Privacy Law and Policy Reporter
The Asia-Pacific Privacy Charter Council: a regional ‘civil society’ initiative
More than 30 non-government privacy experts from Asia-Pacific countries have formed the Asia-Pacific Privacy Charter Council, a non-government organisation which plans to develop and advocate a standard of privacy protection for the Asia-Pacific region.
The initial membership, drawn mainly from countries with more advanced privacy laws, includes five former Privacy Commissioners or Deputy Privacy Commissioners, 10 law professors, four professors of sociology or political science, and 11 members drawn from information system experts, journalists, and leaders of privacy research and advocacy bodies. Between them APPCC members have written more than 30 books on privacy, and edit numerous journals on the subject.
The membership is now being expanded to include members representing as many countries in the region as possible. The members will all have expertise and experience in matters relating to privacy and a commitment to privacy protection. Government and business representatives, and current Commissioners and their staffs, have their own separate fora.
The convener of the initiative is the Baker & McKenzie Cyberspace Law and Policy Centre at the University of New South Wales Faculty of Law.
Since the mid-1990s, privacy experts in the Asia-Pacific have been advocating the development of an Asia-Pacific regional privacy agreement to help increase and harmonise the level of privacy protection in the region, which is necessary if there are to be free flows of personal data which do not adversely affect privacy.
The development of such a regional standard requires high quality inputs from a number of sources, including governments, regional privacy protection authorities and independent experts. The 1980 OECD privacy Guidelines and the 1981 Council of Europe Privacy Convention were drafted by such expert committees.
Regional examples of independent expert input are the group that drafted the Canadian Privacy Standard (and thus the core principles of Canada’s private sector legislation), and the 1993 Australian Privacy Charter, developed by a Charter Council (also hosted by UNSW Law Faculty) which has had a significant influence on the development of Australian privacy legislation in three jurisdictions.
After over 15 years of development, existing privacy laws in Asia-Pacific jurisdictions have many strengths, including in some cases elements that are an advance on what is found in the OECD Guidelines or European laws (such as Canada’s purpose justification principle, Korea’s ‘no disadvantage’ principle and Australia’s anonymity principle). There is also a valuable diversity of implementation and compliance mechanisms in regional laws on which to draw, including methods of co-regulation (which have been characterised as a ‘third way’ in data protection), mediation, audit, privacy impact assessment and compensation. There is much to learn from our regional experience.
The APEC privacy initiative (see (2003) 10(1) PLPR 1, and the follow up article in this issue on p 45) provides both added urgency in the need for independent expert input into Asia-Pacific privacy standards and a new opportunity for such input to be effective.
The APPCC initiative therefore aims to create a regional expert group which will develop independent standards for privacy protection in the region, to influence the enactment of regional privacy laws and the adoption of regional privacy agreements in accordance with those standards.
The Charter Council’s standards will complement the inputs into the development of these laws and agreements from business, government and privacy officials, and challenge them to develop a high standard of privacy protection for the Asia-Pacific.
Terms of reference
The principal task of the Charter Council will be to draft the Asia-Pacific Privacy Charter and Recommended Implementation and Compliance Measures. The Charter will set out substantive principles of privacy protection covering fair information practices, regulation of surveillance, and limitation of intrusions suitable for jurisdictions in the Asia-Pacific. The Measures will set out minimum and desirable measures suitable for jurisdictions in the Asia-Pacific.
The Charter Council will take into account in its deliberations the following source documents, and such others as it considers appropriate:
• the International Covenant on Civil and Political Rights, the OECD Guidelines concerning privacy and free flow of information, the European Union Privacy Directive, the Australian Privacy Charter, the Canadian Privacy Standard, and the work of regional Law Reform Commissions such as those of New South Wales (surveillance principles) and Hong Kong (privacy torts);
• regional privacy laws including those of jurisdictions in Australia, Canada, Thailand, Taiwan, Hong Kong, New Zealand, Argentina and South Korea, proposed laws in Malaysia, Macau and elsewhere, ‘privacy torts’ in the US, Canada and New Zealand, and constitutional privacy protection in the US and elsewhere; and
• major sectoral privacy principles including the OECD Guidelines concerning cryptography, the European Union Electronic Communications Privacy Directive and the International Privacy Commissioners’ Working Group guidelines on interception of communications.
Meetings and outputs
Most of the Council’s deliberations will be by electronic means. The APPCC’s home page is already publishing background documents on the APPCC’s development, the APEC and APT developments, and other relevant regional developments, and will publish Charter drafts as they are prepared. The first face to face meeting of the Charter Council will be during the International Privacy and Data Protection Commissioners meeting in Sydney on 12 September 2003. The Council will endeavour to complete its work by one year from that date. l
Graham Greenleaf is Co-Director of the Baker & McKenzie Cyberspace Law and Policy Centre at UNSW, which is the convenor of the APPCC.
. A list of Council members is available at <www.BakerCyberlaw Centre.org/APPCC/>.
. Canadian Standards Association Privacy Code at <www.csa.ca/ standards/privacy/default.asp?load =code&language=English>.
. Australian Privacy Charter at <www.anu.edu.au/people/Roger.Clarke/DV/PrivacyCharter.html>.
. <www.BakerCyberlawCentre. org/APPCC/>.