Privacy Law and Policy Reporter
Graham Greenleaf (General Editor) and Nigel Waters (Associate Editor)
This article was first published by UK based Privacy Laws and Business (http://www.privacylaws.com/ ) and is reproduced here with their permission.
The Korean National Commission for UNESCO hosted in Seoul an International Forum on Privacy Rights in the Digital Age from 27 - 29 September 2005, the participants in which were academic and NGO experts on privacy issues from nine regional countries. The Forum heard country reports from the People’s Republic of China, Malaysia, Philippines, India, Thailand, Japan, Korea, Australia and New Zealand, and assessments of global developments in privacy standards, technology and ethics.
The strong contributions to the meeting by numerous Korean academic and NGO experts on privacy also made very clear the extent to which privacy is regarded as a very serious issue which is prompting detailed examination in South Korea’s very technically advanced society which is now approaching ‘ubiquitous computing’ to an extent not yet seen elsewhere in the world.
At the conclusion of the Forum, the participants unanimously agreed to make and to promote a Declaration of Privacy Rights Action Programme in the Asia-Pacific Region on the occasion of the International Forum on Privacy Rights in the Digital Age (only the near-final draft is available at the time of writing). The UNESCO Forum’s Declaration tries to strike a careful balance, noting both threats to privacy ‘while also understanding the legitimate needs of government and business’ and that data protection also ‘promotes the free flow of information’. The Declaration calls on data subjects, commercial organisations, and NGOs to play their parts in promoting awareness and observance of privacy rights. It then makes more specific appeals to regional governments, and privacy bodies, and to UNESCO itself. This is UNESCO’s most significant intervention into privacy issues, and it appears that UNESCO is now the lead UN agency taking an interest in privacy issues.
The UNESCO Forum Declaration calls on regional governments framing privacy laws ‘to study privacy laws and implementation experience of other countries in addition to the APEC framework and other international privacy agreements’. It calls on international organisations (of which the most significant regional examples are the ‘PANZA+’ meeting of data protection agencies, and APEC’s ECSG Privacy Sub-Group) to collaborate with each other and also to ‘consult with regional NGOs concerned with privacy’.
Responding to Montreux
The Declaration is also significant because, though it deals with broader themes and has been in planning for some months, it also includes the first regional response to the ‘Montreux Declaration’ of the global meeting of Privacy and Data Protection Commissioners in Switzerland earlier in September.
First, it adopts and modifies the ‘principles of data protection’ set out in the Montreux Declaration as universal principles, couching this in terms of ‘willingness to strengthen the international recognition of the universal nature of these principles, in the spirit of UNESCO’. The Declaration also amends the Montreux version to include an additional principle of correction, replacing the collection limitation of fairness (which is implied elsewhere) with a limitation to ‘necessary’ collection (a deficiency of the Montreux principles), and including a more general reference to ‘sanctions’ rather than ‘legal sanctions’.
Second, the Declaration calls on UNESCO itself ‘to adopt privacy protection principles’, ‘to recommend adoption of privacy and personal data protection principles by the UN’, ‘to promote discussion about privacy and personal data protection in the Asia-Pacific region’, and specifically ‘to promote debate about the Montreux Declaration’s proposals, and in particular, the Commissioners’ proposal about United Nations development of a binding legal privacy instrument’.
The Declaration concludes with the participants agreeing to develop ‘a sustainable UNESCO network in this region to share information about privacy matters and to achieve the objectives in this Declaration’. UNESCO representatives at the meeting referred on a number of occasions to the likelihood that UNESCO would facilitate follow-up meetings, probably commencing with a meeting in Malaysia in 2006.
The UNESCO meeting has underlined that APEC’s privacy processes, while important, are not the only regional development of significance in the Asia-Pacific. Further UNESCO meetings may provide a good opportunity for Asia-Pacific countries to debate matters outside the APEC agenda, such as the Montreux Declaration’s call for a UN treaty, and for the Council of Europe to invite non-European states to join its privacy treaty. Since the Asia-Pacific has the only concentration of non-European states who could at this stage become parties to the CoE treaty, this debate must take place in the Asia-Pacific or be consigned to irrelevance. UNESCO may provide a valuable alternative forum for such debate.