52nd APPA Forum — Communiqué

52nd APPA group photo
The National Privacy Commission, Philippines (NPC) hosted the 52nd Asia Pacific Privacy Authorities (APPA) Forum on 2-3 December in Cebu, Philippines.

Over two days, APPA members and invited guests discussed global privacy trends, exchanged domestic experiences, and sought opportunities for cooperation on education and enforcement activities across the Asia Pacific region.

The Forum was organized with the support of the five-member APPA Governance Committee and was attended by fourteen APPA member authorities.

Day One (Members-only and Closed sessions)

NPC Commissioner Raymund E. Liboro opened the 52nd APPA Forum and welcomed members to Cebu, Philippines.

Starting off the first day session, the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) provided updates, in its capacity as APPA Secretariat and Chair of the APPA Governance Committee.

Reports from the three APPA Working Groups followed. The Communications Working Group presented the summary of Privacy Awareness Week (PAW) 2019 activities undertaken by APPA members, the plans for PAW 2020 and other continuing communication initiatives. Results of the survey on Top Data Breach Types and Administration was next shared by the Technology Working Group while the Comparative Privacy Statistics Working Group tabled its report on the survey regarding complaints handling.

Based on its investigations and research, OVIC Victoria, Australia shared the lessons learned on de-identification and open data. Meanwhile, OPC Canada talked about the information aspects of indigenous people.

Jurisdiction reports were presented, starting with law reform and legislative developments. OAIC Australia discussed the proposed data sharing and release legislation; PIPC Korea talked about its fourth Master Plan for Personal Data Protection; PDPC Singapore reported on its shift to accountability and practical guidance for data sharing agreements; and OPC Canada, OPC New Zealand and PPC Japan gave updates on the review and modernization of their respective privacy laws.

Significant developments on investigations and enforcement were reported by the FTC United States, INAI Mexico, OPC Canada, PPC Japan, OIPC British Columbia, and NPC Philippines. NPC Philippines and OVIC Victoria, Australia likewise shared their education and outreach activities.

In the afternoon, more detailed reports on investigation and enforcement of data protection were presented by the FTC United States, ICO United Kingdom, PCPD Hong Kong, OPC Canada, NPC Philippines and PDPC Singapore. OPC New Zealand, OIPC British Columbia, OPC Canada and OAIC Australia presented reports on privacy concerns relating to consumer protection and OPC Canada, FTC United States and OAIC Australia presented on privacy and social media and digital platforms.

Day One also included discussions on the following topics:

  • Updates on the International Conference of Data Protection and Privacy Commissioners, now known as the Global Privacy Assembly (GPA) by ICO United Kingdom;
  • Updates on the Global Privacy Enforcement Network by OPC Canada and OIPC British Columbia;
  • Updates on the Ibero-American Network of Data Protection by INAI Mexico;
  • APEC Cross Border Privacy Rules System the Cross-Border Privacy Enforcement Arrangement by FTC United States

The PIPC Korea proposed the launch of an online platform for information sharing about data protection laws and regulations of APPA member states, and the Communication Working Group has been tasked with this project. The OAIC Australia discussed the participation of APPA members in the GPA and suggested using a template for monitoring the implementation of resolutions as well.

The day concluded with a presentation regarding the 53rd APPA meeting scheduled to held in Hong Kong, in collaboration with Macao, and a group photo.

Day Two (Broader sessions)

On the second day, the session started with a discussion on privacy and public affairs by PCPD Hong Kong and ICO United Kingdom.

A presentation of GDPR compliance updates, including initiatives to secure personal data flows under the regime of GDPR, from ICO United Kingdom, PIPC Korea, PPC Japan and CNIL France followed. In this regard, PPC Japan also introduced its recent initiatives on global data flow. Reports on data portability were also presented by OAIC Australia and PDPC Singapore. Meanwhile, GSMA talked about the Regulatory Pilot Space and how it can help in cross-border data flows.

Updates on bilateral agreements and ASEAN developments were tackled in the next panel discussion. These included Singapore’s bilateral agreements with Hong Kong, Philippines and the United Kingdom, the United States-Mexico-Canada Trade Agreement, ASEAN Data Protection and Privacy Forum, ASEAN Data Classification Framework and Cross-Border Data Flow Mechanism, and the ASEAN Data Innovation Forum, among others.

Commissioner arrivals and departures

The meeting recognized the following appointments and departures in member authorities:

Ms. Josefina Román Vergara was appointed as Commissioner of INAI Mexico for 2019-2026.

Dr. Nelson Remolina Angarita was appointed Deputy Superintendent for the Protection of Personal Data, Superintendence of Industry and Commerce, Colombia, replacing Mr. German Bacca Enrique Medina.

Mr. Hyun Joon Kwon was appointed Vice President of the Korea Internet and Security Agency, replacing Mr. Jeong Hyun Cheol.

Ms. Mieko Tanno was appointed as the new Chairperson of the PPC Japan, after the resignation of Ms. Minako Shimada.

Next meeting

The 53rd APPA Forum will take place in May 2020.

52nd APPA Forum attendees

  • National Privacy Commission, Philippines (Host)
  • Office of the Australian Information Commissioner (OAIC)
  • Office of the Information and Privacy Commissioner, British Columbia (OIPC-BC)
  • Office of the Privacy Commissioner of Canada (OPC-Canada)
  • Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)
  • Personal Information Protection Commission, Japan (PPC)
  • Personal Information Protection Commission, Korea (PIPC)
  • Korea Internet & Security Agency (KISA)
  • Office for Personal Data Protection, Macau, China (OPDP)
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico (INAI)
  • Office of the Privacy Commissioner, New Zealand (OPC)
  • Personal Data Protection Commission, Singapore (PDPC)
  • Federal Trade Commission, USA (FTC)
  • Office of the Victorian Information Commissioner (OVIC)

Officials from the following organizations attended the meeting:

As guest speakers

  • Information Commissioner’s Office, United Kingdom
  • GSMA
  • Commission Nationale de I’Informatique et des Libertes (CNIL)
  • Ministry of Digital Economy and Society, Thailand
  • Personal Data Protection Department, Ministry of Communication and Multimedia, Malaysia

As guests

  • Asian Business Law Institute
  • Hunton Andrews Kurth LLP
  • Former Deputy Commissioner of the National Privacy Commission
  • One Trust
  • Authority for Info-Communications Technology Industry (AITI), Brunei