53rd APPA Forum — Communiqué
Asia Pacific Privacy Authorities (APPA), formed in 1992, is the principal forum for privacy and data protection authorities in the Asia Pacific region to form partnerships and exchange ideas about privacy regulation, new technologies and the management of privacy enquiries and complaints. APPA membership includes representatives of 19 data protection authorities from the region. The Personal Data Protection Commissioner (PDPC) hosted a virtual meeting of the 53rd APPA Forum on 2 – 4 June 2020.
Over three half days, APPA Members and invited Observers discussed global privacy trends, exchanged policy and regulatory experiences and sought opportunities for cooperation on education and enforcement activities across the Asia Pacific region.
The Forum was organized with the support of the five-member APPA Governance Committee and was attended by 116 officials from 17 APPA member authorities.
Day One (Members-only sessions)
Commissioner Tan Kiat How opened the 53rd APPA Forum and welcomed Members to the first virtual meeting of the APPA Forum which was held in lieu of the in person meeting due to the COVID-19 pandemic.
Starting off the Forum on the first day, the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) provided updates, in its capacity as APPA Secretariat and Chair of the APPA Governance Committee.
This was followed by reports from the three APPA Working Groups. The Communications Working Group (CWG) presented the plans for PAW 2020 and other continuing communication initiatives. Results of the survey on biometrics was next shared by the Technology Working Group (TWG) while the Comparative Privacy Statistics Working Group (CPSWG) tabled its report on the survey regarding complaints handling.
Jurisdiction reports were also presented, starting with law reform and legislative developments. Several jurisdictions such as Australia, Japan, Singapore and Hong Kong updated on the review of their respective domestic regimes. Macao shared on the status of the Electronic Governance Law while OPC NZ updated on the amendment to Telecommunications Information Privacy Code to provide emergency services with better access to location information. In the areas of awareness and outreach, OPC Canada presented on its latest AI consultations while Korea shared on the privacy education for multicultural families. INAI Mexico shared the decision it took after a data protection procedure pertaining to the balance between personal data protection rights and freedom of expression rights, concerning the protection of journalistic sources. FTC United States presented on its recent report to Congress regarding the agency’s efforts to educate consumers about their rights to dispute and correct errors in their credit reports. NPC Philippines presented on the DPO Complex Workshop which it conducted for data protection officers in government while OVIC shared on the Privacy Management Framework that was developed to aid the public sector comply with the Information Privacy Principles under the Privacy and Data Protection Act 2014
Day One concluded with detailed reports on investigations and enforcement presented by the FTC United States, PPC Japan, OIPC British Columbia and OPC Canada.
Day Two (Members-only and closed sessions)
The second day of the Forum began with a session on Data Breach Notifications with presentations from OVIC and PDPC. This was followed by presentations from PDPC Singapore, PCPD Hong Kong, OPC NZ and GPDP Macao SAR on their initiatives and observations pertaining to biometrics.
The Forum also welcomed 39 APPA Observers for the rest of the sessions as they exchanged views and experiences on data protection and governance challenges in light of the ensuing COVID-19 pandemic.
Members who provided an update on their activities in relation to COVID-19 included: PDPC Singapore, PCPD Hong Kong, NPC Philippines, OPC Canada, PPC Japan, OPC New Zealand, OAIC Australia, PIPC Korea, KISA Korea, and ICO UK. PDPC Singapore also helped to deliver an intervention from CNIL, France on this issue.
APPA 53 concluded that the protection of privacy rights remains critical during times of public emergencies. Members recognised the commonality of their experiences in addressing the novel challenges presented by the global pandemic and agreed that international cooperation would be critical to ensuring the appropriate use and protection of personal information. As novel issues continue to arise from the pandemic, Members affirmed a commitment to supporting each other through existing privacy and data protection international networks and platforms.
In response, APPA 53 committed to setting up a COVID 19 repository to enhance information sharing efforts and to work closely with other international fora such as GPEN and GPA to support the global fight against the pandemic.
Day Three (Closed sessions)
On the third day of the Forum, PDPC Singapore, FTC United States and SIC Colombia provided updates on the AI regulatory developments and the implications on privacy in their respective jurisdictions.
This was followed by updates on international cooperation in data protection by PPC Japan, PIPC Korea and SIC Colombia. PIPC Korea in particular proposed the creation of a cooperation mechanism for investigations by member authorities into cross-jurisdictional data breaches.
Day Three also included discussions on the following topics:
- Updates on the International Conference of Data Protection and Privacy Commissioners, now known as the Global Privacy Assembly (GPA) by OPC Canada and OAIC Australia;
- Updates on the Global Privacy Enforcement Network by OPC NZ, OPC Canada, and OIPC British Columbia;
- Updates on the Ibero-American Network of Data Protection by INAI Mexico;
- APEC Cross Border Privacy Rules System the Cross-Border Privacy Enforcement Arrangement by FTC United States and PPC Japan;
- Update on the ASEAN Digital Data Governance Framework by PDPC Singapore;
- Update from European Commission; and
- Update from OECD on Review of the OECD Privacy Guidelines by the OECD Secretariat and PPC Japan.
Commissioner arrivals and departures
The meeting noted that there has been no change in the appointments of the Commissioners during this period.
Next meeting
The 54th APPA Forum is scheduled for December 2020 in Melbourne Australia, to be hosted by the Office of the Victorian Information Commissioner.
53rd APPA Forum attendees
- Personal Data Protection Commission, Singapore (PDPC)
- Office of the Australian Information Commissioner (OAIC)
- Office of the Information and Privacy Commissioner, British Columbia (OIPC-BC)
- Office of the Privacy Commissioner of Canada (OPC-Canada)
- Superintendence of Industry and Commerce (SIC) of Colombia
- Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)
- Personal Information Protection Commission, Japan (PPC)
- Korea Internet & Security Agency, Korea
- Personal Information Protection Commission, Korea (PIPC)
- Office for Personal Data Protection, Macao SAR, China (OPDP)
- National Institute for Transparency, Access to Information and Personal Data Protection, Mexico (INAI)
- Office of the Privacy Commissioner, New Zealand (OPC, NZ)
- National Authority for Data Protection, Peru
- National Privacy Commission, Philippines
- Office of the Information Commissioner, Queensland
- Federal Trade Commission, USA (FTC)
- Office of the Victorian Information Commissioner (OVIC)
Officials from the following organizations attended the meeting as Observers:
- Bermuda Privacy Commission, Bermuda
- Chilean Transparency Council, Chile
- Organisation for Economic Cooperation and Development (OECD)
- European Commission
- Information Commissioners Office, United Kingdom
- Authority for Info-communications Technology, Brunei Darussalam
- Ministry of Communications and Information Technology, Cambodia
- Ministry of Communications and Information Technology, Indonesia
- Ministry of Post and Telecommunications, Lao PDR
- Department of Personal Data Protection, Malaysia
- Ministry of Transport and Communications, Myanmar
- Prime Minister’s Office, Smart Nation Digital Government Office, Singapore
- Ministry of Digital Economy and Society, Thailand
- Personal Data Protection Committee, Thailand
- Ministry of Information and Communications, Vietnam