The 37th Asia Pacific Privacy Authorities (APPA) forum was hosted by the Office of the Privacy Commissioner for Personal Data, Hong Kong in Hong Kong on 14–15 June 2012.
Participants discussed and agreed actions for a wide range of cross-border policy, education and enforcement issues over the two days of the meeting. Selected highlights of those discussions and agreed actions follow.
The meeting analysed current global privacy enforcement issues, such as recent significant data breaches, and the latest activities in international forums. Discussions covered effective international collaboration in enforcement, interoperability and development of cross-border privacy rules, privacy reform in the United States and the EU. Updates on the APEC Privacy Framework and Cross-Border Privacy Enforcement Arrangements (CPEA), the Global Privacy Enforcement Network, and the current review of the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data were also discussed.
Members agreed that greater cooperation between Data Protection and Privacy Authorities was essential in an environment where the cross jurisdictional transfer of personal information was growing exponentially. Members supported the ongoing work in this area being undertaken through fora such as APEC and the OECD.
The meeting discussed the theme “Privacy and Technology in the Balance” for the 34th International Conference of Data Protection and Privacy Commissioners which will be hosted by the Personal Data Control Regulatory Unit (URCDP), in Punta del Este, Uruguay from 23 to 26 October 2012.
The topic of public registers was revisited by Members against the context of technological advancement. Tensions between the openness and transparency principle to allow public access to government information and the individual’s personal data privacy rights is heightened with ever-increasing ease of access to public registers through various online and mobile technologies. From the perspective of privacy protection, the question of how to strike the right balance between public access and protection of personal data privacy is increasingly challenging.
Members agreed to consider the issue on a high-principle basis, focusing on an approach that enables public access to government information with commensurate protection for individual privacy.
The Technology Working Group reported to members on privacy risks relating to smartphone applications, including the non-consensual extraction of personal information. Members expressed concern with this evolving and complex area and agreed to share relevant studies and codes of practice for apps developers. Members agreed to liaise with the International Working Group on Data Protection in Telecommunications (“the Berlin Group”) on its latest actions with the aim of exploring the possibility of developing joint educative and guidance material for consumers and apps developers.
Members discussed avenues available to individuals for assistance with meeting costs associated with taking action against organizations in cases of an alleged breach of privacy. Each jurisdiction outlined what avenues were available in their jurisdictions.
Upon deliberation, members found that the proposed legal assistance scheme under the Hong Kong Personal Data (Privacy) (Amendment) Bill is unique amongst APPA members. There was however other experiences regarding award of damages for privacy infringement that members shared with Hong Kong.
The proposed regulatory requirements on direct marketing activities under the Hong Kong Personal (Privacy) (Amendment) Bill are amongst the most stringent. Members noted the growing trend of conferring on individuals a right to trace the source of personal data from direct marketers and that Hong Kong’s proposed regulatory control will provide a good reference for other APPA members in their future review of privacy protection.
The Hong Kong privacy community shared and exchanged views and experiences with APPA members in the open session on the following privacy issues:
The meeting was attended by representatives from:
Representatives from the following organisations joined the meeting as observers:
Note: To know more about APPA Forum, please visit
|Back row – From left: Henry Chang, Office of the Privacy Commissioner for Personal Data, Hong Kong; Shirley Lung, Office of the Privacy Commissioner for Personal Data, Hong Kong; Brenda Kwok, Office of the Privacy Commissioner for Personal Data, Hong Kong; Lavinia Chang, Office of the Privacy Commissioner for Personal Data, Hong Kong; Yoichiro Itakura, Office of Personal Information Protection Consumer Affairs Agency, Japan; Heajin Lee, Korea Internet and Security Agency, Korea; Masako Mizumachi, Cabinet Secretariat, Japan; Sonia Sousa Pereira, Data Protection Authority, Portugal; Isabel Cruz, Data Protection Authority, Portugal; Markus Heyder, Federal Trade Commission, United States; Ken Yang Chongwei, Office for Personal Data Protection, Macao; Harry Lio Chi Hon, Office for Personal Data Protection, Macao; Bakita Kan Pui Man, Office for Personal Data Protection, Macao|
|Front Row – From left: Hiroshi Miyashita, Office of Personal Information Protection Consumer Affairs Agency, Japan; Kwang Hee Choi, Korea Internet and Security Agency, Korea; Anthony Bendall, Office of the Victorian Privacy Commissioner, Victoria; Brenda Monaghan, Office of the Information Commissioner, Northern Territory; Elizabeth Coombs, Office of the Privacy Commissioner, New South Wales; Timothy Pilgrim, Office of the Australian Information Commissioner, Australia; Allan Chiang, Office of the Privacy Commissioner for Personal Data, Hong Kong; Marie Shroff, Office of the Privacy Commissioner, New Zealand; Edith Ramirez, Federal Trade Commission, United States; María Elena PÉREZ-JAÉN ZERMEÑO, Federal Institute for Access to Information and Data Protection, Mexico; Shin Sohyun, Personal Information Protection Commission, Korea; Brent Homan, Office of the Privacy Commissioner of Canada, Canada; Sonia Chan Hoi Fan, Office for Personal Data Protection, Macao|