Since the mid-1990s, privacy experts in the Asia-Pacific have been advocating the advantages of, and need for, an Asia-Pacific regional privacy agreement which would assist in both increasing and harmonising the level of privacy protection in the region and therefore creating the necessary basis for free flows of personal data which do not adversely affect privacy.
The development of such a regional standard requires high quality inputs from a number of sources, including governments, regional privacy protection authorities, and independent experts in the field of privacy protection. The 1980 OECD privacy Guidelines and the 1981 Council of Europe privacy Convention were drafted by such expert committees.
A regional example of independent expert input is the 1993 Australian Privacy Charter, developed by a Charter Council of non-government experts. It has had a significant influence on the development of Australian privacy legislation in three jurisdictions. Similarly, an expert group in Canada drafted the core principles of Canada's private sector legislation.
After over 15 years of development, existing privacy laws in Asia-Pacific jurisdictions have many strengths, including in some cases elements that may be an advance on what is found in the OECD Guidelines or European laws (such as Canada's purpose justification principle, Korea's 'no disadvantage' principle and Australia's anonymity principle). There is also a valuable diversity of implementation and compliance mechanisms in regional laws on which to draw, including methods of co-regulation, mediation, audit, privacy impact assessment and compensation. There is much to learn from our regional experience.
The announcement in 2003 by the Australian government of its 'APEC initiative' provides both added urgency in the need for independent expert input into Asia-Pacific privacy standards, and a new opportunity for regional experts to provide input into the development of Asia-Pacific privacy laws.
This initiative therefore aims to create, through the formation of an Asia-Pacific Privacy Charter Council, a regional expert group which will develop independent standards for privacy protection in the region, in order to influence the enactment of privacy laws in the region in accordance with those standards, and the adoption of regional privacy agreements in accordance with those standards.
The Charter Council's standards will complement the inputs into the development of these law and agreements from business, government and privacy officials, and challenge them to develop a high standard of privacy protection for the Asia-Pacific.
The principal task of the Charter Council will be to draft the Asia-Pacific Privacy Charter and Recommended Implementation and Compliance Measures.
The Asia-Pacific Privacy Charter will set out substantive principles of privacy protection covering fair information practices, regulation of surveillance, and limitation of intrusions suitable for jurisdictions in the Asia-Pacific.
The Recommended Implementation and Compliance Measures will set out minimum and desirable measures suitable for jurisdictions in the Asia-Pacific.
The Asia-Pacific Privacy Charter Council will take into account in its deliberations the following source documents, and such others as it considers appropriate:
- The International Covenant on Civil and Political Rights, the OECD Guidelines concerning privacy and free flow of information, the European Union privacy Directive, the Australian Privacy Charter, the Canadian privacy Standard, and the work of regional Law Reform Commissions such as those of New South Wales (surveillance principles) and Hong Kong (privacy torts).
- Regional privacy laws including those of jurisdictions in Australia, Canada, Chinese Taipei, Hong Kong, New Zealand and South Korea, proposed laws in Malaysia, Macau and elsewhere, 'privacy torts' in the USA, Canada and New Zealand, and constitutional privacy protection in the USA and elsewhere.
- Major sectoral privacy principles including the OECD Guidelines concerning cryptography, the European Union electronic communications privacy Directive and the International Privacy Commissioners' Working Group guidelines on interception of communications.
The Charter Council will comprise a group of experts drawn from Asia-Pacific countries. The members will all have expertise and experience in matters relating to privacy and a commitment to privacy protection. The Council will include among its experts former Commissioners and former officials of privacy protection bodies. Government and business representatives, and current Commissioners, have their own separate fora.
The convener of the initiative is the Baker & McKenzie Cyberspace Law and Policy Centre at the Faculty of Law, University of New South Wales.
The convener will invite suitably qualified experts from Asia-Pacific countries to join the Charter Council and will provide secretariat services. When experts from at least five countries have joined that Charter Council, that group will constitute the Council's Steering Committee and guide its affairs.
The Charter Council will include experts from as many jurisdictions in the Asia-Pacific as possible.
Most of the Charter Council's deliberations will be by electronic means.
The home page for the initiative is http://www.cyberlawCentre.org/appcc/.
The first face-to-face meeting of the Charter Council will be in mid-September 2003 during the International Privacy and Data Protection Commissioners meeting in Sydney <http://www.privacyconference2003.org/>. Meeting date is Friday September 12. The Council will endeavour to complete its work by one year from that date.
Graham Greenleaf, Nigel Waters, Roger Clarke and David Vaile
on behalf of the Baker & McKenzie Cyberspace Law and Policy Centre at UNSW http://www.cyberlawCentre.org
1 May 2003
Graham Greenleaf <graham [at] austlii.edu.au>
Nigel Waters <nigelwaters [at] iprimus.com.au>
Roger Clarke <roger.clarke [at] xamax.com.au>
David Vaile <d.vaile [at] unsw.edu.au>