Skip to main content
You are here: News


The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.


FTC Publishes Staff Report on Exploratory Research Examining Consumer Recognition of Paid Search and Native Advertising Online

The Federal Trade Commission today released a staff report that summarizes agency-commissioned research from 2014-2015. The research explores consumer recognition of paid search advertising and “native advertising” that resemble news, feature articles, product reviews, entertainment, or other non-advertising online content.

The study provides insights into how consumers perceive search and native ads and how modifications to disclosures, including to disclosure language, position, text size, and color and to other visual cues such as borders and background shading, may enhance consumers’ recognition of these ads.

The study compared a test group of consumers’ reactions to ads on a series of web pages with another test group’s reactions to the same ads with modified disclosures to improve their prominence, legibility, or clarity. The study tested an equal mix of ads that consumers viewed on either a desktop computer or smartphone and measured their eye movements as they looked at the web pages.

The results of the study suggest that using some commonsense disclosure techniques like those discussed in existing FTC staff guidance to search engines and to native advertisers can greatly increase the likelihood that search and native ads are recognizable as ads to consumers.

The Commission vote approving the staff report was 2-0. (The staff contact is Laura Sullivan, Bureau of Consumer Protection, 202-326-3327)

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
15 Dec 2017, 11:00pm AEDT

FTC Requires Retail Fuel Station and Convenience Store Operator Alimentation Couche-Tard Inc. and its affiliate CrossAmerica Partners LP to Divest 10 Fuel Stations in Minnesota and Wisconsin as a Condition of Acquiring Holiday Companies

Retail fuel station and convenience store operator Alimentation Couche-Tard Inc. and its affiliate CrossAmerica Partners LP have agreed to divest 10 fuel stations in Minnesota and Wisconsin to settle Federal Trade Commission charges that ACT’s proposed acquisition of Holiday Companies would violate federal antitrust law.

The FTC’s settlement with ACT and CAPL preserves competition in 10 local markets within the following cities: Aitkin, Hibbing, Minnetonka, Mora, Saint Paul, and Saint Peter in Minnesota; and Hayward, Siren, and Spooner in Wisconsin. Without the divestitures, the FTC alleged, the acquisition would likely substantially lessen competition, likely leading to higher retail prices in these markets.

Under the terms of the acquisition, ACT will acquire from Holiday Companies approximately 380 retail fuel outlets with attached convenience stores in 10 states. ACT agreed to two other packages of divestitures earlier this year in connection with separate mergers, one in June, and one in November.

Retail fuel markets that sell gasoline and diesel fuel are frequently small and highly localized. The complaint alleges that without a remedy, ACT’s acquisition of Holiday would reduce the number of independent market participants from 3 to 2 or 4 to 3 in each of the 10 local markets. According to the complaint, the acquisition would increase the likelihood that ACT and CAPL will unilaterally exercise market power in all 10 markets, and the likelihood of successful coordination among the remaining firms in 8 of the 10 markets.

Under the terms of the consent agreement with ACT and CAPL, the companies are required to identify a buyer or buyers that are acceptable to the Commission within 120 days after the transaction closes, and to divest the 10 retail fuel stations. The agreement also requires ACT and CAPL to maintain the economic viability, marketability, and competitiveness of each station until the divestiture is complete.

Further details about the consent agreement, which includes an asset maintenance order and allows the Commission to appoint a monitor, are set forth in the analysis to aid public comment for this matter.

The Commission vote to issue the complaint and accept the proposed consent order for public comment was 2-0. The FTC will publish the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through Jan. 15, 2018, after which the Commission will decide whether to make the proposed consent order final. Comments can be filed electronically or in paper form by following the instructions in the “Supplementary Information” section of the Federal Register notice.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $40,654.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
15 Dec 2017, 11:00pm AEDT

Notifiable Data Breaches scheme resources finalised

Following consultation, the Notifiable Data Breaches (NDB) scheme resources have been finalised. You can view all of the resources on our NDB webpage.

