- What is the International Standard for the Protection of Privacy and Personal Information?
- How was the Data Protection Standard developed and approved?
- Why was the Data Protection Standard amended?
At the request of its stakeholders, WADA developed an International Standard for the Protection of Privacy and Personal Information (Data Protection Standard), which went into effect on January 1, 2009.
The purpose of this Standard is to ensure that all relevant parties involved in anti-doping in sport adhere to a set of minimum privacy protections when collecting and using athlete personal information, such as information relating to whereabouts, doping controls and Therapeutic Use Exemptions. This is particularly important in the vast majority of the world where there is no or very little data protection legislation in place.
The initial idea was to be realistic and to start with a Standard that would provide athletes with appropriate and effective privacy protections all around the world. As with all WADA rules, this Standard is a living document that can be changed by WADA’s Executive Committee following proper consultation.
There has never been anything in the Standard to require any country to lower its level of privacy protection, as some questioned. On the contrary, the Standard provides that organizations based in Europe, for example, must respect their national laws and that those laws prevail over the Standard (as long as they are as rigorous as the Standard). Articles 4.2 and 5.1 of the Standard, for instance, make this clear.
The Data Protection Standard is not related to and does not affect therequirements set forth in the International Standard for Testing in terms of whereabouts requirements for the limited number of top elite athletes included by their International Sport Federation (IF) or National Anti-Doping Organization (NADO) in their respective registered testing pool.
These requirements are set forth in the 2009 World Anti-Doping Code and the 2009 International Standard for Testing, which were unanimously approved by WADA’s Executive Committee and Foundation Board, including representatives from European governments and the Council of Europe, respectively in November 2007 and May 2008. (For more information about whereabouts requirements, please consult the Q&A on Whereabouts.)
WADA led an extensive consultation process beginning in late 2007 involving key stakeholders, legal experts, international organizations,governments and privacy regulators from several countries, and circulated two draft versions of the Standard for comment. Stakeholders had nearly two years to submit comments and reactions to the Standard, and many did so.
WADA is a world-representative body and its decisions are made by representatives of all of the five continents of the world.
The Data Protection Standard was approved by WADA’s Executive Committee on September 20, 2008. Its approval was confirmed by WADA’s Executive Committee and Foundation Board (both composed in equal parts by representatives from the Sport Movement and governments of the world) at their November 2008 meetings and went into force on January 1, 2009.
In September and November 2008, European government representatives expressed concerns about the Standard and urged WADA to postpone its implementation. These representatives were given an opportunity, on more than one occasion, to explain why they felt postponement would be appropriate. Those explanations did not persuade the rest of the world, who voted unanimously, and after careful consideration and debate, to implement the Standard. Other continents and the Sport Movement felt that the Standard was needed and would be better than having no Standard, because the vast majority of the world has no laws protecting privacy and personal information.
The majority of WADA’s Executive Committee and Foundation Board felt that the Standard represented significant progress for many athletes and countries outside of Europe, and that it would benefit athletes from the rest of the world who would be getting the minimum protections afforded by the Standard despite the absence of any legislation within their own countries. This progress was remarked upon favourably by a number of individual data protection authorities in Europe.
Following submissions made by representatives of the European governments at WADA’s November 2008 Board meeting (and repeated at the Council of Europe meeting of Ministers in Athens in December 2008), WADA’s Management offered to meet any individual, any government, and any data protection expert in Europe to discuss the Standard.
In order to address concerns raised by a number of European governmental authorities in relation to the Data Protection Standard, WADA’s Management has met on numerous occasions with the European Commission, the Council of Europe, European governments and other European governmental authorities, to discuss possible enhancement of the Standard. WADA also provided extensive information and background materials, where requested to do so or where helpful to promote a better understanding of the Standard and the fight against doping.
As a result, a number of amendments were submitted, and subsequently approved on May 9, 2009, by WADA’s Executive Committee. These amendments, effective on June 1, 2009, primarily clarify the scope of the Standard application, as well as the obligation imposed on each anti-doping organization when dealing with data inthe fight against doping.
WADA remains fully committed to ensuring that European authorities remain fully briefed and receive accurate and up-to-date information about WADA’s activities and global anti-doping rules.