Title page

Contents

Foreword 3

1. Background 6

2. Methodology 8

3. Findings on the implementation of the Privacy Guidelines 9

Definitions, scope and basic principles 9

Part Three: implementing accountability 18

Part Four: basic principles of international application: free flow and legitimate restrictions 21

Part Five: national implementation 31

Part Six: international co-operation and interoperability 45

4. Summary and main conclusions 50

Part Two: basic principles of national implementation 51

Part Three: Implementing Accountability 51

Part Four: free flow and legitimate restrictions 52

Part Five: national implementation 52

Part Six: international co-operation and interoperability 53

Next steps 53

References 54

End Notes 58

Table 1. Some Responding Countries' AI frameworks 43

Figure 1. Responding countries that consider that changes need to be made to the definitions in the Privacy Guidelines or new ones should be added 10

Figure 2. The majority of responding countries consider the Privacy Guidelines to be a useful standard or reference point in national privacy policy making 13

Figure 3. Responding countries that consider that there is a need for additional guidance in relation to Part Two of the Privacy Guidelines 14

Figure 4. Mechanisms in place for enabling personal data flows to other countries (not covered in multilateral agreements) 23

Figure 5. Policy measures to promote transborder data flows, international privacy enforcement co-operation, or interoperability 24

Figure 6. Main challenges to transborder data flows 26

Figure 7. Sample of PEA public surveys 38

Figure 8. Main challenges to regulatory frameworks 40

Figure 9. Enforcement challenges 40

Figure 10. Emerging technologies that pose the main challenges for privacy and personal data protection 41

Figure 11. Main challenges to cross-border enforcement co-operation 48

Boxes

Box 3.1. Implementation of paragraph 16 regarding the continuous accountability of data controllers Select Examples 25

Box 3.2. Analytical Report on the Trends and Challenges of Data Localisation 28

Box 3.3. Report on Current Practices in Transparency Reporting 29

Box 3.4. Enforcement of sanctions and remedies by PEAs - select examples 35

Box 3.5. Privacy and data protection certification schemes 37

Box 3.6. Use of personal data in political campaigns 39