On this page:
- 02/11/2016 » Asia Pacific Privacy Authorities welcome new member Philippines
- 29/06/2016 » Asia Pacific Privacy Authorities welcome new member Japan
- 05/05/2014 » World leading online privacy law library gets big increase in capacity
- 06/12/2011 » People care about privacy on social networking sites: Survey by international privacy commissioners
Statements of common administrative practice
- Case Note Citation
- Case Note Dissemination
- Recommended Common Core Questions for Community attitude surveys
Statement of Objectives
Meeting in Auckland, on 6 December 2010, the Asia Pacific Privacy Authorities Forum resolved as follows:
- Privacy is a matter of growing international concern;
- Information networks closely connect people and organisations in our various economies regardless of physical borders and differing laws;
- Governments and business expect regulators to strive for efficient and effective solutions and that best practice requires privacy authorities to be aware of what similar regulators are doing;
- Privacy issues can emerge in one jurisdiction before others and that privacy authorities can benefit from an advanced warning system;
- Privacy authorities are increasingly being called upon to contribute to solutions to privacy breaches or policy challenges, that cross borders;
- There is limited specialised privacy resource in any one jurisdiction and that privacy authorities benefit from reaching abroad for information, inspiration and assistance;
- Participants in the forum will benefit from cooperation in information privacy knowledge sharing and technical resources;
- Endorsement of the APEC Privacy Framework in 2004 has provided a regional restatement of the importance of privacy and maintaining information flows;
- Adoption of the OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy in 2007 and the commencement of the APEC Cooperation Arrangement for Cross-border Privacy Enforcement (CPEA) in 2010 have re-emphasised the need for regional cooperative arrangements.
Therefore we resolve to:
- Continue the cooperative arrangements established in 1992 and encourage further participation from within the region
- maintain constructive relations with complementary networks including the International Conference of Data Protection and Privacy Commissioners, the APEC CPEA and the Global Privacy Enforcement Network.
And further resolve through the Forum to:
- Facilitate sharing knowledge and resources between privacy authorities in the region
- Foster cooperation in privacy and data protection
- Jointly promote privacy awareness activities
- Promote best practice amongst privacy authorities
- Work to continuously improve our regulatory performance
- Support efforts to improve cross-border cooperation in privacy enforcement.
Office of the Australian Information Commissioner, Privacy Commissioner of New Zealand, Privacy Commissioner for Personal Data, Hong Kong, China, Privacy Commissioner of New South Wales, Australia, Privacy Commissioner of Victoria, Australia, Information Commissioner of Northern Territory, Australia, Korea Internet & Security Agency, Information and Privacy Commissioner of British Columbia, Canada, Privacy Commissioner of Canada, Federal Trade Commission, United States of America, Federal Institute for Access to Information and Data Protection, Mexico, Office for Personal Data Protection, Macao, China, Personal Information Protection Commission, Korea, Federal Communications Commission, United States.
APPA Secondment Framework
Secondments offer an excellent opportunity to foster collaboration between APPA members and promote best practice in the field of privacy and data protection. They can also help to improve the performance of individual staff members and of the privacy authorities they work for.
For this reason, APPA has adopted the APPA Secondment Framework. This framework provides advice on how to set up a successful secondment.
Use of APPA logo
APPA members are encouraged to use the APPA logo on their authority’s website to identify the authority as an APPA member and to promote awareness of the APPA forum. If you are considering using the APPA logo, please refer to the Use of APPA Logo policy. This policy outlines how the APPA logo may be used.
Community attitudes to privacy surveys
A number of APPA member authorities conduct community attitudes to privacy surveys. For example:
- the Office of the Privacy Commissioner, New Zealand privacy surveys
- the Office of the Australian Information Commissioner Community Attitudes to Privacy survey.
Comparative privacy statistics
At the 41st APPA Meeting (Seoul, 17–18 June 2014), the APPA forum adopted a Statement of Common Administrative Practice on Recommended Common Core Questions for Community Attitude Surveys. The statement provides that:
- where member authorities undertake community attitude surveys they should include the two common questions (set out in the statement’s schedule), and
- the APPA Secretariat will make statistics on responses to the two common questions publicly available, and eventually calculate and publish regional ‘benchmark’ figures.
The APPA Secretariat will publish statistics on responses to the common questions as they become available.
The Asia Pacific Privacy Authorities Forum established the following funding arrangement at the 41st meeting in Seoul. The funding arrangement was revised at the 44th meeting in Macao; the changes include:
- the currency for the levy was changed from Australian dollars to Canadian dollars, to reflect the location of the APPA Secretariat
- the amount for the levy was increased from $1,000 to $2,000 for the standard levy and from $666 to $1,000 for the reduced levy.
