35th APPA Forum — Communiqué

APPA members at the 35th APPA forum, Jeju

The 35th Asia Pacific Privacy Authorities (APPA) forum was hosted by the Korea Internet & Security Agency in Jeju, South Korea on 2–3 June 2011.

Participants discussed a wide range of matters over the two days of the meeting. Selected highlights of those discussions follow.

Enforcement

The meeting discussed the increasing prevalence of privacy incidents, including significant breaches involving personal information, with international implications. Discussion focused on recent examples including privacy issues arising from Google Buzz and Google Street View, concerns about social networking sites, location-based tracking and the hacking of databases such as Sony’s PlayStation Network.

In the light of these incidents, participants discussed the potential for future joint enforcement activities and explored possibilities for mechanisms to further enhance coordination between members conducting investigations into similar matters.  As a first step in this direction, a number of participants resolved to participate in a comparative analysis of their investigations of the Sony incident at the next Forum.

The New Zealand Privacy Commissioner’s Office will draft an issues paper on how to enhance and formalise coordination between members in global privacy enforcement.

International privacy developments

The meeting discussed the wide range of activity in international forums.  Specifically, members discussed the program for the 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC), which will be hosted by the Mexican Federal Institute for Access to Information and Data Protection (IFAI), in Mexico City from 1–4 November 2011.

The Forum also discussed developments emanating from the Organisation for Economic Co-operation and Development (OECD), particularly the establishment of the Global Privacy Enforcement Network (GPEN).  Discussion was held on Asia Pacific Economic Cooperation (APEC) Cross-border Privacy Enforcement Arrangement (CPEA) to which a number of APPA members are signatories.  The Forum recognised these initiatives as important mechanisms to support cross border enforcement.

Privacy issues arising from smart technologies

Meeting participants took part in a field trip to a smart grid test bed facility on 1 June 2011.  Smart grids are electricity networks that can intelligently integrate the behaviour and actions of consumers and generators to improve energy efficiency.

To optimise the performance of smart grids, energy providers may collect and retain detailed information about a household’s energy consumption patterns.  Members discussed the privacy implications associated with this, and will monitor the possible privacy impacts of this new technology as it continues to develop.

Privacy Awareness Week 2011

Privacy Awareness Week (PAW) took place from 1–7 May 2011.  The meeting agreed that it had been a great success.

APPA members jointly developed two promotional products to underpin the PAW 2011:

  • An online survey seeking information on individuals’ experiences with social networking sites and privacy. The survey was made available in English, Spanish, Korean and Chinese.  The survey was open from 1–31 May 2011, and 10,641 people participated.
  • An animation entitled ‘How Private is Your Profile?’ was designed to promote awareness of some of the privacy risks associated with social networking sites.  The animation was distributed on a dedicated APPA YouTube channel, and was viewed 4220 times.

The survey results will provide useful insights into people’s online privacy behaviours. The Communications Working Group will collate the survey responses, analyse the results, and deliver a report to the next meeting.

Implications of web 2.0 technologies for privacy regulation

Web 2.0 technologies have great potential for enhancing the way that privacy regulators communicate with their key stakeholders.  The meeting discussed and shared examples of how privacy regulators are now using these technologies, including social networking sites, as a means of further raising community awareness of privacy rights and responsibilities.

Credit Reporting

Credit reporting reforms are underway in a number of APPA jurisdictions. Members discussed the benefits and risks of comprehensive credit reporting, and shared information about the different approaches taken to credit reporting in different countries.

Next meeting

The next meeting of the Forum will be hosted by the Office of the Victorian Privacy Commissioner.  It will take place in Melbourne, Australia on 1–2 December 2011.

Participants

The meeting was attended by representatives from:

  • Office of the Australian Information Commissioner, Australia
  • Office of the Privacy Commissioner, Canada
  • Office of the Privacy Commissioner for Personal Data, Hong Kong
  • Korea Internet & Security Agency
  • Office of the Privacy Commissioner, New Zealand
  • Federal Institute for Access to Information and Data Protection, Mexico
  • Federal Trade Commission, United States

Representatives from the following organisations joined part of the meeting as observers:

  • Office for Personal Data Protection, Macao
  • Consumer Affairs Agency, Japan
  • Korea Communications Commission, Korea