APEC recently moved one step closer towards the goal of updating its privacy framework in time to mark the 10th anniversary of the framework’s adoption in 2005.

Last month at a meeting in Subic Bay, the Philippines, APEC’s Electronic Commerce Steering Group (ECSG) endorsed an ECSG Data Privacy Subgroup (DPS) plan to concentrate on updating the framework in six priority areas. The work is part of a DPS privacy ‘stocktake’ project.

In light of the role of the 1980 OECD Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data, it was agreed that the stocktake should be based on the 2013 Guidelines. The importance of these guidelines cannot be overstated as they are the foundation and starting point for the APEC Privacy Framework.

One major path to advance the stocktake was for a comparative review of the changes to the OECD guidelines and their likely impact on the APEC framework. The New Zealand Office of the Privacy Commissioner undertook this review as part of an Australia, Canada and New Zealand stocktake group.

Six priority areas

The review recommended that concrete proposals for updating the APEC Privacy Framework be concentrated in six areas. These are by:

1. introducing the concept of privacy management programmes.
2. adding breach notification as part of the recommended remedies where privacy protections are violated.
3. enhancing domestic implementation approaches by reference to economy strategies, technical measures (sometimes called ‘privacy by design’) and the role of privacy enforcement authorities.
4. enhancing international implementation by reference to interoperability with privacy frameworks based outside the region and by developing internationally comparable metrics.
5. offering guidance by outlining the factors to be considered in balancing trade considerations when restricting cross-border transfers for reasons of privacy; and
6. making suitable updates to the preface and commentary.

In developing the proposals, the stocktake group kept a number of factors in mind such as:

• will the change contribute to the APEC objectives (e.g. to promote economic growth and remove distortions that impede trade)?
• will the change help ensure that the APEC Framework more effectively responds to technological and marketplace evolution since 2005?
• will the change help ensure that the APEC Framework remains ‘fit for purpose’ for another 10 years?
• will the change promote interoperability between the APEC Framework and other arrangements at international level?

The stocktake group received a mandate to continue with its work and to develop more concrete updating proposals. The group working on the stocktake has been enlarged and now consists of Australia, Canada, Japan, New Zealand, the United States and two guests of APEC’s Electronic Commerce Steering Group - the International Chamber of Commerce and the Internet Society.

The group will report back to APEC’s Data Privacy Subgroup in August 2015.

OECD, International, Asia Pacific