40th APPA Forum — Communiqué
The 40th Asia Pacific Privacy Authorities (APPA) Forum was hosted by the Office of the Australian Information Commissioner in Sydney on 26–27 November 2013. Delegates discussed a wide range of issues over two days. Selected highlights of those discussions follow.
Common themes across the Asia Pacific region
APPA membership has grown in number and diversity over the last 12 months. The 16 member authorities are from Hong Kong, Macao, Korea, Australia, New Zealand, United States, Canada, Mexico, Colombia and Peru. While there is diversity in APPA membership, common themes in the members’ work continue to emerge, including the challenges posed by new technologies, cross-border disclosure of personal information and cross-border enforcement. Privacy research and education are also key themes.
Cross-border disclosure of personal information
APPA members discussed a range of measures to protect personal information that is disclosed across borders, including the privacy principles and laws, codes that describe types of personal information and the bodies that are sending information overseas, ‘white lists’ of jurisdictions that have similar laws for the protection of personal information, and international cooperative arrangements such as the APEC Cross Border Privacy Rules (CBPR) system.
Regulatory tools to enforce privacy laws
APPA members noted a number of significant enforcement actions in their jurisdictions, many involving the unauthorised disclosure of personal information online. APPA members reported that they are using a number of regulatory tools to enforce the law, including enforcement notices, civil and criminal penalties (including imprisonment), audits, adverse publicity and the acceptance of enforceable undertakings that require organisations to develop and monitor internal processes and programs.
Cross-border cooperation
APPA members continue to collaborate internationally. The meeting reported on important global privacy developments and the work of various international networks including the work of the OECD Working Party on Information Security and Privacy and the Global Privacy Enforcement Network, the APEC Data Privacy Subgroup and the Cross-border Privacy Enforcement Arrangement, and PHAEDRA, a research project to help provide practical cooperation and coordination between privacy and data protection regulators.
Ethical dilemmas and best practice privacy regulation
Richard Thomas, former UK Information Commissioner and current member of the UK Committee on Standards in Public Life, spoke about the Nolan Committee’s seven principles of public life and how they apply to privacy and data protection regulators. APPA members also discussed best practice privacy regulation focussing on principles such as integrity, accountability, openness and leadership.
Education and awareness
APPA members reported on a range of education and awareness campaigns. Members outlined a number of substantial campaigns for business and government on new privacy and data protection laws. The meeting also noted the high level of sharing of personal information online by children and young people, and spent some time discussing the importance of privacy education in this area. Members noted their work on a number of current education and awareness products including modules for use in schools, television advertising, mobile apps and online gaming.
Technology
As always, technology was a key theme of the meeting. Guest speakers from the public and private sectors addressed the range of privacy issues raised by existing and new technologies. APPA members emphasised the importance of user-friendly privacy policies and notices. Guest speakers highlighted ‘privacy by design’, including the need to consider privacy issues and engage developers and engineers in the early stages of new projects.
The meeting was briefed by representatives from Apple Inc. and Facebook on their personal information handling practices, and welcomed an international guest speaker from Nokia who spoke on ‘privacy engineering’. A representative from the Australian Government Information Management Office (AGIMO) outlined the Australian Government’s Big Data Strategy, and a representative from the Australian Civil Aviation Safety Authority (CASA) addressed unmanned aircraft systems regulation.
Privacy Awareness Week 2014
APPA members confirmed the dates of Privacy Awareness Week (PAW) 2014 as 4–11 May 2014, and discussed the development of a joint education product on mobile apps and privacy for release during PAW.
Next meeting
The 41st meeting will be hosted by the Personal Information Protection Commission, Korea, in late June 2014.
Participants
The following member authorities participated in the meeting:
- Office of the Australian Information Commissioner, Australia
- Office of the Privacy Commissioner for Personal Data, Hong Kong
- Korea Internet and Security Agency, Korea
- Personal Information Protection Commission, Korea
- Office for Personal Data Protection, Macao
- Federal Institute for Access to Information and Data Protection, Mexico
- Information and Privacy Commission, New South Wales
- Office of the Privacy Commissioner, New Zealand
- Office of the Northern Territory Information Commissioner, Northern Territory
- Office of the Information Commissioner, Queensland
- Office of the Victorian Privacy Commissioner, Victoria
Officials from the following Government organisations attended the meeting as observers:
- Attorney-General’s Department, Australia
- Consumer Affairs Agency, Japan
- Korea Communications Commission, Korea
- Personal Data Protection Commission, Singapore