The 62nd APPA Forum, hosted by the Personal Information Protection Commission of Japan, in Tokyo, Japan

The Personal Information Protection Commission (PPC), Japan hosted the 62nd Asia Pacific Privacy Authorities (APPA) Forum from 26 to 27 November 2024.

The forum was attended by 17 APPA members. A number of guests and observers were also in attendance from around the globe, including from data protection and privacy authorities and other international networks.

During the two-day forum, members, observers and guests shared and discussed a variety of common privacy issues, regulatory experiences, and enforcement challenges. Attendees also continued to build relationships, aiming to enhance regulatory cooperation in the region.

The discussions focused on the following key themes:

  • Enforcement and legislative development
  • New initiatives and guiding activities from privacy authorities
  • Training and awareness-raising activities
  • Updates on and responses to recent significant data breaches
  • Governance of AI and Emerging Technologies
  • Protecting children’s privacy
  • Cross-border data transfer, including Data Free Flow with Trust

APPA members acknowledged the need for proactive approaches to privacy regulation and shared strategies for enhancing collaboration and interjurisdictional cooperation.

The two-day meeting was divided into two sessions.

Day One

On day one, the 62nd APPA Forum was opened by Katsuhiko Ogawa, Commissioner of the PPC, who welcomed APPA members to Tokyo. Following the opening remarks, Commissioner Lew Chuen Hong of the Personal Data Protection Commission (PDPC), Singapore, as the APPA Secretariat, extended appreciation to PPC for their wonderful hospitality and the Office of Information and Privacy Commissioner, British Columbia, Canada for helming the Secretariat role for many years. Then, Yuji Asai, Commissioner of the PPC and Chair of the forum gave an overview of the agenda. The opening formalities were concluded with the approval of the 61st APPA Forum’s meeting minutes.

The focus of Day one was on APPA’s standing agenda items.

The formal agenda began with presentation of the Governance Committee Report from PDPC Singapore which was delivered by Director Adeline Tung, on behalf of the Chair of APPA Governance Committee and Secretariat.

Following the report, at a members-only session, the APPA Working Group Reports consisted of the Communications Working Group Report delivered by the Personal Data Protection Bureau, Macao Special Administrative Region (SAR), China, and the Technology Working Group Report delivered by the PDPC Singapore, who shared the draft Anonymisation guide with APPA members for their review.

Members then presented their jurisdiction reports and gave updates on key privacy developments in their jurisdictions. Presenters were asked to outline developments in their jurisdiction from the last six months that may be of interest to the forum. Some of the topics discussed during the session included:

  • Legislative Development
  • New Initiatives and Guides
  • Enforcement and Investigations
  • Training and awareness

This was followed by the group photo of attendees.

Jurisdiction reports continued in the beginning of afternoon session and after that, the session commenced with a panel discussion moderated by Gabriela Zanfir-Fortuna, Vice-President for Global Privacy, Future of Privacy Forum, on Governance of AI and Emerging Technologies in the Asia Pacific Region: Perspectives and Initiatives, as a closed session in which non-privacy authority entities were welcomed. This panel focused on three key areas: (1) existing work in various jurisdictions at the intersection of AI and data protection/privacy, (2) how comprehensive dedicated AI laws are, and (3) strategies to regulating effectively complex technologies like AI, particularly Generative AI.

This was followed by Global Privacy Development Update Reports (Network Reports) in which Networks were asked to discuss the following topics:

  • What are the most significant challenges and accomplishments they have encountered this year, and
  • How international cooperation has influenced the attainment of their objectives.

The following global privacy networks and organisations provided update reports:

  • Organisation for Economic Co-operation and Development
  • Ibero-American Network of Data Protection
  • Global Privacy Assembly
  • Global Privacy Assembly International Enforcement Cooperation Working Group
  • Global Privacy Assembly Data Protection and Other Rights and Freedoms Working Group
  • Global Privacy Assembly Digital Citizen and Consumer Working Group
  • Global Privacy Enforcement Network
  • Global Cross-Border Privacy Rules Forum

At the end of day one, the draft Communique was discussed followed by closing remarks.

In the evening, the PPC hosted a welcome reception which was attended by in-person attendees of the APPA Forum.

