Privacy & Information Security Law Blog

On December 2-4, 2014, Asia Pacific Privacy Authority (“APPA”) members and invited observers and guest speakers from government, the private sector, academia and civil society met in Vancouver, Canada, to discuss privacy laws and policy issues. At the end of the open session (or “broader session”) on day two, APPA issued its customary communiqué (“Communiqué”) containing the highlights of the discussions during both the closed session on day one and the open session on day two. A side event on Big Data will be held on the morning of day three (December 4).

According to the Communiqué, during the closed session on the first day, APPA member authorities and invited observers discussed a wide range of issues, including recent privacy developments in their respective jurisdictions, the theme for next year’s APPA Privacy Awareness Week, and the “right to be forgotten” and its applicability in member economies, which the APPA members will continue to examine. APPA members also welcomed Singapore’s Personal Data Protection Commission as APPA’s 17th member.

During the broader session on day two, APPA members were joined by invited speakers and observers to discuss issues such as the relationship between regulators and civil society, the risk-based approach to privacy compliance and accountability, wearable technology, the APEC Cross-Border Privacy Rules system, the right to be forgotten and organizational accountability.

The discussion on the risk-based approach to privacy compliance and accountability was led by the Centre for Information Policy Leadership at Hunton & Williams and three of its member companies. The Centre introduced the APPA group to its ongoing Privacy Risk Framework Project and discussed the role of risk assessments in enabling organizations to devise more effective privacy protections. The speakers clarified that a risk-based approach to privacy does not replace or change legal obligations, but facilitates better practical implementation of those obligations. It also improves an organization’s ability to create and maintain accountability beyond compliance requirements.

APPA is the principal forum for privacy authorities in the Asia-Pacific Region. APPA members meet twice a year to discuss recent developments, issues of common interest and cooperation. The Vancouver meeting was hosted by the Office of the Information and Privacy Commissioner of British Columbia and by the Office of the Privacy Commissioner of Canada.