Apec Privacy Framework

The APEC Privacy Framework was developed from 2003, adopted by APEC in 2004 and finalised in 2005. It was intended as a means of improving the standard of information privacy protection throughout the APEC countries of the Asia-Pacific, and of facilitating the trans-border flow of personal information between those countries. In 2007 a number of 'Pathfinder' projects for cross-border data transfers were launched under the Framework. In the five years since the process commenced, what has it achieved, and what is it likely to achieve? This paper argues that the APEC Privacy Framework has had many flaws from its inception, including Privacy Principles that are unnecessarily weak, and no meaningful enforcement requirements. Five grounds of criticism of the Principles are put forward: (i) Weaknesses inherent in the OECD Principles; (ii) Further weakening of the OECD Principles; (iii) Potentially retrograde new Principles (The only new principles, 'Preventing harm', 'Choice' and the 'Due diligence in transfers' aspect of the Accountability principle, while capable of benign interpretations, carry inherent dangers and have little to recommend them); (iv) EU compatibility is ignored; and (v) Regional experience is ignored. The APEC Principles therefore do not represent any objective 'consensus' of existing regional privacy laws, unless it that of the lowest common denominator of every set of Privacy Principles in the region. In relation to enforcement, Part IV exhorts APEC members to implement the Framework without requiring any particular means of doing so, or any means of assessing whether they have done so. No means of assessment have yet been developed. The APEC Framework is therefore considerably weaker than any other international privacy instrument in terms of its implementation requirements, and its practices. Since its adoption in 2004, little attempt has been made to encourage its use as a minimal standard for privacy legislation in developing countries (which might have been useful), and it is having little impact on the significant number of legislative developments now taking place. Instead, the 'Pathfinder' projects seem to be developing toward a generalised version of the US 'Safe Harbor' scheme. What is known of the Pathfinder projects leaves many questions unanswered, such as what standards for data transfers they aim to implement; whether compliance with all of APEC's own Privacy Principles will be required; and how 'Accountability Agents' will be accredited. Consumer input into APEC's privacy processes has been belated and ad-hoc but business influences omnipresent. Despite these flaws, APEC could still play a useful role in the gradual development of higher privacy standards in Asia, provided its priorities are re-oriented. The major developments in Asian privacy protection are likely to come from elsewhere, including other regional groupings, and attractions of standards originating in Europe. The paper concludes with suggestions for other directions.

The distinguished editors and contributors to this book have produced a valuable report of the state of privacy in a number of jurisdictions with their distinct legal and political traditions. It highlights the challenges we confront in our effort to protect and defend a central democratic ideal. Raymond Wacks, Computer Law and Security Review . . . This book is. . . a seminal piece of literature. . . Although the volume is about privacy law and the international politics of data protection, it is vitally important for the whole field of surveillance studies. It is easy to follow, and written in a way that nonlegal scholars can easily grasp. Nils Zurawski, Surveillance and Society Global Privacy Protection is certainly to be commended. Daniel Seng, Singapore Journal of Legal Studies Global Privacy Protection reviews the origins and history of national privacy codes as social, political and legal phenomena in Australia, France, Germany, Hong Kong, Hungary, South Korea and the United States. The first chapter reviews key international statements on privacy rights, such as the OECD, EU and APEC principles. In the following chapters, the seven national case studies present and analyze the widest variety of privacy stories in an equally varied array of countries. They look beyond the details of what current national data-protection laws allow and prohibit to examine the origins of public concern about privacy; the forces promoting or opposing privacy codes; the roles of media, grassroots activists and elite intervention; and a host of other considerations shaping the present state of privacy protection in each country. Providing a rich description of the interweaving of national traditions, legal institutions, and power relations, this book will be of great interest to scholars engaged in the study of comparative law, information law and policy, civil liberties, and international law. It will also appeal to policy-makers in the many countries now contemplating the adoption of privacy codes, as well as to privacy activists.

The first work to examine data privacy laws across Asia, covering all 26 countries and separate jurisdictions, and with in-depth analysis of the 14 which have specialised data privacy laws. Professor Greenleaf demonstrates the increasing world-wide significance of data privacy and the international context of the development of national data privacy laws as well as assessing the laws, their powers and their enforcement against international standards. The book also contains a web link to an update to mid-2017.

This broad-ranging examination of privacy law considers the challenges faced by the law in changing technological, commercial and social environments. It encompasses three overlapping areas of analysis : privacy protection under the general law; legislative measures for data protection in digital communications networks; and the influence of transnational agreements and other pressures towards harmonised privacy standards. Leading internationally recognised authors discuss developments across these three areas in the United Kingdom, Europe, the United States, Australia and New Zealand.

Today, privacy is one of the most hotly debated topics worldwide. The book aims to balance the development of personal rights in a country that has historically valued collective rights over those of the individual. The protection of privacy is not an issue that has been emphasised during the rapid development of economic laws in China. However, the accompanying development of greater government-based regulation of these laws’ implementation has led to greater invasions of personal privacy. This study attempts to provide a way forward for China to address the ever-increasing concerns about the protection of privacy and puts forward a legislative model for protection. This is achieved after a thorough analysis of the threats to privacy protection in China, a critical evaluation of the level of current privacy protection in China, and an analysis of the privacy laws in a series of developed nations based on common law and civil law.

The digital era shows an unprecedented worldwide flow of data within multinational companies and their external service providers. Binding Corporate Rules (BCRs) are designed to allow these companies to transfer personal data across borders in compliance with EU Data Protection Law. This is the first work to give an in-depth assessment of the BCR regime. It discusses the origins of the regime and the material requirements of BCR, as well as how they should be applied in practice and made binding on the companies and employees. It also covers how BCRs may provide for enforceable rights for the beneficiaries of the regime and how they should be brought in line with requirements of European rules on private international law. The work also analyses a number of significant academic debates in the areas of transnational private regulation and data protection. It reflects on the debates as to the legitimacy of transnational private regulation as a method of regulating corporate conduct and also focuses on the merits and shortcomings of BCR as a method for regulating global data transfers. This book is essential reading for those who need to understand more about the BCR regime, and require insight into how cross-border data transfers could be better protected in the future.

A clear, comprehensive, and cutting-edge introduction to the field of information privacy law, with the latest cases and materials exploring issues of emerging technology, information privacy, algorithmic decisions, AI, data security, and European data protection law. New to the 8th Edition: Tighter editing and shorter chapters New sections about AI and algorithms in law enforcement (Chapter 4), consumer privacy (Chapter 9), and employment privacy (Chapter 12) New cases: MD Anderson, Loomis v. Wisconsin, Clearview AI Discussion of post-Carpenter cases Discussion of new FTC enforcement cases involving dark patterns and algorithm deletion Discussion of protections of reproductive health data after Dobbs Benefits for instructors and students: Extensive coverage of FTC privacy enforcement, HIPAA and HHS enforcement, and standing in privacy lawsuits, among other topics Chapters devoted exclusively to data security, national security, employment privacy, and education privacy Sections on government surveillance and freedom to explore ideas Engaging approach to complicated laws and regulations such as HIPAA, FCRA, ECPA, GDPR, and CCPA