- From 2014, each APPA member authority will pay an annual membership levy (“the levy”) to establish an APPA fund for that year (“the fund”). The APPA Secretariat will collect, hold and disburse the proceeds of the fund. APPA members must pay those levies to continue to be considered APPA members, to participate in APPA activities, to attend APPA meetings or to receive disbursements from the fund.
- The levy payable to a member is either the “standard levy” or the “reduced levy” (one half of the standard levy).
- Levies will be set in the currency of the country in which the Secretariat is based. The amounts given in this paper are in Australian dollars. As the APPA Secretariat position is currently held by the Office of the Information and Privacy Commissioner, British Columbia, the levy is now in Canadian dollars.
- The standard levy for 2014 is $2000 but may be adjusted by APPA for future years. The standard levy applies to all members unless the reduced levy applies under clause 5.
- The reduced levy is $1000 but may be adjusted by APPA for future years. The reduced levy is payable by:
- A very small authority, being an authority with an annual budget of less than $750,000 or fewer than seven staff (full time equivalents);
- An authority based in an economy on the United Nations list of least developed countries (LDCs).
- The fund consists of all monies derived from levies in a particular year. The Secretariat will account annually to the APPA members regarding the collection, holding and disbursement of the fund.
- The Secretariat may disburse the funds once levies have been collected and the fund size is known. The funds will be disbursed during the year in three equal payments being:
- Four sixths to the Secretariat;
- One sixth to the host of the first APPA meeting for the year;
- One sixth for the host of the second APPA meeting of the year.
- An APPA member may enter an arrangement to extend the period for the payment of the annual membership levy. The arrangement must be entered into within 60 days of the Secretariat notifying the APPA member that the APPA membership levy is payable. The period for payment of the levy may be extended up to 120 days of receipt of the invoice for the payment of the levy. The Secretariat must take steps to accommodate all reasonable requests for such an arrangement.
- APPA membership will be discontinued, if:
- An APPA member fails to enter an arrangement to extend the period for the payment of the levy within 60 days of the Secretariat notifying the APPA member that the APPA membership levy is payable; or
- An APPA member fails to pay the APPA membership levy within 120 days of receiving an invoice for the payment of the levy. The Secretariat must provide at least one reminder within this period.
- Matters of administration not otherwise dealt with explicitly in this Arrangement are to be determined by the Secretariat. Examples include the manner in which levies are notified and facilities for payment.
- The Arrangement is to operate on a calendar year basis. Levies are to be requested before or at the beginning of the year and to be paid by a deadline set by the Secretariat.
- An authority joining APPA after the deadline for payment levies will not be levied for that year. Such a member will not be entitled to receive any disbursement from the fund in relation to that year.
- The fund will usually be disbursed within the year it is created. However, in extraordinary circumstances some monies may remain (for example, if a meeting is abandoned, or if a meeting is hosted by a new member that has not paid any levies). In such cases, the Secretariat will recommend to APPA how surplus monies be dealt with (e.g. by reduction in the following year’s levies).
- The Secretariat will require evidence of a member’s status as a very small authority to support the reduced levy. The Secretariat may obtain that evidence from publicly available sources or require a member to furnish supporting information. Supporting evidence of a country’s LDC status is not required as the Secretariat will take notice of any official LDC listing on a UN website.
- In assessing whether a member is a very small authority regard will be had to the authority’s entire staffing and entire budget. Staffing will include, for example, a commissioner. In offices with combined functions, for example privacy authorities also performing general access review roles, no subdivision of staff or budget into functional units is allowed — it is the organisation’s entire size that is to be considered.
- It is not expected that interest accruing on the fund, if any, will amount to more than a trivial amount. Any interest earned may be kept by the Secretariat.
- While the Secretariat will account to APPA for the levies collected for the fund and the three disbursements, the Secretariat need not further account for how those funds are used. Hosts need not account to APPA for how they use the funds allocated to them.
- The Secretariat will schedule a review after the arrangements have been in place for three years (i.e. in 2017), or earlier if warranted. Without limit, such a review should:
- Consider whether the Arrangement should continue and, if so, whether it should be modified;
- Assess how well the Arrangement met the objectives of being fair, affordable, simple, equitable and empowering; and
- Consider whether the level and thresholds for the reduced levy remain appropriate.
In the event that two authorities serve as Secretariat during the year, the portion of the fund due to the Secretariat will be shared evenly between the two authorities (or may be divided in such other shares as agreed between those authorities).
This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic requirements included in the EU General Data Protection Regulation (GDPR). APPA members can then use this document to develop their own guidance to assist their businesses and other organizations processing the personal data of European individuals in complying with the GDPR.
