Global Privacy Assembly Archives - IPOsgoode /osgoode/iposgoode/tag/global-privacy-assembly/ An Authoritive Leader in IP Mon, 21 Nov 2022 17:00:35 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 44th Global Privacy Assembly Leads To Resolutions On Facial Recognition Technology And Cybersecurity /osgoode/iposgoode/2022/11/21/44th-global-privacy-assembly-leads-to-resolutions-on-facial-recognition-technology-and-cybersecurity/ Mon, 21 Nov 2022 17:00:35 +0000 https://www.iposgoode.ca/?p=40273 The post 44th Global Privacy Assembly Leads To Resolutions On Facial Recognition Technology And Cybersecurity appeared first on IPOsgoode.

]]>

M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on  on November 16, 2022.


On October 28, 2022, the Office of the Privacy Commissioner of Canada (the OPC)  that data protection authorities around the world endorsed resolutions on facial recognition technology (FRT) and cybersecurity at the 44th Global Privacy Assembly (GPA) in Istanbul, Türkiye.

The GPA is an international forum where data protection and privacy authorities from more than 130 countries meet to discuss privacy matters of interest and coordinate efforts on an international scale.  The theme of the public portion of the event was, “A matter of balance – Privacy in the era of rapid technological advancement”.

During the conference, the GPA members adopted a resolution on the use of , which outlined a series of principles and expectations that they would promote to external stakeholders, assess the real-world application therein, and report back on. These principles require an organization to do the following:

  1. Lawful basis:  have a lawful basis for collecting and using biometrics;
  2. Reasonableness, necessity and proportionality: demonstrate the reasonableness, necessity, and proportionality of their use of FRT;
  3. Protection of human rights: assess and protect against unlawful interference with privacy and other human rights;
  4. Transparency: ensure that the use of FRT is transparent to affected individuals and groups;
  5. Accountability: include clear and effective accountability mechanisms for the use of FRT; and
  6. Data protection principles: ensure that FRT is used in a way that respects all data protection principles.

The GPA also saw the adoption of a  for international cooperation in improving cybersecurity regulation and understanding the harms that results from cyber incidents. As part of this resolution, the endorsing GPA members would take steps to understand the responsibilities of data protection authorities regarding cybersecurity, and explore possibilities for international cooperation amongst members to avoid duplication in investigations and other regulatory activities.

The post 44th Global Privacy Assembly Leads To Resolutions On Facial Recognition Technology And Cybersecurity appeared first on IPOsgoode.

]]>
International Data Protection And Privacy Regulators Release Guidance On Credential Stuffing Attacks /osgoode/iposgoode/2022/08/08/international-data-protection-and-privacy-regulators-release-guidance-on-credential-stuffing-attacks/ Mon, 08 Aug 2022 16:00:00 +0000 https://www.iposgoode.ca/?p=39875 The post International Data Protection And Privacy Regulators Release Guidance On Credential Stuffing Attacks appeared first on IPOsgoode.

]]>

M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on  on July 13, 2022.


On June 27, 2022, the Office of the Privacy Commissioner of Canada, along with fellow members of the Global Privacy Assembly’s International Enforcement Cooperation Working Group (IEWG), released guidance documents to help Ի protect against credential stuffing attacks.

Credential stuffing attacks exploit the tendency of users to reuse their usernames and passwords across multiple platforms. Threat actors use username and password information that was leaked in past data breaches to access other online accounts belonging to the users. These attacks may result in financial or reputational harm for individuals, and cyberbreaches for organizations despite a robust cyber security infrastructure. In its guidance, the IEWG states that hundreds of millions of credential stuffing attacks occur each day and credential stuffing has become a global threat to personal data.

To assist individuals in defending against credential stuffing attacks, the IEWG advises, among other things, that users should:

  • not reuse their passwords across multiple accounts;
  • consider implementing multi-factor authentication (MFA) where possible;
  • immediately change the passwords for any compromised accounts and for any other accounts protected by the same or similar passwords; and
  • routinely check account information for unusual activity or unauthorized transactions.

For organizations, the IEWG discusses (i) implementing password systems and policies that fortify the creation and management process for account passwords; (ii) making MFA an essential security measure in one’s organization; and (iii) using alternatives to traditional accounts setups, such as guest accounts, single sign-on systems, and secondary passwords.

Although these guidelines may not represent legal obligations across all IEWG member jurisdictions, the IEWG intends to raise awareness of the threat of credential stuffing and assist the general public, along with private organizations, in fortifying their personal information practices.

The post International Data Protection And Privacy Regulators Release Guidance On Credential Stuffing Attacks appeared first on IPOsgoode.

]]>