Office of the Australian Information Commissioner
Source: News - OAIC
15 Dec 2017, 2:59am AEDT

Statement from Acting FTC Chairman Maureen K. Ohlhausen on the FCC’s Approval of the Restoring Internet Freedom Order

Federal Trade Commission Acting Chairman Maureen K. Ohlhausen issued the following statement in response to today’s vote by the Federal Communications Commission (FCC) on the Restoring Internet Freedom Order:

“The FCC’s action today restored the FTC’s ability to protect consumers and competition throughout the Internet ecosystem. The FTC is ready to resume its role as the cop on the broadband beat, where it has vigorously protected the privacy and security of consumer data and challenged broadband providers who failed to live up to their promises to consumers. In addition, the FCC’s new transparency rules provide additional tools to help ensure that consumers get what they expect from their broadband providers, who will be required to disclose their traffic management practices. The Memorandum of Understanding establishes a framework for FTC-FCC cooperation. Together we will move ahead to protect consumers and help ensure they enjoy the many benefits of online innovation.”

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357).  Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resource.

Federal Trade Commission, United States
Source: Press Release Feed
14 Dec 2017, 11:00pm AEDT

What the Notifiable Data Breaches scheme means for schools

The Notifiable Data Breaches (NDB) scheme comes into effect on 22 February 2018, and private schools and private tertiary educational institutions across Australia will be required to comply.

Office of the Australian Information Commissioner
Source: News - OAIC
6 Dec 2017, 3:43am AEDT

Speech to the IoT/Big Data Healthcare Summit, Western Canada

I’m here today as BC’s Acting Information and Privacy Commissioner to offer my perspective on Big Data and the Internet of Things…. well, let’s be honest and call it what it really is - the Internet of EVERYthing. From the rubber ducky in your child’s bathtub to your smart tea kettle, connected devices truly are everywhere.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
30 Nov 2017, 7:00am AEDT

New guidance available to physicians on privacy and security of patient records

The Office of the Information and Privacy Commissioner for BC, the BC College of Physicians and Surgeons, and Doctors of BC have released a joint guidance document to assist physicians who work in private practice. The BC Physician Privacy Toolkit describes the privacy issues associated with the collection, use, disclosure, retention, and protection of personal information.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
29 Nov 2017, 7:00am AEDT

PDPC Investigating Complaints Against School

Forum reply on The Straits Times, 27 November 2017

The Personal Data Protection Commission (PDPC) takes all alleged violations of the Personal Data Protection Act (PDPA) very seriously and will look into such feedback (Little action taken against flouting of data protection rules, by Mr Terence Lim; Nov 23).

We will not hesitate to take the necessary regulatory action if we ascertain that a breach had occurred.

Mr Lim first came to the PDPC in May to complain about receiving unsolicited marketing e-mails from Aventis School of Management (ASM).

The PDPC resolved Mr Lim's initial complaint immediately by taking up the issue with ASM's data protection officer, and getting ASM to remove Mr Lim's e-mail address from its marketing list.

Mr Lim then furnished the PDPC with more information about ASM's data collection practices which may have breached the PDPA.

The PDPC is currently investigating these additional complaints.

Contrary to Mr Lim's claim, our officers have been corresponding with him to keep him updated on the outcome of our investigations.

We seek his patience on the matter.

Evelyn Goh (Ms)
Director, Communications & Policy
Personal Data Protection Commission

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
27 Nov 2017, 12:00pm AEDT

GPs, gyms, and childcare centres may have obligations under the Notifiable Data Breaches scheme — will your organisation?

Private sector health service providers will be required to notify affected individuals and the Australian Information Commissioner of data breaches that are likely to cause serious harm under the Notifiable Data Breaches (NDB) scheme.

Office of the Australian Information Commissioner
Source: News - OAIC
13 Nov 2017, 11:37pm AEDT

Chicken catching organization not authorized to surveil employees, Commissioner finds

In an investigation report released today, Acting Information and Privacy Commissioner Drew McArthur found a BC chicken catching organization was not authorized by the Personal Information Protection Act (PIPA) to collect the personal information of employees, farmers and other contractors via video and audio surveillance.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
9 Nov 2017, 7:00am AEDT

Public Consultation on Proposed Revised Advisory Guidelines on NRIC Numbers

The PDPC has launched a public consultation to seek feedback on the proposed revisions to the chapter on NRIC numbers in the Advisory Guidelines on the PDPA for Selected Topics, as well as the proposed accompanying technical guide. 

