wordpress blog stats
Connect with us

Hi, what are you looking for?

What makes an effective Data Protection Authority tick? #PrivacyNama2021

Data protection commissioners from various countries speak from experience on the makings of an effective DPA.

“A lot of us come from environments where our governments are very quick to pass these (data protection) laws. And invariably it’s a lot easier to push for legislations to be passed. But then, when we setup these institutions, one thing we find is that we do not resource them,” said former Executive Director of Ghana’s Data Protection Commission, Teki Akuetteh Falconer.

Falconer along with Marit Hansen, State Data Protection Commissioner of Land Schleswig-Holstein, and Raymund Liboro, the Chairman of the Philippines’ National Privacy Commission, made these comments in a conversation with Malavika Raghvan (Future of Privacy Forum) at PrivacyNama 2021, a global conference on privacy regulations held on October 6 and 7.

India’s proposed Personal Data Protection Bill has provisions for setting up data protection authorities. Since the bill will be passed sooner or later, it is important to note the kind of problems countries with data protection authorities have faced while trying to set up these institutions. Here’s what the panelists had to say about what makes a DPA tick:

First, get your leadership right

“One of the key recommendations that I will make is that, beyond the passage of the laws, we need the right political buy-in leadership,” said Falconer.

She said it is important to have the right person at the top because a data protection authority would essentially be a new institution and very few people would familiar with it. Giving an example from her time in Ghana’s Data Protection Commission, Falconer said:

Advertisement. Scroll to continue reading.

In our case we had a very good driving chair that was a retired Supreme Court justice that was highly respected with a lot of knowledge around human rights issues. We had people like the government, statisticians sitting on our board, and it really gave a lot of credence to the organisation that they created.

Without going into specifics, Liboro said, “There is no particular playbook in organising data protection authority. However for starters, as an authority, you have to assert your leadership. So many of your constituents will be looking to you for leadership and clarity. So really I think the aim always of the DPA is to provide clarity, and that includes now, again breaking down these concepts from really theoretical concepts into something that they can see some benefit from.”

Support MediaNama’s endeavor to enable meaningful conversations around technology policy. Subscribe here.

Resources, resources, and more resources

Falconer recounted how it took more than three years since 2012 before Ghana’s DPA got the first approval to hire permanent staff for the institution. This was mostly because there was not enough financial backing for the institution back then, and also because there was a lack of human resources.

“Another challenge that you are going to face, is regarding the human resource capacity that is needed. We did not even have the adequate resources to even hire people that had the knowledge and skillset to be able to help us. Putting in place the right resources is really going to help enable the organization,” she said.

Build awareness to make data privacy legislations more humane

“What we did in the Philippines is that we came up in a very first year with a very strong awareness campaign… Complaints will not happen overnight, Nikhil. It will gradually build up because people become more aware,” Liboro said while explaining the importance of taking out an awareness campaign to kickstart a DPA.

He added that while these awareness drives are being carried out, one can use that time to build capacity and train personnel. “That’s why here in the Philippines what we did was really promote the role of data protection officers. We understand that we will never have enough sufficient resources to enforce our law, so we need allies, we need deputies. So we had to deputize, and we did that,” Liboro said.

Advertisement. Scroll to continue reading.

You have to push in a lot of awareness in demystifying the subjects from the technical point of view to a more humane, a more human-centric environment where people can now personally identify with the data protection issues. That also helps with creation of more awareness and dissemination — Falconer

Falconer also reiterated the need to spread awareness but with the help of media. “We did not have any resources at all, and so we had to even leverage on traditional media, and they become like our partners in disseminating and identifying public issues around data protection, and we always use those opportunities to further heighten awareness,” she said.

Decrease friction with other regulators and reduce turf wars

When one or two government institutions have similar rules, or their functioning clashes with each other, it often turns into a powerplay issue. This is not very uncommon in governments and as Falconer pointed out, it could have very well been possible during her stint in Ghana’s data protection commission if the right appointments had not been made at the beginning.

One of the best ways of handling those power role issue and powerplay challenges around the leadership and institutional drive is to ensure that most of those people in critical institutions had place in the governing structure of the regulator. So, for instance, our regulator had a key institutional role. — Falconer

She further explained, “We had the communications regulator on our board; we had the ICT authority on our board; we had the central bank representative on our board; we even had ICT institutional reps, association reps on our board. And what that meant is that we were then able to, at the board level, create a system of buy-in from these critical sectors and institutional people to actually help push and disseminate the importance of the decisions that we had taken in the board room which was then going to come up.”

MediaNama hosted this event with support from Facebook, Flipkart, Internet Society, Mozilla, Mobile Premier League, Omidyar Network, Paytm, Star India, and Xiaomi. We are also thankful to our community partners – the CyberBRICS Project, the Centre for Internet and Society, and the Centre for Communication Governance (NLU Delhi).

Also Read:

Have something to add? Subscribe to MediaNama here and post your comment. 

Advertisement. Scroll to continue reading.
Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

Click to comment

You must be logged in to post a comment Login

Leave a Reply

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