The 57th APPA Forum hosted by the Office of the Privacy Commissioner for Personal Data, Hong Kong, China

The Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD) hosted the 57th Asia Pacific Privacy Authorities (APPA) Forum virtually from 12 to 13 July 2022. The forum was attended by 19 APPA members across the Asia Pacific region.

Over the intensive two-day forum, members discussed a wide array of global privacy issues, regulatory experiences and enforcement challenges, particularly those arising from the use of emerging technologies, and shared their latest developments and insights, as well as introduced members’ latest publications and guidance materials.

The discussions focused on the following key themes:

  • Emerging Technologies and Data Protection. Emerging technologies reshape our economy and living. They also give rise to a number of thorny privacy issues. To enhance the effectiveness of data privacy protection, tailor-made initiatives and strategies should be explored. In particular, organisations in both the public and private sectors should adhere to the key data protection principles such as data minimisation, use limitation, data security and transparency when collecting and processing data with the use of new technologies. A privacy by design approach should be adopted when using emerging technologies to ensure that privacy protections are built in from the outset.
  • Guidance and Outreach. Guidance provides all data users with more clarity on how the data privacy rules and principles are applied. It allows regulators to address different privacy issues specifically and is generally welcomed by stakeholders and organisations. In the midst of technological development, guidance relating to new technologies can facilitate organisations to take steps in minimising data privacy risks when developing and using such technologies. At the same time, in the information age, gaining trust from the public is more important than ever. To instill public trust, it is necessary for organisations to respect and be seen to have respected data privacy.
  • Enforcement and Legislative Development. As regulators, APPA members value good practices which are shared by members from their respective investigations and enforcement actions. In particular, intra-jurisdictional and inter-jurisdictional collaborative actions and investigations demonstrate members’ determination in acting as guardians of data privacy. APPA members also noted the latest legislative developments in various jurisdictions. In addition, the issue of cross-border data flows remains an important topic for APPA members in their discussion. APPA members highlighted that data privacy protection should not be undermined in any arrangement, and sufficient safeguard of individuals’ data should always be maintained.

Day One (Members-only sessions)

Ms Ada Chung Lai-ling, Privacy Commissioner for Personal Data, Hong Kong, China opened the 57th APPA Forum and welcomed APPA members to the virtual forum. Mr Erick Tsang Kwok-wai, Secretary for Constitutional and Mainland Affairs of the Hong Kong Special Administrative Region (HKSAR) Government of China, congratulated the PCPD for hosting the APPA 57 amid the city’s celebration of the 25th anniversary of the establishment of the HKSAR, and he wished the event every success. The opening session concluded with the traditional group photo taking.

The formal agenda began with an update from the Office of the Information and Privacy Commissioner for British Columbia in its capacity as APPA Secretariat and Chair of the APPA Governance Committee. This was followed by presentations of reports on the activities of the three APPA Working Groups – the Communications Working Group, the Technology Working Group and the Comparative Privacy Statistics Working Group.

Members then took turns to present their jurisdiction reports and gave updates on their key privacy developments under four themes: Law Reform and Legislative Developments; Investigations – Notable Cases; Guidance and Outreach; and New Strategy and Development.

Next, the National Privacy Commission, the Philippines, presented their report on the launching of their data breach notification management system.

Subsequently in the session on “Updates on Data Protection Initiatives and Trends”, the Personal Information Protection Commission, Korea, shared the promotion of self-regulation in data protection, and its initiative of co-regulation on e-commerce platforms. The Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia presented on their investigation regarding geolocation tracking in the private sector. The Personal Information Protection Commission, Japan updated members on its effort for Data Free Flow with Trust (DFFT), including promotion of Global Cross-Border Privacy Rules (CBPR) system.

Day One concluded with closing remarks from Commissioner Chung, PCPD.

Day Two (Members-only and closed sessions)

The second day of the Forum commenced with opening remarks from Commissioner Chung, PCPD, followed by presentations by Personal Data Protection Commission, Singapore, on the Guide on Blockchain and the Office of the Privacy Commissioner of Canada on the Privacy Guidance on Facial Recognition for Police Agencies.

