The Privacy Enforcement Network was established to foster cross-border co-operation among privacy authorities.


GPEN and do not contact individual consumers via phone or email. Scammers may claim to be from this website when contacting you. Do not send money, give financial information, or follow instructions to enter commands into your computer if you are contacted by someone claiming to be from this site. Please report these impostors contacts to your authorities, or to

Our mission

In June 2007, OECD governments adopted a Recommendation on Cross-border Cooperation in the Enforcement of Laws Protecting Privacy.  The Recommendation called for member countries to foster the establishment of an informal network of Privacy Enforcement Authorities [para. 21]. It further specified a number of tasks for the network:

  • Discuss the practical aspects of privacy law enforcement co-operation;
  • Share best practices in addressing cross-border challenges;
  • Work to develop shared enforcement priorities; and
  • Support joint enforcement initiatives and awareness campaigns.

In the summer of 2008, privacy authorities began to exchange experiences and discuss the practical aspects of enforcement cooperation via a Web utility.

Action Plan for the Global Privacy Enforcement Network (GPEN)

GPEN Action Plan (adopted 15 June 2012; Part E amended 22 January 2013)


  • Albania: Information and Data Protection Commissioner (IDP)
  • Argentina: Dirección Nacional de Protección de Datos Personales (National Directorate for Personal Data Protection)
  • Armenia: Personal Data Protection Agency, Republic of Armenia Ministry of Justice
  • Australia: Office of the Australian Information Commissioner; Office of the Commissioner for Privacy and Data Protection (CPDP), Victoria; Office of the Information Commissioner, Queensland; Information and Privacy Commission, New South Wales; Northern Territory Information Commissioner
  • Belgium: Data Protection Commission
  • Bulgaria: Bulgarian Commission for Personal Data Protection
  • Canada: Office of the Privacy Commissioner of Canada; Information and Privacy Commissioner, Alberta; Information and Privacy Commissioner of British Columbia; Office of the Information and Privacy Commissioner for Nova Scotia ; Information and Privacy Commissioner, Ontario; Information and Privacy Commissioner, Saskatchewan
  • China (Special Administrative Regions): Office for Personal Data Protection, Macau; Privacy Commissioner for Personal Data, Hong Kong
  • Colombia: Superintendence of Industry and Commerce of Colombia
  • Czech Republic: Office for Personal Data Protection of the Czech Republic
  • European Union: European Data Protection Supervisor
  • Estonia: Estonian Data Protection Inspectorate
  • France: Commission Nationale de l’Informatique et des Libertés (CNIL)
  • Germany: Federal Data Protection Commission; Berlin Commissioner for Data Protection and Freedom of Information
  • Georgia: The Office of the Personal Data Protection Inspector of Georgia
  • Ghana: Data Protection Commission of Ghana
  • Gibraltar: Gibraltar Regulatory Authority
  • Guernsey: Office of the Data Protection Commissioner
  • Hungary: National Authority for Data Protection and Freedom of Information (NAIH)
  • Ireland: Office of the Data Protection Commissioner
  • Isle of Man: Data Protection Commissioner
  • Israel: The Israeli Law, Information and Technology Authority
  • Italy: Garante Per La Protezione Dei Dati Personali
  • Japan, Personal Information Protection Commission
  • Jersey: Office of the Information Commissioner
  • Republic of Korea: Ministry of Public Administration and Security; Korea Internet Security Agency; Personal Information Protection Commission 
  • Kosovo: National Agency for Personal Data Protection
  • Lithuania: The State Data Protection Inspectorate 
  • Luxembourg: Commission nationale pour la protection des données (CNPD)
  • Macedonia: Personal Data Protection Directorate of the Republic of Macedonia
  • Malta: Office of the Information and Data Protection Commissioner
  • Mauritius: Data Protection Office of the Republic of Mauritius
  • Mexico: Federal Institute for Access to Information and Data Protection (IFAI)
  • Moldova: Moldova Data Protection Authority
  • Monaco: the Commission de Contre le des Informations Nominatives (personal data supervisory commission) of Monaco
  • Morocco: Commission Nationale de contrôle de la protection des Données à caractère Personnel
  • Netherlands: Dutch Data Protection Authority; The Netherlands Authority for Consumers and Markets (ACM)
  • New Zealand: Office of the Privacy Commissioner
  • Norway: Data Protection Authority
  • Philippines: National Privacy Commission
  • Poland: Office of the Inspector General for the Protection of Personal Data (GIODO)
  • Singapore: Personal Data Protection Commission
  • Slovenia: Information Commissioner
  • Spain: Agencia Española de Protección de Datos; Catalan Data Protection Authority
  • Switzerland: Federal Data Protection and Information Commissioner
  • Turkey: Turkish Personal Data Protection Authority
  • Ukraine: Office of the Parliamentary Commissioner for Human Rights
  • United Arab Emirates: Abu Dhabi Global Market Registration Authority
  • United Kingdom: Information Commissioner’s Office (ICO)
  • United States: Federal Communications Commission (FCC); Federal Trade Commission (FTC); Attorney General, State of California

Apply to GPEN

Request to Participate Guidelines

Public privacy enforcement authorities interested in participating in GPEN should send an "intent to participate" to the GPEN Committee that:

  1. Identifies the name of the authority and the country in which it is located, and indicates its status as a public authority;
  2. Indicates that the authority has the power* to conduct investigations and/or pursue enforcement proceedings with regard to laws or regulations the enforcement of which has the effect of protecting personal data; and
  3. Endorses the GPEN action plan, and designates a point of contact pursuant to the plan.

Please forward the requested information to the members of the GPEN Committee (below) with the Contact us form.

[*Note for applications during implementation phase of new privacy laws: The GPEN Committee will usually accept notice of intent from a public authority on which powers of investigation or enforcement have been conferred by law even where the enforcement powers have not yet commenced in operation so long as a fixed commencement date exists. In such cases, the position should be explained in the notice of intent and the fixed commencement date stated. The Committee welcomes such applications but acceptance is in the discretion of the Committee.]

Guilherme Roschke
Counsel for International Consumer Protection, Office of International Affairs
U.S. Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580, USA
+1 202 326-3677

Alain Kapper 
Senior Policy Officer (International) 
Information Commissioner's Office 
Wycliffe House
Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom 
+44 1625 545645

Sharon Azarya
Israeli Law, Information and Technology Authority (ILITA)
P.O.Box 7360, Tel Aviv 61072, Israel

Michael Maguire
Manager Investigations, Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC
+1 819 994 6240

Aki Cheung Senior Personal Data Officer, Office of the Privacy Commissioner for Data Protection, Hong Kong 12/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong. + 852 3423 6670 

You will be contacted by one of the individuals above regarding your request to participate.

Any questions? Contact us.