Data protection authorities sign joint declaration to strengthen collaboration and address digital challenges on the tenth anniversary of the GDPR

This is the first time that the competent authorities of the Spanish State in the field of data protection have signed a joint commitment

The data protection authorities have signed an institutional declaration in which, for the first time, they adopt a joint commitment that strengthens cooperation to address the challenges related to the digital transformation, the growing data economy and the intensive use of emerging technologies, including new forms of massive processing of personal information.

The 'Institutional Declaration on the strengthening of the culture of privacy and the protection of personal data' is signed by the Catalan Data Protection Authority (APDCAT), the Spanish Data Protection Agency (AEPD), the Basque Data Protection Authority (AVPD), the Andalusian Transparency and Data Protection Council (CTPDA) and the Directorate for Supervision and Control of Data Protection of the General Council of the Judiciary (CGPJ). The text was presented during the celebration of the '10th anniversary of the GDPR (2016-2026): A decade of challenges and opportunities'.

The authorities are based on the recognition of the General Data Protection Regulation (GDPR) as a global regulatory reference for the protection of a fundamental right linked to the dignity of the person, the free development of personality and the functioning of a democratic society. On the other hand, they underline that privacy is also a key element for generating trust in digital environments, a necessary condition for the development of a legitimate and sustainable data economy.

The public declaration expressly addresses cooperation and collaboration between authorities to improve efficiency and move towards common approaches aimed at promoting a culture of privacy, risk prevention and strengthening public trust, taking into account the growing complexity of personal data processing, the acceleration of technological innovation and its cross-cutting impact on society.

One of the central axes of this institutional commitment is the promotion of a culture of privacy, with the active promotion of social awareness and knowledge of this right. In parallel, the declaration includes the promotion of regulatory compliance. To this end, it is planned to intensify the development and dissemination of guides, guidelines and practical tools aimed especially at organizations with limited resources, such as SMEs, micro-SMEs, third sector entities, small municipalities or sectors of particular complexity.

The text also recognizes the strategic role of data protection officers and privacy professionals. These figures are considered essential to guarantee the effective application of the GDPR in organizations, and for this reason they commit to strengthening their position by promoting collaboration networks and knowledge exchange spaces.

Another priority area is the protection of vulnerable groups in digital environments. The declaration provides for specific actions aimed at children and adolescents, as well as the elderly or victims of gender violence. Special attention is paid to the educational field and the use of technologies such as artificial intelligence.

Anticipating risks associated with emerging technologies is also a prominent line of action. The authorities are committed to prospective approaches that allow the early identification and analysis of the risks that these technologies may pose to people's privacy. To this end, the exchange of information and technical knowledge between authorities will be strengthened, promoting the sharing of the work carried out.

With this declaration, the data protection authorities reaffirm their will to move forward together towards a governance model that places privacy at the heart of the digital ecosystem, consolidating a framework of rights that responds to the challenges of an increasingly interconnected and technologically complex society.