Privacy scholars from the Asia Pacific region recently gathered to share research, ask difficult questions, push the boundaries of privacy concepts and grapple with the challenges of new technology. Several themes emerged including cultural concepts of privacy, the pervasive collection of personal information, challenges to rights of access to personal information and the impact of the new European General Data Protection Regulation (GDPR).
Our Privacy Commissioner discussed comparative cultural constructs of privacy in his keynote speech and these were explored further in research from Hong Kong and China. Jill Bronfman from the University of California presented research on privacy harms, exploring concepts of public shame and saving face in China, comparing this to other concepts privacy harm such as injury to individual, personal feelings.
Japan, China and Korea
Prof Kiyoshi Murata, a director of the Centre for Business Information Ethics at Tokyo’s Meiji University, summarised research into Japanese cultural views of ‘sensitive’ personal information and whether those views matched the legal definition in Japan’s data protection laws.
The preliminary research findings revealed Japanese people tended to feel high sensitivity in relation to financial and economic information and less sensitivity in relation to data shadows and civic issues (such as political orientation or religious belief). The findings were in contrast to the legal definitions, highlighting the importance of taking into account specific cultural and social contexts when considering the domestic application of legal norms. The research also highlighted how legal definitions of sensitive data can be meaningless if these are taken out of context, effectively undermining the aims of a privacy law.
Prof Whon-il Park from Kyung Hee University discussed a celebrated case in South Korea about a politician and the Olympic gold medal winning ice skater, Yuna Kim, and its legal consequences over whether an access request by the authorities for an ISP’s content can be complied with without proper due process.
On the issue of access, there was also a presentation about a joint Citizen Lab project between Chinese University of Hong Kong and the University of Toronto which demonstrated a tool to access personal information held by telecommunications companies. The tool has similarities to New Zealand’s AboutMe tool.
Research by Nigel Waters from the University of New South Wales studied the pervasive collection of personal information by a public transport provider. Mr Waters is legally challenging how the movements of senior citizens are automatically collected by the NSW agency and is awaiting a court decision on his complaint.
In Japan, there was research on social encircling or family encasement in relation to frequent flyer and customer loyalty schemes, and whether this extension to include wider social networks for marketing purposes was an infringement of privacy.
Designing for privacy
A number of researchers called for new approaches to privacy, with robust critique of privacy by design.
Samford University’s Prof Woodrow Hartzog argued for a new approach to privacy design concepts noting that consent does not scale and was not the same as autonomy, which he preferred as a way to frame and design privacy-related rights. You can find out more about Prof Hartzog's presentation in this blog post.
Several researchers argued that de-identification offers little or no privacy protection, noting the increasing likelihood of re-identification and reports from 2014 that it is not a good basis for policy (see, for example, Big Data and Privacy: A technological perspective - President’s Council of Advisors on Science and Technology (PCAST) 2014).
From China, researchers highlighted a new privacy paradox where there were both laws aimed at giving consumers more privacy rights (notably in the telecommunications and e-commerce sectors) and new laws strengthening the government’s legal scope for online surveillance (such as China’s new cyber-security law which takes effect in 2017).
Researchers also discussed the new European GDPR, looking closely at how it will affect their respective countries’ data laws and business practices.
The Hon Michael Kirby needed little introduction for the assembled privacy scholars. In his presentation, the world-renown Australian jurist recalled his role in the development of OECD privacy guidelines and the current issues in Australian privacy law. He also called on participants to learn from the lessons in his work relating to LGBTI rights and his inquiry into North Korean government human rights abuses to continue to strive to make progress for the legal recognition of the right to privacy.
The APSN International Conference was absorbing and timely, and it offered plenty to reflect on as New Zealand prepares for its privacy law reform. You can find out more about the conference’s speakers and topics here. The presentation papers are being compiled for publication next year.
Image credit: Office of the Privacy Commissioner