On 19 October 2011, the Governor-General approved an amendment to the Administrative Arrangements Order transferring responsibilities for privacy and freedom of information policy from the Department of the Prime Minister and Cabinet to the Attorney-General’s Department. The Privacy and Freedom of Information Policy Branch within the Department of the Prime Minister and Cabinet has transferred to the Attorney-General’s Department as the Information Law and Policy Branch. Relevant parts of this webpage and its contents will shortly be updated and relocated to the website of the Attorney-General’s Department (www.ag.gov.au).
APEC Privacy
Background information
Australia has had a long and close involvement with the Asia-Pacific Economic Cooperation (APEC). The first meeting of APEC was held in Canberra, Australia, in 1989, with 12 member economies.
APEC is a diverse environment which is made up of 21 member economies from around the Asia-Pacific region. Member economies are: Australia; Brunei Darussalam; Canada; Chile; People's Republic of China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; Philippines; Russia; Singapore; Chinese Taipei; Thailand; United States and Viet Nam.
APEC is clearly focused on trade, investment and economic issues. It is not a treaty based organisation, but instead operates on the basis of consensus. Each year a different APEC economy hosts APEC. Information on the current and former host economies is available from the APEC Secretariat.
TopCurrent issues
APEC Data Privacy Sub-Group
In February 2003, the APEC Electronic Commerce Steering Group (ECSG) established the APEC Data Privacy Sub-Group to develop a common APEC approach to privacy. The Sub-Group meets twice a year and reports to the ECSG which ultimately reports to APEC Ministers (through the Committee on Trade and Investment). Australia was instrumental in the establishment of the Sub-Group and we continue to play an active role.
Public information provided by APEC on the ECSG, with links to further information on the Data Privacy Sub-Group and relevant initiatives, is available from the APEC ECSG.
Over a two year period the Data Privacy Sub-Group developed the APEC Privacy Framework which was endorsed by APEC Ministers in November 2004. The Framework sets out nine privacy principles which provide clear guidance and direction to businesses operating in APEC economies. It promotes a consistent approach to information privacy protection across APEC member economies while avoiding the creation of unnecessary barriers to information flows.
The Sub-Group has subsequently focused on the domestic and international implementation of the APEC Privacy Framework, with a particular emphasis on ensuring that the Sub-Group’s work incorporates capacity building activities for APEC member economies. While the principle activity of the Sub-Group has been the development and implementation of the APEC Data Privacy Pathfinder, the work plan for the Sub-Group encourages members to identify and discuss other relevant privacy issues.
APEC encourages the use of Individual Action Plans (IAPs) by member economies to provide public information on the implementation of APEC initiatives in each economy. Information Privacy IAPs have been prepared by many Sub-Group members on the domestic implementation of the APEC Privacy Framework.
Australia is the current Chair of the Sub-Group. The Sub-Group holds two meetings in the APEC host economy each year. In addition, the Chair organises monthly teleconferences for members of the Sub-Group to advance work between meetings. Membership of the Sub-Group is open to all APEC member economies. The Sub-Group encourages member economies to engage with domestic stakeholders on APEC privacy issues, including government, business and consumer representatives. In addition to participation by member economies, the Sub-Group has approved the participation of a number of invited guest members.
Data Privacy Pathfinder Initiative
In 2007, APEC approved a Data Privacy Pathfinder Initiative which is to progress the implementation of the APEC Privacy Framework. The Pathfinder is pursuing multiple projects aimed at promoting consumer trust and business confidence in cross-border data flows. It will support business needs, reduce compliance costs, provide consumers with effective remedies, allow regulators to operate efficiently, and minimize regulatory burdens. The Data Privacy Pathfinder contains general commitments leading to the development of a Cross-Border Privacy Rules (CBPR) system.
TopCross-Border Privacy Enforcement Arrangement
In July 2010 APEC Ministers endorsed the APEC Cross-Border Privacy Enforcement Arrangement (CPEA). The CPEA creates a multilateral framework for regional cooperation in the enforcement of privacy laws. Participation in the CPEA is open to any Privacy Enforcement Authority in an APEC member economy. The CPEA aims to:
- facilitate information sharing among PE Authorities in APEC economies;
- provide mechanisms to promote effective cross-border cooperation between authorities in the enforcement of Privacy Law; and
- encourage information sharing and cooperation on privacy investigation and enforcement with Privacy Enforcement Authorities outside APEC
Australia strongly supports the CPEA and was instrumental in its establishment. Australia, through the Office of the Australian Information Commissioner, participates in the CPEA and is also one of the joint administrators of the CPEA. There are currently five Privacy Enforcement Authorities participating in the CPEA:
- The Office of the Australian Information Commissioner (OAIC)
- The New Zealand Office of the Privacy Commissioner (NZOPC)
- The United States Federal Trade Commission (US FTC)
- The Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)
- The Office of the Privacy Commissioner of Canada (OPCC)
The joint administrators are the APEC Secretariat, Australia’s OAIC, New Zealand’s NZOPC, and the United States FTC.
The Data Privacy Sub-Group encourages Privacy Enforcement Authorities from other APEC member economies to participate in the CPEA. The Data Privacy Sub-Group, and the CPEA administrators, can provide assistance and guidance to interested economies. The APEC Secretariat has made available a fact sheet on the CPEA, which includes information on how to participate in the CPEA.
Data Privacy Sub-Group meetings
The Data Privacy Sub-Group meets twice each year in the host economy. The meeting documents are considered for public release at the end of each meeting. Generally, all meeting documents apart from ongoing working documents or drafts are made available for public release on the APEC website through the APEC Information Management Portal (AIMP). The publicly available portion of the portal is accessible through the Meeting Document Database (MDDB). Instructions for accessing publicly available documents of the Data Privacy Sub-Group are as follows:
- Unless you know a specific search term, the most effective way to find documents is to use the browse function in the left hand column of the MDDB page.
- Click on browse by APEC Group; in the box that appears in the middle of the screen click the + symbol next to ‘Committee for Trade and Investment Groups’
- Click on the link for the Electronic Commerce Steering Group
- Select a year (the Data Privacy Sub-Group commenced in 2004) and click the browse button
- The search results will return a list of documents. Data Privacy Sub-Group documents will be numbered according to the following convention:
<year>/SOM 1 or SOM 3/ECSG/DPS/<document meeting number> - For example, 2010/SOM3/ECSG/DPS/001 is the meeting agenda for the Data Privacy Sub-Group meeting in September 2010, held in Sendai, Japan.
- SOM stands for Senior Officers’ Meeting. SOM 1 is generally held in February and SOM 3 is generally held in September each year. The ECSG and the Data Privacy Sub-Group do not meet during SOM 2.