Data protection beyond borders: a milestone for international organisations

In today's world, personal data moves faster and farther than ever before. A humanitarian organisation operating in a conflict zone, a global health agency managing a pandemic, or a digital platform cooperating with international organisations, all handle personal data that crosses borders, jurisdictions, and legal systems.

Yet, data protection remains a fundamental right, no matter where you live or who is handling your data. The challenge? Ensuring that right is upheld globally, even when laws differ, political contexts vary, and technological tools evolve at lightning pace. This is not a hypothetical debate. It is a daily reality for many international organisations, from humanitarian responders to peacekeepers, health researchers, and financial watchdogs. They are often operating in legal grey zones, outside the reach of national laws and under their own specific legal framework, but very much inside the real lives of people.

To address these challenges, a global cooperation and an in-depth dialogue on best practices on data protection are fundamental. On 25-26 September 2025, for the 20th anniversary of this initiative, I attended the International Organisations Workshop on Data Protection (IOW), co-organised by the EDPS and UNESCO at their premises in Paris. Since 2005, the EDPS has been holding the International Organisations Workshop, an informal but powerful forum where international organisations come together to tackle the very practical questions they face:

• How to protect individuals' data and share information across international organisations while preserving their neutrality and independence?
• How to rely on efficient digital IT solutions that will not infringe on people's fundamental rights to privacy and data protection?
• How to ensure that data flows across multiple jurisdictions do not undermine the level of protection of people's privacy?

These are not just legal puzzles, they are also moral ones. Getting the answers right matters to the people behind the data: patients, refugees, civil servants, employees of these organisations, children, and citizens.

What began as a small gathering of like-minded institutions has now grown into a global forum. In 2024, the Workshop crossed the Atlantic for the first time, bringing EU and international partners together in Washington, D.C. This year, I am delighted for the opportunity and support of UNESCO, our co-host for 2025 edition of the workshop, which is part of our ongoing series of annual events held in collaboration with a rotating International Organisation and in a different location each year. In fact, 180 representatives of 86 International Organisations participated to this year's IOW.

As the discussion unfolded, it continued with an emphasis on the most urgent privacy challenges faced by international organisations today. Topics included high level exchanges on the safeguarding of privileges and immunities, of independence and neutrality, of digital sovereignty and of personal data in a rapidly changing geopolitical context. In times of profound technological and societal evolutions linked to AI, participants also discussed the impact of the development and use of AI systems in international organisations, their expected benefits but also the best practices developed to mitigate the risks posed by such systems. However, beyond the technical discussions, this was also about values: how to combine efficiency with ethics, independence with interoperability, security with fundamental rights.

The IOW provided also a space for critical reflection. What are the successful examples and best practices? Where are the gaps? What more can we do to build trust, not just between organisations, but also with the public whose data we hold?

The remainder of the two days event focused on practical issues that International Organisations face when handling their core business, whilst attempting to always uphold people's privacy rights. Therefore featuring in-depth sessions on anonymisation techniques, privacy compliance of IT tools, and the challenges of managing personal data flows across borders. Focus groups were also organised to work on a number of diverse subjects, such as risk management, data protection impact assessments (DPIAs), and how to respond effectively to individuals advocating for their data protection rights. The format of the sessions, which emphasised personal connections and dialogue, led to a more profound and engaging experience for participants, who were able to learn from each other's experiences and expertise in a more relaxed and interactive setting.

As I reflect on the IOW, I am proud to see the significant impact this initiative made over the years. The collective effort and active engagement of all participants have been essential in maintaining the momentum and ensuring that data protection remains a priority globally. As the European Data Protection Supervisor, my role is to ensure that EU institutions, bodies and agencies uphold and protect people's fundamental rights to privacy and data protection. I strongly believe that meaningful leadership is about building bridges, working together towards common goals. International cooperation is a powerful expression of that spirit: an open space for dialogue, mutual learning, and shared commitment to safeguard privacy, even in the most complex contexts.

At a time when trust in public institutions is more vital than ever, protecting people's data is not only a legal obligation, it is a cornerstone of legitimacy. Moreover, in an increasingly interconnected world, we must move beyond national or regional silos. Privacy and data protection must be protected not just within borders, but also across them. Because even when laws stop at the border, data - and the people behind it - do not.