Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Highlights of APPA 48 Blair Stewart
19 December 2017

Plate 4 Purple Finch final 2

Privacy authorities in our region rounded off the year in Vancouver with the 48th Asia Pacific Privacy Authorities (APPA) Forum on 16-17 November. The meeting was hosted by the Office of the Privacy Commissioner of Canada (OPC-Canada) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC-BC). Our office was represented by the Commissioner, John Edwards, and myself.

Our office is an active and fully contributing member of APPA and we gain considerable value from being able to learn of the work of our peers, hear of the problems they face and the solutions to problems they’ve engineered and to ‘pick the brains’ of other Commissioners during formal sessions and in the corridors and in breaks.

Kicking off

The day preceding the formal events was a workshop put on by an international think-tank the Centre of Information Policy Leadership (CIPL). This was an opportunity not only to hear of some of CIPL’s ongoing privacy projects but also to meet with and hear from some of the local Canadian business privacy leaders.

APPA 48 proper began on 15 November with a short bus tour around the central city for delegates to get to know each other or renew acquaintances before getting down to business with a half-day of presentations focused upon the value of independent research in privacy. The event showcased results of the OPC-Canada’s Contribution Programme which funds research by other bodies such as academics and privacy advocacy groups.

Among the interesting research showcased, was research which led to a documentary film about the genealogy industry. Edited to manageable commercial proportions with Contributions Programme funding support, the documentary maker Julia Creet’s film shows her quest to unearth the genealogy industry's key players and examine their motivations. It raised questions about the ownership and privacy of personal data, particularly the merging of genetic and genealogical information. The film is a cautionary tale for anybody undertaking genealogical research. You can find out more here.

I shared the stage with the UK Information Commissioner and a representative of the Federal Trade Commission to explain approaches to partner with independent researchers in New Zealand, Britain and the United States. From a New Zealand perspective, I spoke of the experience in setting up the Privacy Good Research Fund and running the first round, last year’s Privacy Research Symposium and Privacy Research Week and of the challenges we’ve faced in launching a second round.

The UK Commissioner discussed their recently launched grants programme which is very similar to our Privacy Good Research Fund, but with a vastly larger budget of over NZ$400,000. The FTC spoke of their innovative PrivacyCon events that bring together researchers from across the US.

Day one

The first day of the more formal roundtable began with a broader session where representatives from organisations that are not part of APPA are invited to speak in sessions that focus on a variety of privacy and data protection topics. In the Applied Privacy session, representatives of Google Canada, Facebook, Apple and Microsoft Canada discussed how their companies respond internally to privacy risks and breaches and how they practice privacy compliance.

A session on re-thinking consent was a lively mix of privacy commentators discussing potential solutions for reconfiguring the role of consent in privacy protection. There’s more information about the issue of consent on the Canadian Office of the Privacy Commissioner’s website here.

When the closed session began after lunch, it began with an update on how the European Union’s General Data Protection Regulation would be implemented when it takes effect on 25 May 2018. We heard from Isabelle Falque-Pierrotin, the Chair of the French privacy regulator CNIL, Christian D’Cunha, from the Office of the European Data Protection Supervisor, and Elizabeth Denham, the UK’s Information Commissioner.

Our office has received a number of enquiries about the impending GDPR and you can find some advice for New Zealand companies on our website here.

Day two

The closed session for APPA members continued on day two. A regular feature at APPA is the jurisdiction reports from each of the member data protection authorities. It’s a crucial way for each of us to be made aware of the main concerns and issues faced by our international colleagues. The five main subject areas are compliance and enforcement, cross-border data flows, law reform, outreach and education, and business and innovation.

Each APPA member submits a jurisdiction report and it is interesting to note common and uncommon areas of interest. For example, the newest APPA member, the Philippines National Privacy Commission highlighted that, according to a privacy survey, only 13 percent of Filipinos were aware of the country’s Data Privacy Act - although 85 percent said their privacy rights were important to them. The Philippines Commission is hard at work in many creative and innovative ways in seeking to create awareness of the new privacy rights in fairly challenging conditions given its population of 103 million scattered over 7,000 islands. 

In a session on other international privacy networks, we heard updates about the APEC Cross-Border Privacy Rules, the International Conference of Data Protection and Privacy Commissioners, the Global Privacy Enforcement Network and the Common Thread Network.

I presented a report on the work of the APPA Comparative Statistics Working Group that is led by New Zealand. Recent highlights included finalising a regional awareness benchmark, contributing to the organisation of an OECD Roundtable and the tabling of a paper that compared APPA authorities to those in the rest of the world.

New Zealand Privacy Commissioner John Edwards then facilitated a discussion about access by responsible government ministers to personal information held by departments they oversee. It was a wide ranging discussion on participants’ experience and views on the practices in their jurisdictions, the limits placed on access, the issues that had arisen and the responses of various stakeholders. The topic raised challenging and delicate issues in the intersections of competing interests such as public sector governance and accountabilities, ethics, politics, privacy and the law.

At the request of New Zealand, members also shared their thoughts on the merits of participating as amici in the US Supreme Court case of the US government v Microsoft. Following the discussion, New Zealand decided that it was worth pursuing and last week filed this submission.

APPA 48 concluded with a presentation by the hosts of the coming 49th and 50th APPA forums. The 49th forum will be hosted by the US Federal Trade Commission in June 2018 and the 50th will be hosted by our office in Wellington from 3-4th December 2018.

You can read more about APPA 48 on the APPA website here.

Image credit: Purple finch via John J. Audobon's Birds of America.

0 comments

, , ,

Back

Comments

No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.