Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Asia Pacific Forum promotes privacy in the region [1999] PLBIRp 57; (1999) 51 Privacy Laws and Business International Report 18

Asia Pacific Forum promotes privacy in the region

Edited report by Ingrid Wilson

MANY OF THE SMALLER JURISDICTIONS in the Asia Pacific region are taking steps towards better privacy protection. Thailand is in the process of implementing a data protection law, and Malaysia is considering a comprehensive data protection regime.

The Second Asia Pacific Forum on Privacy and Data Protection (ASPAC II) was held on 12 September in Hong Kong. The meeting was jointly organised by the Office of the Privacy Commissioner, New Zealand and the Office of the Federal Privacy Commissioner, Australia. The first ASPAC meeting was hosted by Stephen Lau, the Hong Kong Privacy Commissioner for Personal Data in April 1998 (PL&B July '98 p.10-11).

ASPAC II was a one-day meeting aimed at fostering an international exchange of information and practical experience about privacy and data protection issues. The meeting was specifically focused on the promotion of privacy protection within the Asia Pacific region and was designed to complement the 21st International Conference on Privacy and Personal Data Protection held also in Hong Kong on 13-15 September 1999.

Key aims of the ASPAC II Forum included:

• to assist officials in jurisdictions which have privacy or data protection laws to better fulfil their role in line with international best practice, and

• to provide an opportunity for officials from jurisdictions which do not yet have privacy or data protection laws, to learn about privacy issues and to study the institutional and legal mechanisms for better protecting privacy in their home countries.

WIDE PARTICIPATION

It was encouraging to see a broad range of jurisdictions represented at ASPAC II. These included representatives from:

• Australia

• Canada

• Federated States of Micronesia

• Fiji

• Hong Kong Sar

• Indonesia

• Japan

• Kingdom of Tonga

• Malaysia

• New Zealand

• Papua New Guinea

• Philippines

• Samoa

• Singapore

• Solomon Islands

• Thailand

• Tuvalu

• United States

There was also state-level representation from Hawaii, Victoria and Western Australia.

Some participation was made possible as a result of funding from the New Zealand Ministry of Foreign Affairs and Trade and the Australian Agency for International Development (AusAID) through their International Seminar Support Scheme.

PRE-FORUM BRIEFING

Preceding the ASPAC II Forum, a briefing session for those new to privacy and data protection issues was conducted at the premises of the Hong Kong Privacy Commissioner for Personal Data. This briefing gave participants a summary of the notion of privacy, general privacy principles and key international institutions and developments to prepare participants for discussion at the Forum. Around ten representatives attended and presentations were given by Timothy Pilgrim and Ingrid Wilson from the Australian Office of the Federal Privacy Commissioner, and Blair Stewart, New Zealand Assistant Privacy Commissioner.

THAILAND IMPLEMENTING A DATA PROTECTION LAW

The day was chaired jointly by Bruce Slane, Privacy Commissioner of New Zealand, and Malcolm Crompton, Federal Privacy Commissioner, Australia.

Each country gave a brief report on the status of privacy law development in their jurisdiction. It was impressive to see that many of the smaller jurisdictions in the Asia Pacific region were making progress in this area. Some jurisdictions, such as Thailand, were implementing new data protection laws, while Malaysia had established an inter-agency committee to advise on the development of a data protection regime.

In a number of jurisdictions, such as Indonesia, while there was no specific privacy law, the national representative referred to the existence of other laws protecting various types of information such as medical records. Other jurisdictions, for example Papua New Guinea, had a section in their constitution recognising the right to privacy. Overall, the importance of data protection was recognised and many representatives reported their intention to further progress data protection and privacy on their return to their countries.

Graham Greenleaf, Professor of Law, University of New South Wales, gave a practical demonstration of online privacy and data protection resources. The presentation highlighted a number of key international journals and newsletters on privacy. Professor Greenleaf also gave some useful starting points for conducting privacy-related research on the Internet (see http://www2.austlii.edu.au/~graham/publications/aspac/ resources.html).

EU DIRECTIVE HAS IMPLICATIONS FOR DATA EXPORT

Ulf Brühann, the Head of Unit of DGXV of the European Commission, discussed the implications of the European Union Directive for countries in the Asia Pacific region. He gave a comprehensive presentation about the objectives of the relevant EU directives. He focused particularly on the restrictions on international transfers of data and provided information about processes, procedures and evaluation criteria used by the Commission for determining whether a third country has "adequate" data protection.

Professor Greenleaf provided additional comment, noting the existence of data export restrictions in laws in the Asia Pacific region, for example, the Hong Kong Ordinance, Quebec and Taiwan. The proposed Australian private sector law will also feature controls on transborder data flows. He suggested that an Asia Pacific privacy agreement be developed so as not to impede the free flow of information in the region.

OPERATIONAL ISSUES

Blair Stewart gave a summary of his comprehensive paper on comparative models of national data protection agencies which provide a useful starting point for jurisdictions which do not yet have a data protection agency. He noted typical structures of agencies, commonalities and differences between various models and discussed the issue of independence.

Michael Smith, Jersey's Data Protection Commissioner, gave an example of the operation of a small jurisdiction in the bailiwick of Jersey.

A session on confronting operational data protection issues was jointly conducted by Deborah Marshall, Manager of Investigations at the New Zealand Office of the Privacy Commissioner and Julien Delisle, Executive Director of the Canadian Privacy Commissioner's office. Deborah Marshall highlighted the use of complaints investigations, legislative monitoring, education and other techniques available to Commissioners to address recurring privacy problems.

Julien Delisle emphasised the importance of the audit function and how a data protection office can use audits strategically to ensure compliance with privacy legislation.

ADAPTING PRIVACY PRINCIPLES

Malcolm Crompton gave a case study highlighting the need to be flexible in the application of privacy principles to ensure they are relevant to people's needs in a day-to-day context. He used the example of a project undertaken by the former Privacy Commissioner to develop a set of practical guidelines to assist departmental staff in the Northern Territory to apply the Privacy Act in a way which is culturally appropriate for Aboriginal and Torres Strait Islander people in that community.

FUTURE ASPAC MEETINGS

There was brief discussion on future ASPAC meetings but no decision was made about who would hold the third meeting. If participants consider that a third ASPAC ought to be organised, their thoughts on how it should be hosted and funded would be welcome. Rotation of hosting is essential if the workload and resources implications are to be managed and in order to ensure that the approach is refreshed.

This edited report was originally written for the Privacy Law & Business Reporter, Australia, by Ingrid Wilson, Senior Promotion and Education Officer, Office of the Federal Privacy Commissioner, Australia. The report is published here with the permission of Associate Editor Nigel Waters. Contact details for the Privacy Law & Business Reporter are: Level 1, 71-73 Lithgow St, St Leonard NSW 2065, Australia. Tel: + 61 2 9439 6077. For more information about the meeting, please contact the organisers: Office of the Privacy Commissioner, New Zealand , Tel: +64 9 302 2160, and Office of the Privacy Commissioner, Australia, Tel: +61 2 9284 9600.