOs, but with the network of Data Protection Coordinators set up by the EEAS to have focal points identifying and engaging with data processing activities already at local level.

Ms Savoia-Keleti underlined the significane of such networks buliding knowledge and creating synergies in order to support each other in similar acitivities, along with saving work, and not replicating, but relying on a collective effort. It is fundamental to develop jointly and to share experience,  in particular guidance documents, surveys and feedbacks to the supervisor. The public sector and EU institutions’ specificities were also introduced highlighting the challenges and tasks related to the position of the DPO, including ‘How to deal with Data Controllers’, ‘How to handle Data Subjects’ and ‘How to liaise with the Supervisory Authority’, demonstrating as well the invaluable support and underpinning effect of the network.

Assessing the impact of AI

For his part, the expert Alessandro Mantelero shared the results of the first working group created in the framework of 'DPD en xarxa' specialized in the evaluation of impact on human rights in treatments with artificial intelligence (AIDH).

Thus, he highlighted the role that DPO and data protection authorities can play in the implementation of AI systems, both within the framework of the GDPR and the AI ​​Regulation. In addition, he explained that the Working Group on Human Rights Impact Assessment in AI treatments (AIDH) has applied to specific cases an AIDH model that can be used in all contexts in which AI is used and is also compatible with Article 35 of the RGPR (on data protection impact assessment). Mantelero defended that the case studies have shown that this evaluation is possible, without resorting to more complicated models, but he added that there is a need for an investment in the specific training of DPO in this type of evaluation related to the rights of the privacy and data protection.

Seven working tables to generate synergies

The meeting also served to learn about the latest pronouncements of the APDCAT in the matter of data protection, as well as the most common infringements that lead to the opening of the sanctioning procedure in the matter of data protection, at the hands of the head of the Legal Counsel, Xavier Urios and the head of the Inspection and Technical Area of ​​the APDCAT, Fina Valls, respectively. There was also time to share knowledge, build bridges and generate synergies around seven working tables that addressed various topics related to the application of data protection in areas such as waste management, AI, space European health data, social services, and selective processes, among others.

The first anniversary of a pioneering network

The APDCAT presented in July 2023 'DPD en xarxa', the first learning and collaboration community aimed at the DPOs in Catalonia, promoted by the Catalan Authority to generate training, expertise and the exchange of ideas and experiences between the people who ensure compliance with data protection regulations in Catalan organisations.

In the first year, nearly 240 people from all over the country joined this network of data protection representatives. A total of seven online trainings have been organized on topics such as European data governance, the impact of the new European Regulation on Artificial Intelligence on the processing of personal data, the eIDAS Regulation and the European portfolio of digital identity, data protection interaction and whistleblower law, personal data processing in the police and judicial sphere, and cyber security and personal data. Two working groups have also been created, on topics such as crisis management in the face of a security breach and the impact assessments of fundamental rights in the face of the use of Artificial Intelligence.