In a historic first for the Asia Pacific Privacy Authorities (APPA) network, its biannual forum took place via video conferencing. Against the backdrop of the Covid-19 pandemic, APPA members decided this was a practical course of action for its 19 member authorities and contributing observers, with Singapore’s Personal Data Protection Commission (PCPD) hosting the virtual event.

Privacy Commissioner John Edwards and staff from New Zealand’s Office of the Privacy Commissioner joined over 100 APPA representatives to participate in the three-day event – the first of the two forums held by the privacy network each year.

As an active member of APPA, our office looks forward to these well-organised forums, so we can hear about any emerging privacy issues in the Asia Pacific region, and learn from the experiences of our international peers. This was particularly the case for APPA’s 53^rd Forum, which had a large focus on Covid-19 and how regulators have responded to important privacy issues relating to the pandemic.

Below is a summary of some our highlights. You can also read the forum’s communiqué here.

Day One (2 June 2020)

After a warm welcome from the PDPC Commissioner, Tan Kiat How, several member authorities including Macao, Japan, Australia, Singapore, Hong Kong, Korea, Canada and New Zealand gave reports on recent privacy law developments in their respective jurisdictions.

Privacy Commissioner John Edwards spoke about the activation of the Civil Defence National Emergencies (Information Sharing) Code 2013, which facilitates the disclosure of personal information to public sector agencies to assist the government’s response to a national emergency. The operation of this Code was triggered on 25 March, when the Minister of Civil Defence declared a state of national emergency in response to Covid-19. 

Mr Edwards also briefed participating members on the amendment to the Telecommunications Information Privacy Code, which enables emergency services to gain access to the location of a cellular device if there is a serious risk to the life or health of a person, and on the implementation of the Privacy Bill, which is due to come into force in December this year. 

The session closed out with an interesting discussion on issues relating to investigations and enforcement of data protection, with presentations by the United States, Japan and Canada’s federal and British Columbia authorities.

Day Two (3 June 2020)

Day Two covered many hot topics, including key features of data breach notification regimes, the protection of biometric information and personal data issues arising from Covid-19. New Zealand, alongside Singapore, Hong Kong, the Philippines, Canada, Japan, Australia and Britain, shared its experiences and lessons on the unique privacy issues that have arisen from the pandemic. This included a discussion of the various app solutions member states have deployed to assist health authorities with contact tracing.

A key theme from the discussion was the importance of privacy rights during public emergencies and the need for international cooperation between privacy authorities to ensure the protection of personal information in global pandemics. This discussion was a highlight for our office, as we found it incredibly valuable to hear how other member authorities have tackled these unprecedented privacy challenges.

The session ended with members agreeing to the formation of a Covid-19 repository, which would improve information sharing between authorities and facilitate closer relationships with other international networks, such as GPEN and GPA, as part of the global response to Covid-19. 

Day Three (4 June 2020)

Day Three featured another full and forward-looking agenda. The third and final session opened with presentations from Singapore, the United States and Colombia on their approaches to AI governance and regulation.

These discussions were followed by a sharing of ideas on how to increase international cooperation on data protection. This was a key theme throughout the forum, as member authorities spoke of a rise in serious, cross-jurisdictional data breaches and the importance of a trusted cross-border flow of personal data. The Personal Information Protection Commission of Korea (PIPC) put forward the idea of a cooperation mechanism for investigations into cross-jurisdiction data breaches and shared the view that now is the right time to strengthen international cooperation and mutual assistance.

The session closed with an update on global privacy developments.

Our office would like to thank Singapore’s Personal Data Protection Commission for hosting the 53^rd APPA Forum. We look forward to attending the next APPA gathering - either in person or virtually - later this year. The next forum will be hosted by Australia’s Office of the Victorian Information Commissioner in December 2020.

Image credit: Asia Pacific Privacy Authorities

International, Asia Pacific Privacy Authorities (APPA), Covid-19