48th APPA Forum — Communiqué

The Office of the Privacy Commissioner of Canada (OPC-Canada) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC-BC) co-hosted the 48th Asia Pacific Privacy Authorities (APPA) Forum on 16 to 17 November 2017 in Vancouver, Canada. A kick-off event was also organized on 15 November, highlighting the benefits of independent research in privacy, while showcasing results of the OPC-Canada’s Contribution Program.

Over the three days, APPA members and invited guests shared insight and perspectives under the theme of Partnering for Research, discussed global privacy trends, exchanged domestic experiences and sought opportunities for joint regulatory guidance and enforcement activities across the Asia Pacific Region.

The Forum was organized with the support of the five-member APPA Governance Committee and was attended by fourteen (14) APPA member authorities.

Kick-off event

The kickoff event featured past funding recipients under the OPC’s Contributions Program, which funds independent research projects and knowledge translation initiatives in the field of privacy. The event noted the importance of funding programs that help advance the cause of privacy in Canada and internationally.

Mr. Alec Dan from the Musqueam Nation opened the event with a traditional territorial welcome. Drew McArthur, Acting Information and Privacy Commissioner for British Columbia and Daniel Therrien, Canada’s Privacy Commissioner welcomed APPA members and invited guests to Canada and the City of Vancouver.

The kickoff event started with a screening of four video clips produced by Option consommateurs, a consumer protection association from Québec. The video clips were realised with funding assistance from the OPC and featured past funding recipients under the Office’s Contributions Program, who summarized in the clips their research and attendant findings. There followed a panel discussion, with speakers all of whom were also recent funding recipients under the Contributions Program.

The documentary “Datamining the Deceased” was then presented to APPA members and invited guests. This one-hour documentary, also produced in part with funding from the OPC’s Contributions Program, explores the industry behind the exponential growth of genealogy, and its potential impact on privacy.

Day one (broader and closed session)

Opening remarks were delivered by the co-hosts, Daniel Therrien, Privacy Commissioner of Canada, and Drew McArthur, Acting Information and Privacy Commissioner for British Columbia. In their remarks the Commissioners lauded the importance of Asia-Pacific privacy authorities continuing to work together in practical and pragmatic ways towards greater interoperability.

The remarks were followed by four panels. The first panel convened speakers from four of the world’s largest data technology companies – Apple, Facebook, Google and Microsoft. The panelists shared their experiences on how their respective organisations integrate privacy in technological development and what mechanisms they have in place to facilitate global privacy compliance and to enhance consumer trust.

The second panel considered the innovative ways in which privacy authorities can partner with small and medium enterprises to more effectively meet privacy and business goals. Panelists shared experiences informed by their different perspectives – as regulators and small business representatives – and sought common strategies that can help privacy practices by all organisations.

The day’s third panel followed-up on the OPC-Canada’s recently completed consultations and Report on Consent. The panelists discussed potential solutions for enhancing the role of consent in privacy protection and, while recognizing consent remains an important pillar for the collection, use and disclosure of personal information, discussed where other alternatives can complement consent.

The fourth panel was a practical discussion on how data protection authorities can support and partner with outside research to inform and compliment their regulatory and enforcement work. Panelists shared their experiences both in setting up independent research funding programs and as recipients of grants. The discussion noted the importance of collaboration between academia, civil society and regulators, as well as the benefit this research has at the practical level, including for organisations that can implement research findings in their everyday work.

The APPA Forum continued with a closed session during which privacy authorities from Europe and Washington State provided updates on the implementation of Europe’s General Data Protection Regulation (GDPR) and on state-level privacy practices in the United States, respectively. Members also held a discussion on the consultation via regional networks that the International Conference on Data Protection and Privacy Commissioners (ICDPPC) is conducting.

Day two (members-only session)

The morning of the second day began with the presentation of members’ jurisdiction reports and their common themes. These themes included compliance and enforcement; cross-border data flows; law reform; outreach and education; and, business innovation.

APPA members then shared global privacy updates and developments. These included reports on the Asia-Pacific Economic Cooperation forum’s recent meeting in Vietnam, on the outcomes of the 39th ICDPPC hosted by Hong Kong, and on the Global Privacy Enforcement Network’s initiatives, including its recently concluded Sweep.

The APPA Governance Committee provided its update and presented the findings of their survey on the funding agreement. The Communications Working Group tabled its report, including initial findings from its survey on the synergies between of APPA members’ privacy legislation and the GDPR. The Technology Working Group presented its discussion paper on de-identification, following up on the survey it conducted during the 45th APPA Forum on the same topic. The Working Group on Comparative Privacy Statistics also tabled its report on recent activities, including its study of how APPA member authorities compare to the wider global community of privacy and data protection authorities as derived from the census conducted by the ICDPPC earlier this year.

Day Two also included discussions on:

  • Opportunities for the use of technological research and support capacity within and through collaboration amongst APPA members, a continuation of the discussion led by the United States’ Federal Trade Commission and OPC-Canada at APPA 47;
  • Access by responsible Ministers to personal information held by their departments. Led by the OPC-New Zealand, the conversation allowed members to share their experiences and views on the practices in their jurisdictions, the limits placed on access, the issues that have arisen and the responses of various stakeholders; and,
  • Australia’s Public Sector Privacy Code, led by the OAIC.

The day concluded with the unveiling of the host of the 49th APPA Forum: the United States Federal Trade Commission.

Commissioner arrivals and departures

The meeting recognised the following appointments and departures in member authorities:

  • Mr. Won Kim has completed his term as Vice President of the Personal Data Protection Center at the Korea Internet & Security Agency (KISA).
  • Mr. Jeong Hyun Cheol has been appointed the new Vice President of KISA’s Personal Data Protection Center.
  • David Watts completed his term as Commissioner in the State of Victoria, Australia.
  • Sven Bluemmel has been appointed Commissioner in what is now the Office of the Victorian Information Commissioner.
  • Paul McKnight departed his role as Acting Privacy Commissioner for New South Wales (NSW).
  • Samantha Gavel was appointed as NSW Privacy Commissioner.

Next meetings

The 49th APPA Forum will be hosted by the United States Federal Trade Commission in San Francisco, California.

The host of the 50th APPA Forum will be the Office of the Privacy Commissioner, New Zealand.

48th APPA Forum attendees

  • Office of the Australian Information Commissioner
  • Office of the Information and Privacy Commissioner for British Columbia (co-host)
  • Office of the Privacy Commissioner of Canada (co-host)
  • Superintendence of Industry and Commerce of Colombia
  • Privacy Commissioner for Personal Data, Hong Kong
  • Personal Information Protection Commission, Japan
  • Korea Internet & Security Agency
  • Personal Information Protection Commission, Republic of Korea
  • Office for Personal Data Protection, Macao
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Office of the Privacy Commissioner, New Zealand
  • National Privacy Commission, Philippines
  • Personal Data Protection Commission, Singapore
  • Federal Trade Commission, United States

Officials from the following organizations attended the meeting as observers:

  • Office of the Information and Privacy Commissioner, Alberta, Canada
  • European Data Protection Supervisor
  • Commission nationale de l’informatique et des libertés, France
  • Information Commissioner’s Office, UK
  • Office of the Chief Information Officer, Washington State, United States