Please download the media documents here:

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
7 Nov 2017, 5:00pm AEDT

Keynote Speech by Mr Yeong Zee Kin, Deputy Commissioner of PDPC, at the 39th International Conference of Data Protection and Privacy Commissioners on Thursday, 28 September 2017, at the Kowloon Shangri-La Hotel, Hong Kong

Mr Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong,
Distinguished Guests,
Ladies and Gentlemen,

Singapore’s Personal Data Protection Philosophies – Pivoting from Compliance to Accountability to Support Innovation

1. The ICDPPC is the premier forum to discuss data protection and privacy issues bringing together regulators, policy makers and industry. It is a privilege for me to address you today on the topic of “Data Protection in Asia”. There is no better place than Hong Kong for us to juxtapose the data protection philosophies of the Eastern and Western hemispheres. I am delighted to be able to share Singapore’s perspectives with this august audience.

2. Briefly, there is a bundle of common law rights and statutory torts that collectively form an incipient branch of law on privacy in Singapore. For example, the right to seclusion is probably covered by the statutory tort in our Prevention of Harassment Act; and the right to prevent publication of private communication is likely to be a common law tort. A key feature of privacy law in Singapore is that it is enforceable by private civil action in the courts. The Commission administers and enforces our data protection law and it is to this topic that I devote the bulk of my speech to.

Personal Data Protection Built on Economic Fundamentals

3. Economies in Asia have diverse cultural, political and legal traditions. But even in the midst of diversity, there is a significant degree of similarities. One that comes immediately to mind is our drive for advancement in the economic sphere. Another is that our students always seem to do well in mathematics and science.

4. It is important to integrate our pursuit of personal data protection into our national economic agenda. This provides the impetus for consumers and businesses to start a dialogue about the expected standards for personal data protection. This dialogue should be constructive; data protection authorities have a role to play in facilitating the conversation and contributing to building a positive reinforcement loop. The ultimate goal is often the same with other economies that have different privacy traditions. We all strive to permit the innovative use of data that leads to better products and services for customers, while concomitantly providing assurance to consumers that their personal data are handled with utmost care and respect.

5. Singapore recognises that a robust data protection regime is an important foundation for the Digital Economy. In the Digital Economy, data is a strategic asset for companies. Data can help companies optimise the way they operate, improve existing products and services, or to innovate new ones. We believe that amplifying the level of trust between consumers and businesses is crucial for promoting innovation. In order to build an ecosystem of trust, we must reach beyond pro forma compliance with data protection laws, which is a necessary condition but no longer a sufficient condition in today’s competitive and data-driven landscape.

Pivoting from Compliance to Accountability  

6. We have started our pivot from compliance to accountability. In our view, accountability is an organisation’s promise to customers that their personal data will be handled respectfully and carefully. It is about being able to demonstrate to customers that measures which pre-emptively identify and address risks to personal data have been put in place. We see our pivot from compliance to accountability to encompass the following:

  • We have to move towards a regime that places paramount emphasis on the integration and observance of data protection standards as part of its business-as-usual processes and practices. This requires a fundamental shift in corporate cultural. 
  • To provide practical assistance to businesses and non-profit organisations, we will promote the adoption of accountability tools like risk assessments, data protection management programmes and consent registers. These tools will assist in the translation of concept to practice.
  • We see the corporate-and-consumer dialogue to be an important component of accountability. Businesses can communicate with their customers through multiple channels. We believe that a data protection trust mark is both a statement and a promise to customers. When data breaches happen, we view consumer breach notifications as a way that businesses can speak directly to their customers. In addition to email, online forum and chat bots, we believe that online dispute resolution can be an effective way of neutral-assisted dialogue to resolve customer dissatisfaction.
  • Prevention is better than cure, as the saying goes. Thus, we will be promoting and encouraging the adoption of data protection by design practices and privacy enhancing technologies in system and process design.
  • Ours is a system that relies on consent as the basis for processing. This has resulted in some less than ideal practices. In cases we have investigated, we have come across broad consent clauses. In one published decision, we did not allow a company to hide behind a broadly drafted consent clause. We need to de-emphasise and discourage reliance on broad ex-ante consent and provide parallel bases for the collection, use and disclosure of personal data.

