34th APPA Forum — Communiqué

APPA members taking in the views of Auckland from Mt Victoria

The 34th Asia Pacific Privacy Authorities (APPA) forum was hosted by the New Zealand Privacy Commissioner in Auckland, on 7-8 December 2010.

Participants discussed a wide range of matters over the two days of meeting. Selected highlights follow.

New members

The meeting welcomed the Federal Trade Commission, United States, the Federal Institute for Access to Information and Data Protection, Mexico, and the Office of the Information Commissioner, Queensland, as new members.

Membership criteria broadened

In order to be more inclusive, the meeting agreed to broaden APPA membership criteria to include privacy enforcement authorities that have been approved to participate in the Global Privacy Enforcement Network (GPEN). Accordingly, privacy enforcement authorities based in the Asia Pacific region are now eligible to be APPA members in one of three ways. They can be:

  • accredited to the International Conference of Data Protection and Privacy Commissioners (ICDPPC); or
  • a participant in the APEC Cross-border Privacy Enforcement Arrangement (CPEA); or
  • a member of GPEN.

New statement of objectives

Members adopted a new Statement of Objectives that highlights the importance of cross-border enforcement cooperation and recognises a strengthened relationship between APPA and the APEC CPEA.

Privacy Awareness Week 2011

Dates for Privacy Awareness Week (PAW) 2011 were confirmed as 1-7 May 2011.

The meeting agreed to develop a survey that APPA members may conduct during PAW. The survey will allow comparable data to be gathered across the jurisdictions for the first time. The Communications Working Group will work on proposals and circulate amongst members for approval.

International privacy developments

The meeting discussed the wide range of activity in international forums such as the ICDPPC, OECD, APEC, CPEA and GPEN. Mexico, as host of the 33rd ICDPPC, updated delegates on plans for the next International Conference to be held in late 2011. The Administrators of the APEC CPEA gave a report on a CPEA Participants meeting held in conjunction with the APPA forum.

A discussion followed on the prioritisation of cross-border enforcement action and examined scope for further cooperative work in conjunction with CPEA.

Direct marketing and privacy

Members explored developments in direct marketing such as the recent Hong Kong investigation of the release of information for marketing by a company operating a smartcard payment system. The practice in some economies of pre-screening marketing lists by using credit reporting systems was also discussed.

Implications of web 2.0 technologies for privacy regulation

The meeting heard from Mozelle Thompson, former US Federal Trade Commissioner and now Policy Consultant to Facebook, about the ways in which privacy regulators might most effectively engage with multi-national companies. Mr Thompson joined a subsequent discussion on the use of social media by privacy regulators and the issues arising with privacy law.

Re-examining privacy protection models

The Forum received a briefing from the FTC on the substantial work being undertaken in the Privacy Roundtable’s Project to re-examine the current approaches to privacy protection in the USA.

Privacy and technology working group

The APPA Technology Working Group provided an update. Work has commenced in the compilation of a database of material for members to enhance the sharing of information across jurisdictions.

Naming and shaming

The meeting explored the advantages and drawbacks of publicly naming organisations that are found to have breached privacy laws as a means of influencing organisation behaviour and encouraging systemic change.

Next meeting

The next meeting of the Forum will be held in Seoul, South Korea in June 2011.

Participants

The meeting was attended by representatives from:

  • Office of the Australian Information Commissioner, Australia
  • Office of the Privacy Commissioner for Personal Data, Hong Kong
  • Korea Internet & Security Agency
  • Office of the New South Wales Privacy Commissioner
  • Privacy Commissioner, New Zealand
  • Office of the Information Commissioner, Northern Territory
  • Federal Institute for Access to Information and Data Protection, Mexico
  • Office of the Information Commissioner, Queensland
  • Federal Trade Commission, United States
  • Office of the Victorian Privacy Commissioner

Representatives from the following organisations joined part of the meeting as observers:

  • Privacy Committee of South Australia
  • Office for Personal Data Protection, Macao
  • Consumer Affairs Agency, Japan
  • Human Rights Review Tribunal, New Zealand
  • Law Commission, New Zealand
  • Ministry of Justice, New Zealand