Policy on APPA Sessions and Attendees
|Title||Policy on APPA Sessions and Attendees|
|Purpose||The purpose of this policy is to identify the types of sessions at APPA Forums and who may attend each of those sessions.|
|Effective||1 December 2016|
|Revised||17 May 2017|
At the 46th APPA Forum members adopted a proposal to introduce a members-only session into the APPA Forums, and instructed the Secretariat to prepare a policy setting out the types of sessions at APPA Forums and to circulate that policy to APPA members.
Types of Sessions
- Three types of sessions may be held at each APPA Forum: “members-only”, “closed”, and “broader” sessions.
- The “members-only” session is attended by APPA members only.
- The agenda items of the members-only session include the following:
- Approving minutes from the previous Forum;
- Reports or sharing from the APPA Governance Committee or any of the APPA Working Groups (e.g. the APPA Communications Working Group, and the APPA Technology Working Group);
- Members’ reports: jurisdiction (and enforcement) reports, data breach notification reports, and special reports;
- Invited guests: speakers invited to address APPA members only. Invited guests will arrive at the time of their presentation and stay for the related discussion;
- Discretionary items as proposed by Members to the Host or Secretariat, e.g. a report back on a joint investigation being conducted by APPA members;
- Discussion finalizing the Communiqué;
- Hosts of future APPA Forums;
- the APPA Forum group photo; and
- Items as recommended to the Host by the Governance Committee.
A case-by-case exception may be made for a privacy or data protection authority to attend the members-only session or for an invitee from the private sector, government, academia, and/or civil society to attend the members-only session. This exception will be applied on agreement by the Governance Committee, in consultation with the Host, and with the approval of APPA members. No indication of objection will be deemed as approval.
The Host extends the invitation to the invitee to attend the members-only session as an Observer and communicates to the invitee that this engagement includes only observation (unless the invitee is invited to speak).
- “A privacy or data protection authority” means an accredited member of the International Conference of Data Protection and Privacy Commissioners (ICDPPC), or a participant in the APEC Cross-border Privacy Enforcement Arrangement (CPEA), or a member of the Global Privacy Enforcement Network (GPEN).
The closed session
The closed session is attended by APPA Members and invited privacy and data protection authorities. The session consists of agenda items that may be of shared interest to privacy and data protection authorities who attend as Guests and participate actively in the discussions.
The Host extends the invitation to attend the closed session to a privacy or data protection authority and communicates to the invitee that they are invited to participate fully in the session.
- The agenda items for the closed session include:
- International Developments;
- Guest speakers where APPA members benefit from a privacy or data protection authority-only discussion;
- Reports from APPA members where the members may benefit from input from non-member privacy and data-protection authorities; and
- Items as recommended to the Host by the Governance Committee.
A case-by-case exception may be made to invite an actor from the private sector, government, academia, and/or civil society to the closed session as an Observer. This exception will be applied on agreement by the Governance Committee, in consultation with the Host, and will approval of APPA members. No indication of objection will be deemed as approval.
The Host extends the invitation to an invitee to attend a closed session as an Observer and will communicate that this engagement includes only observation (unless the invitee is invited to speak).
The broader session
The broader session is attended by APPA Members and Guests from privacy or data protection authorities or from government, the private sector, academia, and/or civil society. All Guests may participate actively in the broader session.
The Host extends the invitation to invitees to attend the broader session and will communicate that they are invited to participate in the discussions.
- Invitees to the APPA Forum will participate in sessions in accordance with whether they are a Member, Observer or Guest for that session:
- APPA Members – APPA Members are privacy or data protection authorities that have joined APPA.
- APPA Observers – APPA Observers are invitees to the members-only and/or closed session at which they may observe but not participate (unless they are invited to speak or are a guest speaker). This may include a privacy or data protection authority exceptionally invited to attend the members-only session, or an invitee from the private sector, government, academia, and/or civil society exceptionally invited to attend the members-only or closed session.
- APPA Guests – APPA Guests are invitees to the closed and/or broader session in which they may participate fully in the discussions. This includes privacy or data protection authorities invited to attend the closed and/or broader session, or an invitee from the private sector, government, academia, and/or civil society invited to attend the broader session.
- All panels or moderated sessions at APPA Forums will be moderated by APPA members, including in the broader sessions. The Host will identify moderators for sessions in consultation with the Governance Committee.
The table below summarizes the types of sessions at APPA Forums and levels of participation by invitees.
|Type of Invitee||Member-only session||Closed Session||Broader Session|
|Members||As a Member (participation)||As a Member (participation)||As a Member (participation)|
|Invitees that are privacy and data protection authorities||As an Observer (observation) by exception||As a Guest (participation)||As a Guest (participation)|
|Invitees that are from the private sector, government, academia, and/or civil society||As an Observer (observation) by exception||As an Observer (observation) by exception||As a Guest (participation)|