Day Two

Day two was opened with a short introduction from Commissioner Asai.

Day two of the Forum then commenced with updates from G7 Data protection and Privacy Authorities Roundtable. Following the updates, a presentation on children’s privacy was addressed by Information and Privacy Commissioner Michael Harvey, British Columbia, Canada, Information and Privacy Commissioner Patricia Kosseim, Ontario, Canada and Privacy Commissioner Philippe Dufresne, Canada.

Dr Christopher Kuner, University of Copenhagen, and Wilson Sonsini Goodrich & Rosati, Brussels, gave a keynote speech on the cross-border data transfer. This was followed by the panel discussion moderated by Zee Kin Yeong, Director, Asian Business Law Institute, on Data Free Flow with Trust – The Role of Privacy and Data Protection Authorities -. This panel focused on three key areas: (1) model contractual clauses, (2) mutual adequacy arrangements, and (3) corporate certification systems as specific mechanisms for promoting DFFT from the data protection authority’s perspective. The discussion covered how to use various tools based on their characteristics and how to proceed with studies to improve interoperability. It aimed to explore the direction data protection authorities should take and challenges in order to further improve specific mechanisms for the safe and smooth cross-border transfer of personal data from various perspectives.

At the end of day two, the draft communique was approved for release, followed by closing remarks from the PPC.

To end the proceedings, the announcement of the host of the 63rd APPA Forum was made.

For the remainder of day two, APPA attendees had the option to attend the side event hosted by the PPC and explored two topics; DFFT and Balancing the Use and Protection of Personal Data. The event was attended by industry, academia, privacy professionals, civil society, government and regulators.

Next meeting

The 63rd APPA Forum will be held virtually and hosted by the Office of the Privacy Commissioner, New Zealand.

62nd APPA Forum attendees

  • Office of the Australian Information Commissioner, Australia
  • Office of the Information Commissioner, Queensland, Australia
  • Office of the Victorian Information Commissioner, Victoria, Australia
  • Office of the Privacy Commissioner, Canada
  • Office of the Information and Privacy Commissioner, British Columbia, Canada
  • Personal Data Protection Bureau, Macao SAR, China
  • Office of the Privacy Commissioner for Personal Data, Hong Kong, China
  • The Personal Information Protection Commission, Japan
  • Korea Internet & Security Agency, Korea
  • Korea Personal Information Protection Commission, Korea
  • Office of the Personal Data Protection Commissioner, Malaysia
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Office of the Privacy Commissioner, New Zealand
  • National Privacy Commission, Philippines
  • National Authority of Data Protection of Peru
  • Personal Data Protection Commission, Singapore
  • California Privacy Protection Agency, United States of America

62nd APPA Forum observers and guests

  • Gabriela Zanfir-Fortuna, Vice-President for Global Privacy, Future of Privacy Forum
  • Fumio Shinpo, Professor, Keio University Japan
  • Ginevra Cerrina Feroni, Vice President, The Italian Data Protection Authority (Garante per la protezione dei dati personali)
  • Christopher Kuner, Affiliate Professor, Copenhagen University; Senior Privacy Counsel in the Brussels office of Wilson Sonsini Goodrich & Rosati
  • Patricia Kosseim, Information and Privacy Commissioner, Ontario, Canada
  • Zee Kin Yeong, Director, Asian Business Law Institute
  • Authority for Info-communications Technology Industry of Brunei Darussalam
  • Data Protection Office and International Group, Brunei
  • Ministry of Post and Telecommunications, Cambodia
  • The Italian Data Protection Authority (Garante per la protezione dei dati personali)
  • Personal Data Protection Committee, Thailand
  • KVKK, Personal Data Protection Authority, Türkiye
  • Organisation for Economic Co-operation and Development
  • Ibero-American Network of Data Protection
  • Global Privacy Assembly
  • Global Privacy Assembly International Enforcement Cooperation Working Group
  • Global Privacy Assembly Data Protection and Other Rights and Freedoms Working Group
  • Global Privacy Enforcement Network
  • Global Privacy Assembly Digital Citizen and Consumer Working Group
  • Global Cross-Border Privacy Rules
  • G7 Data protection and Privacy Authorities Roundtable