Presentation is loading. Please wait.

Presentation is loading. Please wait.

APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See

Published byBernadette Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See"— Presentation transcript:

1 APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See http://www2.austlii.edu.au/~graham/ for updates / detailshttp://www2.austlii.edu.au/~graham/

2 Regional privacy standards There is no global standard One region (Europe) has successfully developed regional standards Council of Europe Convention 1981 European privacy Directive 1995 The Asia-Pacific is the next most advanced region in privacy protection Far less political and economic unity or uniformity Starting the most important international privacy developments since the EU Directive ….

3 Toward an Asia-Pacific standard APEC’s privacy initiative Chaired by Australia - US / Aust. initiative Asia-Pacific Telecommunity (APT) Chaired by Korea Asia-Pacific Privacy Charter Council A ‘civil society’ expert group FTAA will also affect some countries (Free Trade Area of the Americas)

4 APEC’s privacy Principles Australia chairs a working group of 10 countries since Feb 03 Starting point: OECD Guidelines (1981) What’s the purpose?: A minimum standard where compliance will (somehow) justify regional free flow of person information A standard which will encourage (minimum) protection in countries where there is none

5 APEC’s privacy Principles - Progress or stagnation? 5 draft versions in 6 months Do not yet reach OECD standards Only considering very minor improvements to OECD V2 strengthened V1, but V3 and V4 far weaker for little apparent reason Serious US input coincides with V3 At best it offers ‘OECD Lite’ ….

6 APEC’s ‘OECD Lite’ Examples of weak and outdated standards Based on Chair’s V4 (Aug 03) - now behind closed doors No objective limits on information collection (P1) No requirement of notice to the data subject at time of collection (P3) Secondary uses allowed if ‘not incompatible’ (P3) OECD Parts 1, 3, 4 and 5 all missing as yet Farcical national self-assessment proposed (V1) Why start from a 20 year old standard? Most regional countries are not members Recognised as inadequate (eg Kirby J 1999)

7 The alternative: A real Asia-Pacific standard Actual standards of regional privacy laws Eg Korea, Canada, Hong Kong, New Zealand, Taiwan, Australia, Japan, Argentina Principles stronger than OECD are common Expert input is needed to identity this standard, not filtered through governments Privacy Commissioner need a collective role No equivalent yet to A29 Committee Santiago (Feb 04) only offers input on implementation Asia-Pacific NGO experts are developing the APPCC We need to adopt and learn from 25 years regional experience, not ignore it

8 Examples of high regional standards Collection objectively limited to where necessary for functions or activities (HK, Aus, NZ - Can stricter) Notice upon collection (Aus, NZ, HK, Kor) Secondary use only for a directly related purpose (HK, NZ, Aus - Kor stricter) Right to have recipients of corrected information informed (NSW, NZ) Deletion after use (HK, NZ, NSW, Kor)

9 APT privacy Guidelines (draft) Asia-Pacific Telecommunity (APT) 32 states via Telecomms ministries (etc) Guidelines on the Protection of Personal Information and Privacy (draft), July 2003 Drafting by KISA (Korea), with Asian Privacy Forum Attempts to take a distinctive regional approach Explicitly not based solely on OECD or EU (cl8) Says OECD Guidelines ‘reflect … the 70s and 80s’ ‘Concrete implementation measures’ unlike OECD Allows more variation between States that EU Emphasises role of government, not litigation Adds new Principles in at least five areas …

10 APT Guidelines - implementation Legislation required + self-regulation encouraged A privacy supervisory authority required Supervision and complaint investigation Data export limits may be ‘reasonably required’ to protect ‘privacy, rights and freedoms’; free flow of information otherwise required Limits on these guidelines only by legislation; only to the extent necessary for other public policies Common character string need to deal with spam

11 APT Guidelines - new Principles No disadvantage for exercising privacy rights (A5(2)) Notification of corrected information to 3rd party recipients (A6(4)) ‘Openness’ of logic of automated processes (A7) No secondary use without consent (A 14(2)) Deletion if consent to hold is withdrawn (A16) Duties on change of information controller (A19) Special provision on children’s information (A34) Personal location information Principle (A30) Unsolicited communications Princple (A31)

12 Conclusions Why are APEC and APT so different? Membership similar except for the USA Australia’s APEC initiative had a defensive and outdated starting point (OECD) Inadequate process: no collective expert input, and now behind closed doors OECD Guidelines were by an ‘expert group’ A more consultative, confident, and region- based APEC initiative is needed

13 Coda: APPCC contribution Asia-Pacific Privacy Charter Council 35 non-government privacy experts from 10 regional countries, and growing On 12/11/03, meeting to consider 1st working draft Headings of Principles under consideration for Charter are over - only a first draft Covers surveillance and intrusions as well as IPPs An attempt to find a positive regional standard

14 APPCC draft Part I - General Principles 1.Justification and proportionality 2.Consent 3.Accountability 4.Openness 5. Non-discrimination 6.Reasons for non-compliance

15 APPCC draft - Part II - Information Privacy Principles 7. Anonymous transactions14. Retention limitation 8. Collection limitation15. Public registers 9.Identifier limitation16. Information security 10. Information quality17. Automated decisions 11. Use and disclosure limitations 18.Identity protection 12.Export limitations19.Disclosure of private facts 13. Access and correction

16 APPCC draft - Part III - Surveillance limitation principles 20.Surveillance justification 21.Notice of overt surveillance 22.Approval of covert surveillance 23.Accountability for covert surveillance 24.Surveillance security 25.Surveillance materials 26.Transborder surveillance

17 APPCC draft - Part IV - Intrusion limitation principles 27.Intrusion limitation 28.Bodily privacy 29.Biometrics limitation 30.Private space 31.Communications & cyberspace privacy 32.Personal location limitation 33.Unsolicited communication limitation

18 APPCC principles - Part V - Implementation and compliance principles 34.Implementation by law40.Independent appeal 35.Sufficient implementation measures 41.Transparency of official actions 36.Supervisory body42.Individual recourse to Courts 37.Privacy impact assessments 43.International cooperation 38.Sufficient remedies for breach 44.Jurisdictional certainty 39. Obligations of information subjects

Download ppt "APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See"

Similar presentations

Transparency and Domestic Regulation Mina Mashayekhi Division on International Trade UNCTAD.

Transparency and Domestic Regulation Mina Mashayekhi Division on International Trade UNCTAD.
Implications for the Regions EU-Regional Policy 1 Governance White Paper Introduction Adoption of White Paper on European Governance, July 25, 2001 Aim:

Implications for the Regions EU-Regional Policy 1 Governance White Paper Introduction Adoption of White Paper on European Governance, July 25, 2001 Aim:
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Five years of the APEC Privacy Framework - Failure or Promise? Graham Greenleaf Faculty of Law, University of New South Wales ASLI Conference, NUS, Singapore,

Five years of the APEC Privacy Framework - Failure or Promise? Graham Greenleaf Faculty of Law, University of New South Wales ASLI Conference, NUS, Singapore,
The Australian Privacy Principles Protecting information rights –­ advancing information policy.

The Australian Privacy Principles Protecting information rights –­ advancing information policy.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)

CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Declaration on the Rights of Indigenous peoples (UNDRIP)

Declaration on the Rights of Indigenous peoples (UNDRIP)
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
The Treaties, Institutions and Policies of the EU

The Treaties, Institutions and Policies of the EU
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
3rd session: Corporate Governance

3rd session: Corporate Governance
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Similar presentations

Ads by Google