47th APPA Forum — Communiqué

APPA members at ICC Sydney, Australia

The Office of the Australian Information Commissioner (OAIC) hosted the 47th Asia Pacific Privacy Authorities (APPA) Forum on 10 to 11 July 2017 in Sydney, Australia.

APPA members and invited guests spent the two days discussing interoperability and identifying global and domestic synergies for regulatory guidance and enforcement activities in the Asia Pacific. Highlights from the 47th APPA Forum are detailed below.

The Forum was organised with the support of the APPA Governance Committee, which is comprised of five APPA members.

Day one (closed session)

Mr Jason Falinski MP, representing the Australian Attorney-General, the Hon George Brandis QC, opened the Forum and welcomed APPA members to Australia.

The first day, following tradition, focused on presented jurisdiction reports and their common themes. These themes included law reform, enforcement, stakeholder engagement/outreach and data breach notification.

The APPA Governance Committee provided an update and presented the policy on APPA Forum attendance and the protocol for publishing or sharing APPA reports without any objection from members.

APPA’s Communications Working Group (CWG) provided a summary of the initiatives and campaigns for 2017’s Privacy Awareness Week (PAW). In 2017, 11 APPA members participated in PAW to promote two themes: Share with Care and Trust and Transparency. The CWG encouraged all members to participate in PAW 2018 to enhance international awareness.

The Technology Working Group (TWG) updated APPA members on the International Repository Report and encouraged suggestions for future research topics. The TWG also invited APPA members to provide feedback on the adoption of the ‘Payment card industry —Data Security Standard’ as recommended at the last Forum.

Following the TWG report, members received an update from the Comparative Privacy Statistic Working Group (CPSWG). The CPSWG was reactivated in 2017 and chaired by the Office of the Privacy Commissioner, New Zealand. The group briefed members on its goals, objectives and work plan for the coming year. The aim of the CPSWG is to create a reliable statistical baseline for privacy law and regulator awareness across APPA jurisdictions.

The Office of the Privacy Commissioner of Canada (OPC) updated members on other networks’ activities including the Global Privacy Enforcement Network’s (GPEN) Investigator’s Conference and the Digital Clearinghouse initiative. The United States’ Federal Trade Commission joined OPC reporting on their survey of technological research and support capacity within and amongst APPA members. A discussion followed on how to move this forward for the next APPA Forum.

The day concluded with the traditional group photo.

Day two (Closed and broader session)

The morning of the second day began with a video presentation from Brown University Adjunct Professor and Associate Faculty Director, Deborah Hurley. Ms Hurley presented a paper by the Executive Master in Cybersecurity Class of 2018 which discussed identifying the most promising methods for technically de-identifying data and explored the relative merits of these emerging techniques.

The Forum engaged in a wide ranging discussion regarding the presentation — recognising the complexity of the issue. The TWG agreed to assess current de-identification guidance undertaken by APPA members to identify common principles and approaches, and also to explore international standards in this field. The TWG will present back to the 48th Forum.

Other topics discussed by members were accountability tools and the EU General Data Protection Regulation (GDPR). The sessions provided members with an update on a recent GDPR workshop for APPA members in Paris, how the UK is preparing for the commencement of the scheme and an update on available resources for Asia Pacific jurisdictions.

The broader session included guest speaker, Simon Entwisle, Deputy Commissioner (Operations) at the Information Commissioner’s Office UK, who presented on big data, artificial intelligence, machine learning and data protection. The discussion was opened up to members to voice developments in their jurisdictions and brought to light opportunities to collaborate.

The results of the OAIC’s 2017 Australian Community Attitudes to Privacy Survey mentioned in the CPSWG update were expanded on during day two. The results highlighted that Australians were concerned about their privacy however they were not maximising the options available to them to protect themselves. The key findings showed that both consumers and businesses need to work together to ensure personal information is protected.

The broader session continued with a regulatory panel discussion from members who have implemented or are preparing to implement notifiable data breach notification schemes and what they have learnt from the experience. Members were also provided with an overview of the Asian Business Law Institute.

To conclude the Forum, an update on the 48th APPA Forum which will be held in Vancouver, Canada, was presented to members.

Commissioner arrivals and departures

The meeting recognised the following appointments and departures in member authorities since the last meeting:

  • Dr Ximena Puente de la Mora has departed from the role as President Commissioner of the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Dr. Francisco Javier Acuña Llamas has been appointed the President Commissioner of the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Fong Man Chong has departed his role as Coordinator for the Office for Personal Data Protection of Macao
  • Ken Chongwei Yang has been appointed the Coordinator for the Office for Personal Data Protection of Macao
  • Dr Elizabeth Coombs departed the role of Acting Privacy Commissioner for the Office of the Privacy Commissioner NSW
  • Paul McKnight is currently the Acting Privacy Commissioner until Samantha Gavel moves into the role in late 2017
  • At the end of August 2017, David Watts will depart his role as Victoria’s Commissioner for Privacy and Data Protection
  • In December 2016 Tan Kiat How was appointed as the Commissioner for the Personal Data Protection Commission Singapore.

Next meetings

The 48th APPA Forum will be hosted by the Office of the Privacy Commissioner of Canada from 15 to 17 November 2017 in Vancouver, Canada.

The host of the 49th APPA Forum will be announced shortly.

47th APPA Forum attendees

Officials from the following member authorities participated in the meeting:

  • Office of the Australian Information Commissioner (host)
  • Office of the Information and Privacy Commissioner for British Columbia
  • Office of the Privacy Commissioner of Canada
  • Privacy Commissioner for Personal Data, Hong Kong
  • Personal Information Protection Commission, Japan
  • Korea Internet & Security Agency (KISA)
  • Personal Information Protection Commission, Republic of Korea
  • Office for Personal Data Protection, Macao
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Office of the Privacy Commissioner, New Zealand
  • National Privacy Commission, Philippines
  • Personal Data Protection Commission, Singapore
  • Federal Trade Commission, United States
  • Office of the Commissioner for Privacy and Data Protection, Victoria
  • Office of the Privacy Commissioner, New South Wales
  • Office of the Information Commissioner, Queensland
  • Office of the Information Commissioner, Northern Territory.

Officials from the following organizations attended the meeting as invited speakers:

  • Information Commissioner’s Office UK
  • Asian Business Law Institute
  • Brown University.