Data Privacy Authorities (DPAs) 2017: Growing Significance of Global Networks

(2017) 146 Privacy Laws & Business International Report, 14-17

UNSW Law Research Paper No. 17-44

8 Pages Posted: 28 Jun 2017 Last revised: 13 Jul 2018

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: March 15, 2017


This article considers the roles of data protection authorities (DPAs), or as they are sometimes called 'privacy enforcement agencies' (PEAs), and the associations they form. The article is based on data from the 2017 Global Tables of Data Privacy Laws and Bills at

The DPA Hall of Shame is reserved for countries which, having undertaken in their data privacy legislation to appoint a data protection authority, fail to do so. There are three important escapees in 2015-16, but at least five countries remain there after quite some years. Twelve data privacy Acts don’t provide for a specialised data protection authority at all, but leave data privacy enforcement up to other State institutions.

The remaining 100 countries from the 120 with data privacy laws, all have functioning data protection authorities (DPAs). This article analyses the networks and associations of various types, of which these DPAs are members, and their expansion since 2015. The article analyses such networks as being of three types.

First is policy-oriented networks, of which there are many regional examples (but a few regions without them), including a new African association. In addition, the ICDPPC (International Conference of Data Protection and Privacy Commissioners), the longest established DPA organisation, now has as members approximately 90% of national DPAs globally that are eligible to have joined.

There are also enforcement networks, of which GPEN, the Global Privacy Enforcement Network, is the largest with members from 47 countries. There is also an APEC enforcement network, and one which is a sub-network of ICDPPC.

The third category is networks under some international agreements, of which the largest such grouping is the Consultative Committee of Council of Europe Convention 108, and the most significant is the EU’s Article 29 Working Party.

There are seven DPAs that are not part of any of these networks, and Canada is the most prolific ‘joiner’. The article concludes with some observations about the accountability of DPAs and ways in which it can be measured.

Keywords: Privacy, Data Protection, DPAs

Suggested Citation

Greenleaf, Graham, Data Privacy Authorities (DPAs) 2017: Growing Significance of Global Networks (March 15, 2017). (2017) 146 Privacy Laws & Business International Report, 14-17, UNSW Law Research Paper No. 17-44, Available at SSRN:

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics