The 59th APPA Forum hosted by the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico

The National Institute for Transparency, Access to Information and Personal Data Protection, Mexico (INAI) hosted the 59th Asia Pacific Privacy Authorities (APPA) forum from June 05-06, 2023.

The forum was attended by 15 APPA members. A number of guests were also in attendance from around the globe, including other data protection authorities, and observers from industry, government, academia, and civil society.

During the intensive two-day forum, members discussed common privacy issues, regulatory experiences, and enforcement challenges. Attendees also shared their knowledge and experience and continued to build relationships with a view towards an enhanced international cooperation.

The discussions focused on the following key themes:

  • Guide on contractual clauses
  • Vulnerable groups and their right to the personal data protection
  • Employee surveillance
  • The impact of the AI on today’s society
  • Cross-border transfer of personal data with Trust
  • Open-source Intelligence – Developments and responses
  • Data for Equity – Promoting privacy when collecting and using personal information to identify and eliminate barriers against individuals in equity-seeking groups
  • PDPC’s guidance on the Legitimate Interests Exception under the PDPA
  • Investigation into Home Depot of Canada Inc.’s Compliance with PIPEDA
  • Biometric and Human Rights

The two-day meeting was divided in two sessions. On day one members-only session, the forum opened with a traditional welcome from the President Commissioner of INAI, Blanca Lilia Ibarra Cadena and the Commissioner Josefina Román Vergara in a time when Mexico has to guarantee, protect and promote more than ever the human rights of its citizens in terms of personal data protection.

Day One

The focus of Day One was on APPA’s standing agenda items.

The Governance Report from OIPC British Columbia was delivered by Commissioner McEvoy, Chair of the APPA Governance Committee and Secretariat. The Commissioner thanked President Commissioner Blanca Lilia Ibarra Cadena and her fellow Commissioners, Commissioner Josefina Román Vergara, Commissioner Adrián Alcalá Méndez and Commissioner Norma Julieta del Río Venegas, on behalf the APPA membership, for their recognized and respected leadership in access and privacy in Mexico and internationally. This includes their two roles as Chair of the Executive Committee of the Global Privacy Assembly and as Secretariat to the International Conference of Information Commissioners.

Commissioner McEvoy expressed the hope that the matter of the INAI’s quorum would soon be addressed by the Mexican government to enable INAI to continue in its important leadership roles.

Members asked APPA’s Secretariat to convey to Mexican authorities APPA’s support for an expeditious appointment of INAI commissioners.

The Governance Report was followed by the APPA Working Groups Reports on the topic of Technology Working Group by PDPC Singapore; Communications Working Group by OPDP Macao and Comparative Privacy Statistics Working Group by OPC New Zealand.

Thereafter, the presentations of jurisdiction reports took place in which members gave a short update on key privacy developments in their area. These updates were organized into the following categories:

  1. Law Reform and Regulatory Developments: With the exponential growth of technology and the digitization of society, it has become necessary to adapt existing laws and regulations to address the new challenges and risks associated with handling personal data. This regulatory evolution seeks to ensure that the fundamental rights of individuals, such as privacy and control over their personal information, are effectively protected.
  2. Research and Applications of Law: Legislative reform and regulatory developments regarding the protection of personal data and privacy are essential to guarantee the privacy and security of personal data in an increasingly connected and digitized world. These laws set limits and controls on how personal data is collected, used and shared, helping to prevent misuse of such data and potential harm to individuals’ privacy.
  3. Education and Outreach: Personal data education and outreach play a critical role in raising awareness and empowering individuals about the importance of privacy and the protection of their data. This includes promoting good online security practices, encouraging the adoption of transparent privacy policies by organizations and strengthening the culture of respect for the protection of personal data in society. Education and outreach contribute to forming conscious digital citizens, empowered to make informed decisions and protect their privacy in an increasingly interconnected world.