Next were presentations on global privacy networks and organisations, including updates on the activities and initiatives of the:

  • Global Privacy Assembly (GPA), presented by the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Ibero-American Network of Data Protection, presented by the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • GPA International Enforcement Working Group, presented by the Superintendence of Industry and Commerce, Colombia;
  • GPA Data Protection and Other Rights and Freedoms Working Group, presented by the Office of the Privacy Commissioner of Canada;
  • GPA Digital Citizen and Consumer Working Group, presented by the Office of the Privacy Commissioner of Canada;
  • Global Privacy Enforcement Network, presented by the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy for British Columbia; and
  • APEC Cross Border Privacy Rules (CBPR) System, presented by the Federal Trade Commission, United States.

This was followed by a panel discussion on the topic of “Privacy Issues Arising from Emerging Technologies and the Regulatory Roadmaps” moderated by Commissioner Chung, PCPD. The panelists included Ms Angelene Falk, the Australian Information Commissioner and Privacy Commissioner; Dr Gregory Smolynec, the Deputy Commissioner, Policy and Promotion of the Office of the Privacy Commissioner of Canada; Mr Yuji Asai, Commissioner of Personal Information Protection Commission, Japan; and Mr Stephen Bonner, Executive Director, Regulatory Futures and Innovation of the Information Commissioner’s Office, the United Kingdom.

Before closing, the Office of the Privacy Commissioner, New Zealand, presented on its rental sector work post-implementation of compliance strategy. The Office of the Victorian Information Commissioner, Australia, also shared their insights on the importance of public trust in an information age.

The Forum concluded with the release of the Communiqué of the 57th APPA Forum, a presentation on the 58th APPA Forum by the Personal Data Protection Commission, Singapore, and closing remarks from Commissioner Chung, PCPD.

Commissioner arrivals and departures

The meeting recognised the following appointments in member authorities:

  • Appointment of Attorney John Henry Du Naga as Privacy Commissioner and Chairman of the National Privacy Commission, the Philippines;
  • Appointment of Mr Paxton Booth as the Privacy Commissioner of the Office of the Information Commissioner, Queensland;
  • Mr Michael Webster as the Privacy Commissioner of the Office of the Privacy Commissioner, New Zealand; and
  • Mr Philippe Dufresne as the Privacy Commissioner of the Office of the Privacy Commissioner, Canada.

APPA members also thanked and acknowledged the contributions of Mr Raymund Liboro, the former Privacy Commissioner and Chairman of National Privacy Commission, Philippines, Mr Daniel Therrien, the former Privacy Commissioner of Canada and Liz MacPherson, the former Acting Privacy Commissioner of New Zealand.

Next meeting

The 58th APPA Forum is scheduled to take place from 29th and 30th November, 2022 (Tuesday and Wednesday) and will be hosted by the Personal Data Protection Commission, Singapore.

57th APPA Forum attendees

  • Office of the Australian Information Commissioner, Australia
  • Office of the Information and Privacy Commissioner, British Columbia
  • Office of the Privacy Commissioner, Canada
  • Superintendence of Industry and Commerce of Colombia
  • Office of the Privacy Commissioner for Personal Data, Hong Kong, China
  • Personal Information Protection Commission, Japan
  • Korea Internet and Security Agency
  • Personal Information Protection Commission, Korea
  • Office for Personal Data Protection, Macao, China
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • Information and Privacy Commission, New South Wales
  • Office of the Privacy Commissioner, New Zealand
  • Office of the Northern Territory Information Commissioner
  • National Authority for Data Protection, Peru
  • National Privacy Commission, the Philippines
  • Office of the Information Commissioner, Queensland
  • Personal Data Protection Commission, Singapore
  • Federal Trade Commission, the United States
  • Office of the Victorian Information Commissioner

57th APPA Forum Invited Guests:

  • Information Commissioner’s Office, The United Kingdom
  • Members of the Data Protection Officers’ Club of the PCPD