7. In July 2017, Singapore’s Minister of Communications and Information, Dr Yaacob Ibrahim, announced a three-stage process to help companies along this journey from compliance to accountability.

First stage – Guides and Tools on Data Protection Management Programme and Data Protection Impact Assessments

8. In the first stage of the pivot towards accountability, the Commission will be producing guides and an online assessment tool to assist companies. We are finalising our guides to assist companies to put in place Data Protection Management Programmes and to help businesses conduct Data Protection Impact Assessments.

9. These are accountability and data protection by design tools. But it is equally important for organisations to discover where the gaps are before they start using these tools. To assist with the gap analysis, we are making available a PDPA Assessment Tool for Organisations. This is a free online resource that organisations may use to identify gaps in their data protection management. The Assessment Tool will provide suggestions and recommend resources, such as our advisory guidelines and other guides, that Data Protection Officers may refer to. When used in conjunction with the DPMP guide, a DPO will be able to make strategic decisions about what interventions are necessary to bridge the gaps that have been identified.

Second stage – Data Protection Trust Mark

10. In the second stage, we will launch a Data Protection Trust Mark certification scheme by the end of 2018. In a survey conducted last year, we found that 4 in 5 consumers would be more confident transacting with an organisation that holds an accreditation for meeting personal data protection standards. The Trust Mark can be seen as a recognition that an organisation has put in place accountability practices that go beyond a checklist approach to compliance. We will also recognise adoption of DP by Design practices. We have plans to integrate the APEC CBPR and PRP registrations into the Trust Mark application. We hope that this will encourage and assure the flow of data between trusted companies, both domestically and globally, thereby creating a network of trust.

Third stage – PDPA Review

11. In the third and final stage of our journey to accountability, the Commission plans to allow for a more progressive approach to collecting, using and disclosing personal data, while also providing greater transparency when data breaches occur. We have recently initiated the first phase of the review of our Act, to ensure that the regulatory environment remains relevant as technological developments have significantly changed how personal data is generated and collected today. When we first started to put our Act together, user-provided personal data formed the majority; today, user-provided data forms a diminishing set that sits alongside data generated by user activity and observable data, both of which are growing at an increasing pace.

12. Our ongoing public consultation solicits feedback on proposed enhancements to our framework for the collection, use and disclosure of personal data, and a mandatory data breach notification framework. There will be other consultations as we work towards the amendment.

Regulatory sandbox

13. I have shared that our view of accountability encourages dialogue between business and consumers. It will be hypocritical if we do not also engage in conversation. Therefore, the Commission is prepared to work with companies who have adopted accountability practices to create regulatory sandboxes so that they are not held back from deploying technological and business innovations. Working with consumers, stakeholders and businesses to construct sandboxes will allow us to understand how our proposed changes to the Act might work in practice. This in turn informs us as we fine-tune the details before the Act is amended. This should help us craft a set of amendments to our Act that will be relevant in the Digital Economy.

14. Details of the regulatory sandbox may be found in a recently released guide to data sharing. This guide sought to debunk the myth that the Act prohibits data sharing and also provided a framework for applications to the PDPC to exempt data sharing arrangements from specific obligations under the Act.


15. The ultimate goal of our shift from compliance to accountability is to establish a high level of consumer trust as the bedrock of our data protection regime, thereby enabling data innovation in Singapore’s Digital Economy. We look forward to working with businesses to build a trusted ecosystem to optimise the opportunities and rewards of data innovation.

16. On this note, I would like to thank the ICDPPC and the Government of the Hong Kong Special Administrative Region, China for the opportunity to speak, and for the successful organisation of the 39th Conference. I wish you all a most thought provoking conference ahead.

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
28 Sep 2017, 8:00pm AEST

PCPD Joins Hands with Members of the Asia Pacific Privacy Authorities to Promote Privacy Awareness

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
29 Apr 2016, 10:00am AEST

A Community Service Order was imposed on an Insurance Agent for Using Personal Data in Direct Marketing without Consent

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
25 Apr 2016, 10:00am AEST