Transparency by Default: An Internet Transparency Code of Practice

  • Panel
  • Grande Halle
  • Wednesday 20.05 — 11:50 - 13:05

Organising Institution

Council of Europe

International

  • Academic 1
  • Business 2
  • Policy 3

Cross‑border transfers are where governance models collide and standards are needed: Individuals and even regulators struggle to determine who is accountable, what purpose is pursued, what authority or justification is relied on, until long after processing is underway. (after runtime) In parallel, digital identification demands are frequently introduced early in the interaction before accountability and transfer conditions are inspectable creating an avoidable “trust us” digital privacy risk posture. This panel explores a practical “Operational Transparency” code‑of‑practice approach grounded in Convention 108+ and operationalized through ISO/IEC WG 5 standardisation work—to define what must be inspectable before identification is demanded and before transfer occurs, and what evidence artefacts make oversight scalable.

Questions to be answered

  1. What should be inspectable before identification is demanded and before a cross-border transfer occurs?
  2. How can Convention 108+ be operationalised through a concrete Transparency by Default code of practice?
  3. What evidence artefacts make oversight of cross-border transfers scalable?
  4. How does embedding transparency upfront shift data governance from reactive to proactive?

Moderator

Peter Kimpian

Council of Europe - Europe

Peter is the Secretary to the Committee of the Council of Europe Privacy and Data Protection Convention, known as Convention 108 and currently working – among others – on preparing the implementation of the modernised Convention 108+. Previously in charge with law enforcement and national security related privacy matters, with internet governance issues and with standard setting activities based on this Convention. Prior to that he was involved in topics like the EU Data Protection Directive, the GDPR, EU Law Enforcement Directive, EUROPOL regulation, EU PNR Agreements with third states, Terrorist Financing Tracking Programme, and the EU-US Privacy Shield agreement. He has also been active since 2020 in technical assistance programmes on cybersecurity, cybercrime and data protection in Africa, Asia and Latin-America.

Speaker

Jan Schallaböck

ISO / DIN / iRights.Law - Europe

Jan Schallaböck, attorney-at-law, is a partner at iRights.Law and in charge of the data protection and compliance practice of the firm. Before joining iRights.Law, he was employed with the Data Protection Authority of the federal state of Schleswig-Holstein (ULD), being tasked with the working within various European research projects together with – amongst others – Microsoft, IBM, SAP and the Universities of Oxford, Leuven and Frankfurt. His commitment to international standardization also stems from this context. Jan is chairman of ISO PC 317 on "Consumer protection: privacy by design for consumer goods and services”, and he also has been serving as Vice-Convener/Convener-support to the ISO/IEC Working Group on privacy and identity management (ISO/IEC JTC 1/SC 27/WG 5) for more than 15 years.