49th APPA Forum — Communiqué

The United States Federal Trade Commission (“FTC”) hosted the 49th Asia Pacific Privacy Authorities (APPA) Forum on 25 and 26 June 2018 in San Francisco, California.

Over two days, APPA members and invited guests discussed global privacy trends, exchanged domestic experiences and sought opportunities for cooperation on education and enforcement activities across the Asia Pacific Region.

The Forum was organized with the support of the five-member APPA Governance Committee and was attended by fifteen (15) APPA member authorities.

Day One (members-only and closed sessions)

The first day began with the presentation of members’ jurisdiction reports and their common themes. These themes included compliance and enforcement, international collaboration, law reform, and outreach and publications.  Members suggested the Governance Committee explore ways to assess and improve mechanisms for investigatory cooperation among APPA regulatory authorities.

The APPA Governance Committee provided its update on Forum planning and recent administrative matters.  The Communications Working Group presented its reports on Privacy Awareness Week, educational publications and social media guidance. The Technology Working Group updated APPA members on its work on recruiting new members to the Working Group in order to increase its representation.  A list of new publications relating to technological matters issued by the Working Group members was also tabled for APPA members’ reference. The Working Group on Comparative Privacy Statistics presented a brief report following a review of e-learning services in New Zealand.  An update on two projects being undertaken by the Working Group alongside the ICDPPC Data Protection Metrics Working Group was also provided.

Day One also included discussions on the following topics:

  • online reputation, including a presentation by OPC-Canada;
  • artificial intelligence, based on presentations by the PCPD, OVIC; PDPC;
  • privacy authorities’ technological research capabilities, and possibilities for future collaboration, led by the FTC and the OPC-Canada;
  • approaches to managing data breach notifications, following presentations by the Cal DOJ, the UK ICO, and the OAIC; and
  • ongoing investigations by APPA members.

APPA members shared global privacy updates and developments. These included reports on the Global Privacy Enforcement Network’s initiatives; the Asia-Pacific Economic Cooperation forum’s meeting in Papua New Guinea earlier this year; the ongoing projects of the International Conference of Data Protection and Privacy Commissioners; and updates on the Ibero-American Network of Data Protection, the Common Thread Network, and the International Working Group on Data Protection in Telecommunications.

The day concluded with a presentation by the host of the 50th APPA meeting:  the Office of the Privacy Commissioner, New Zealand.

Day Two (broader session)

Day Two consisted of three panels and two presentations.  The first panel addressed the United States’ multi-faceted approach to privacy and data security, with discussion among panelists from federal and state enforcers, as well as from a private law firm.

Next, there was a presentation by an academic researcher on the “Internet of Listening Things,” which explored the collection of personal information through internet-connected devices as well as consumer expectations about the privacy and security of connected toys.

Another presentation by a representative of the City of San Francisco showcased the city’s initiatives to allow the use of government data for public interest purposes while also maintaining appropriate privacy safeguards.

In the afternoon, one panel examined the privacy challenges faced by start-ups and small businesses.  Panelists from a law firm, two companies, and a business advisory group discussed the compliance hurdles and tradeoffs encountered by start-ups and growing companies, as well as what resources regulators can usefully provide.

The final panel of the day looked at the elements of accountable and interoperable cross-border data flows, as viewed by representatives of multinational corporations who depend on global data transfers and must navigate myriad global transfer requirements.

Commissioner arrivals and departures

The meeting recognised the following appointments and departures in member authorities:

  • Angelene Falk was appointed Acting Australian Privacy Commissioner after the retirement of Commissioner Timothy Pilgrim.
  • Michael McEvoy was appointed Information and Privacy Commissioner for British Columbia, taking over from Acting Commissioner Drew McArthur.
  • Joseph Simons has been appointed Chairman of the Federal Trade Commission, replacing Acting Chairman Maureen Ohlhausen.
  • Sven Bluemmel was appointed the Victorian Information Commissioner.
  • Jong-in Yoon replaced Chae-ho Rheem as a standing commissioner of the Personal Information Protection Commission of the Republic of Korea.

Next meetings

The 50th APPA Forum will be hosted by the Office of the Privacy Commissioner, New Zealand on 3-4 December 2018.

49th APPA Forum attendees

  • Federal Trade Commission, United States (host)
  • Office of the Australian Information Commissioner (OAIC)
  • Office of the Privacy Commissioner, New Zealand (OPC-NZ)
  • Office of the Information and Privacy Commissioner for British Columbia
  • Office of the Privacy Commissioner of Canada (OPC-Canada)
  • Superintendence of Industry and Commerce of Colombia
  • Office of the Victorian Information Commissioner (OVIC)
  • Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)
  • Personal Information Protection Commission, Japan
  • Korea Internet & Security Agency
  • Personal Information Protection Commission, Republic of Korea
  • Office for Personal Data Protection, Macao, China
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • National Privacy Commission, Philippines
  • Personal Data Protection Commission, Singapore (PDPC)

Officials from the following organizations attended the meeting as observers:

  • Information Commissioner’s Office, UK (UK ICO)
  • California Department of Justice (Cal DOJ)
  • Washington State Office of the Attorney General (Wash AG)