25th International Conference of

1

• 25th International Conference of
• Data Protection Privacy Commissioners
• 10 - 12 September 2003, Sydney, Australia
• Plenary Session A
• Regulating Privacy what others are doing
• Personal Data Privacy The Asian Agenda
• Presented by Raymond Tang
• Privacy Commissioner for Personal Data, Hong Kong
  SAR

2
OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data

• Benchmark of data protection guidelines
• Vintage 1980
• Harmonisation of national legislation

3
The European Union Directive onData Protection
and Transborder Data Flows

• Vintage 1995
• Clarity of requirements and expectations
• Portrayed by some as (overly) prescriptive
• December 2001 contractual option

4
Data Privacy - The Asian Context

• Diversities
• Technological developments highlight data
  protection issues
• Economic incentives

5
Situation in Hong Kong (1)

• OECD style framework
• Emphasis on balancing private right and public
  interest
• Code of Practice on Consumer Credit Data
• (Proposed) Code of Practice on Monitoring and
  Personal Data Privacy at Work

6
Situation in Hong Kong (2)

• External trade oriented economy
• Proximity to Mainland China - potentially
  largest market
• Need to work with regional partners
• Regional issues no different from those in
  Western economies
• Common objective - data protection

7
Asia Pacific Initiatives
Asia Privacy Forum (APF)
Asia Pacific Telecommunity (APT)
Asia Pacific Economic Cooperation (APEC)
8
APEC

• 21 member economies
• Spans 4 continents representing more than 1/3 of
  worlds population, 50 world GDP, 47 world
  trade
• 1998 Blueprint for Action on E-Commerce
• Electronic Commerce Steering Group

APEC Privacy Sub-Group
9

• Proposal to establish
• APEC Privacy Principles
• Approach under discussion
• (Described by some as OECD-like)
• Benefit lies in establishing common platform and
  an acceptable regulatory level
• Implementation Mechanism, here lies the true test

10
Asia Pacific Telecommunity (APT)

• Regional telecommunication organization since
  1979
• Survey on personal data protection in Asia
  Pacific region

APT Privacy Guidelines
11

APEC Privacy Principles
APT Privacy Guidelines
V

• Consistency
• Level of regulatory guidance and implementation
  mechanisms
• Macro v Operational?

12
Asia Privacy Forum (APF)

• Established 2002 in Seoul with KISA as
  Secretariat
• Aim at promoting privacy protection in Asian
  economies by -
• Information Sharing
• Bridging gaps between international conferences
  and regional situations

13
Asia Privacy Forum (APF)
Local Issues
Regional Issues
Working Groups
14
Developments in Regional Jurisdictions (1)

• APT regional survey 2002
• Some have operationalized data privacy regimes
• Some on the road to enactment or introducing
  legislation
• Difference in methodology to oversee compliance

15
Developments in Regional Jurisdictions (2)

• Remedies and Dispute Resolution
• Data Protection Authorities
• Socio-economic situations will shape development
• Economic benefits provide the incentive

16
And work continues