46th APPA Forum — Communiqué

APPA members and invited observers at the Barceló Karmina Palace Hotel in Manzanillo, Mexico

The 46th Asia Pacific Privacy Authorities (APPA) Forum was hosted by the National Institute for Transparency, Access to Information and Personal Data Protection (INAI), Mexico, on 30 November – 2 December 2016.

Delegates discussed a variety of issues over the course of three days. Here are some selected highlights.

New member

The APPA Forum welcomed the National Privacy Commission of the Republic of the Philippines as APPA’s 20th member.

Day one (broader session)

The Forum began with an opening ceremony officiated by the Governor of the State of Colima, Ignacio Peralta. The opening ceremony was followed by a broader session for the APPA Forum, which included a keynote speech by Professor Joseph Cannataci, UN Special Rapporteur on the right to privacy, who highlighted that privacy is more than a material good, it is a universal and fundamental human right. He also urged countries “not to reinvent the wheel”, but to look at models and regulations that are already in place and only need better enforcement.

The keynote speech was followed a panel on international cooperation in which participants agreed that despite differences between privacy laws, international cooperation is key to internationally uphold the right to privacy and to foster trust among communities.

Afterwards, there was another panel on self-regulation schemes. According to participants, all businesses, either big or small, have to put in place self-regulation schemes to avoid the misuse of personal data. In the case of privacy authorities, they must be able to hold businesses accountable in order to ensure proper data management. At the same time, privacy authorities should help these same businesses to adopt integral regulations to foster transparency.

Participants in the broader session included APPA members and observers, data protection authorities from other regions, Mexican authorities (from the three levels of government), leaders from the intelligence and law enforcement communities, representatives from various chambers of commerce, financial services, law firms, university students, and different stakeholders specialized on data protection, privacy and technology developments,

Day two (members-only, closed and broader sessions)

Day two continued the broader session with a panel on dispute resolution and the effective advancement of the right to personal data protection. Panelists agreed that nowadays there are different mechanisms to address citizens’ complaints regarding the use of their data, such as live-chats and social networks. However, it is also necessary to empower citizens by giving them the necessary knowledge and training to use such mechanisms.

The APPA Forum continued with a members-only session. Discussions during the members only session focused on these topics: regulatory oversight and enforcement; national security, surveillance and disclosures to law enforcement; legal reforms; digital disruption; stakeholder engagement and privacy awareness and compliance; and innovative education and outreach strategies.

During this session the APPA Governance Committee presented a report summarizing items in relation to its activities. The Communications Working Group provided a summary of the planned publication of different educational resources by APPA members, including on these topics: the protection of privacy and the handling personal information; big data; de-identification; transparency; mobile device apps; Internet of Things; health data; cybersecurity; and surveillance. The Privacy and Technology Working Group reported its progress  in looking at Common or Baseline Security Measures. Members agreed to continue discussions on this subject in further meetings.

The members-only session was followed by a closed session attended by APPA members and invited observers. Discussion in this session focused on the EU General Data Protection Regulation, the mechanics of information sharing in investigations, and on privacy and consent.

Day two also contained parallel session items for attendees to the broader session:

  • a panel on law enforcement and the processes of verification, inspection and sanction;
  • a conference on “Mexico’s General Act of Personal Data Protection: Challenges and Scope”;
  • A conference on “Cybersecurity as a National Matter” for members of the National System for Transparency, Access to Information and Personal Data Protection; and
  • meetings of the Committees of Mexico’s National System for Transparency.

Day three (closed and parallel sessions)

The closed session continued on day three. APPA members heard global privacy updates and developments including perspectives from the International Conference of Data Protection and Privacy Commissioners, the Global Privacy Enforcement Network, the Ibero-American Data Protection Network, among others. APPA members also discussed the topic of de-identification, and shared information on how privacy and data protection authorities can measure complainant/respondent satisfaction.

Simultaneously, the parallel session consisted of a workshop on Mexico’s General Act of Personal Data Protection limited to the members of Mexico’s National System for Transparency.

The APPA Members also agreed to accept the invitation of the OECD to cooperate with the OECD’s Privacy Metrics Project. The APPA Working Group on Comparative Privacy Statistics will report back to the APPA 47th Forum in Sydney, Australia on this matter.

Commissioner arrivals and departures

The meeting recognized the following appointments in member authorities since the last meeting:

  • Drew McArthur has been appointed the Acting Information and Privacy Commissioner for British Columbia; and
  • Timothy Pilgrim has been appointed as the Australian Information Commissioner and re-appointed as the Australian Privacy Commissioner.
  • Gabriel Lim has been appointed Commissioner for Singapore.

Next meetings

The 47th APPA Forum will be hosted by the Office of the Australian Information Commissioner and will take place from 10–11 July 2017. A side conference, Data + Privacy Asia Pacific, will also be held the following day on 12 July 2017 and on 13 July there will be a workshop on investigation and dispute resolution.

The 48th APPA Forum will be co-hosted by the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia and will take place in Vancouver on November 15 – 17, 2017.

46th APPA Forum attendees

Officials from the following member authorities participated in the meeting:

  • Office of the Australian Information Commissioner
  • Office of the Information and Privacy Commissioner for British Columbia
  • Office of the Privacy Commissioner of Canada
  • Superintendence of Industry and Commerce of Colombia
  • Privacy Commissioner for Personal Data, Hong Kong
  • Personal Information Protection Commission, Japan
  • Korea Internet & Security Agency (KISA)
  • Personal Information Protection Commission, Korea
  • Office for the Personal Data Protection, Macau
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico – Host
  • Office of the Privacy Commissioner,  New Zealand
  • National Privacy Commission, Philippines
  • Personal Data Protection Commission, Singapore
  • Federal Communications Commission, United States
  • Federal Trade Commission, United States
  • Office of the Commissioner for Privacy and Data Protection, Victoria

Officials from the following organizations attended the meeting as observers:

  • United Nations
  • European Commission
  • European Union (European Data Protection Supervisor)
  • National Commission on Informatics and Liberty of France
  • Spanish Data Protection Agency
  • UK Information Commissioner’s Office
  • Ministry of the Interior of Korea