The session wrapped up with Members listening to presentations on “Guide on contractual clauses”, and on “Vulnerable groups and their right to the personal data protection” and “Employee surveillance”.

At the end of day one, the draft communiqué and the conclusions were circulated.

Day Two

The second day of the Forum included the closed session and commenced with opening remarks from INAI authorities and followed by presentations of other guests and personalities from the private sector whose impact on data protection and artificial intelligence worldwide is quite relevant nowadays, such as Google, META and Mercado Libre.

Given the increasingly significant impact AI is already having in countries, members called on private and public sector organizations to ensure compliance with privacy laws when using AI. Members also encouraged continuing cross-border collaboration between data protection authorities in regulating AI.

Following these opening remarks, a presentation on Trusted cross border transfer of personal data was delivered by the Commissioner for International Cooperation of Japan – focusing on DFFT (Data Free Flow with Trust). The privacy landscape was also a featured with a presentation from New Zealand on the state-of-the-art topic of Open­Source Intelligence – information that is readily available to the public or can be available by request, such as newspapers, magazine articles as well as media reports, et cetera.

The Office of the Privacy Commissioner of Canada gave a presentation on Data for Equity, followed by the Investigation into Home Depot of Canada Inc.´s Compliance with The Personal Information Protection and Electronic Documents Act of Canada.

The Personal Data Protection Commission of Singapore gave a presentation on the guidance on the Legitimate Interests Exception under the Personal Data Protection Act of Singapore.

These were followed by presentations on global privacy networks and organizations, including updates on the activities and initiatives of the:

  • GPA
  • Ibero-American Network of Data Protection, presented by the National Institute for Transparency, Access to Information and Personal Data Protection, Mexico.
  • GPA Digital Citizens and Consumers Working Group, the Global Privacy Enforcement Network, and GPA Data Protection and Other Rights and Freedoms Working Group, presented by the Office of the Privacy Commissioner of Canada;
  • GPA Information Commissioner´s Office of United Kingdom
  • GPA National Commission on Informatics and Liberty of France
  • GPA Federal Data Protection and Information Commissioner of Switzerland
  • GPA Superintendence of Industry and Commerce of Colombia
  • APEC CBPR System Federal Trade Commerce of the United States of America
  • OECD Organization for Economic Co-operation and Development

The focus for the second half of Day Two shifted towards more cutting-edge topics, such as a discussion with the Commissioner of New Zealand, an academic expert and an open data specialist on new technologies and the biometrics requirements that have brought new insights over human rights protection for personal data.

To end the proceedings the announcement of the 60th APPA Forum was made.

Next meeting

The 60th APPA Forum is scheduled to take place in Sydney, Australia on November 30 and December 1, 2023.

59th APPA Forum attendees

  • Federal Trade Commission, USA
  • Korea Internet and Security Agency
  • National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
  • National Privacy Commission, Philippines
  • Office of the Australian Information Commissioner
  • Office of the Information and Privacy Commissioner, British Columbia
  • Office of the Information Commissioner, Queensland
  • Office of the Privacy Commissioner of Canada
  • Office of the Victorian Information Commissioner
  • Office for Personal Data Protection, Macao SAR, China
  • Office of the Privacy Commissioner, New Zealand
  • Personal Data Protection Commission, Singapore
  • Personal Information Protection Commission, Japan
  • Personal Information Protection Commission, Korea
  • Office of the Privacy Commissioner for Personal Data, Hong Kong SAR, China
  • Superintendence of Industry and Commerce, Colombia

59th APPA Forum invited observers and guests:

  • Organisation for Economic Co-operation and Development
  • National Commission for Informatics and Liberties CNIL
  • Office of the Privacy Commissioner of Bermuda
  • Ibero-American Network of Data Protection
  • META
  • Mercado Libre
  • Google
  • National Autonomous University of Mexico
  • International Association of Privacy Professionals
  • Iniciativa Latinoamericana de Datos Abiertos