Kia ora koutou,
Since my last editorial, I’ve been in Singapore at the IAPP’s Asia Privacy Forum. This was a fantastic opportunity to connect with our colleagues in the Asia-Pacific region and beyond. It was refreshing to see that privacy professionals and regulators in Asia are grappling with exactly the same issues we’re discussing here in ANZ. Data ethics, artificial intelligence, privacy as a building block of trust and challenges with incorporating GDPR requirements into our local compliance activities all surfaced during discussions that could just as easily have occurred in Sydney, Melbourne or Auckland.
I was particularly interested, however, in the progressive approach to privacy regulation being taken by Singapore's Personal Data Protection Commission and Hong Kong’s Privacy Commissioner for Personal Data. These regulators have made it clear they wish to enable the building of a digital and data-driven economy in the Asia-Pacific region by encouraging innovation while fostering trust and respect for personal information. It will be interesting to see how this approach plays out in the long term and whether agencies will strike the right balance. You can access many of the APF19 presentations here.
The Australian Competition and Consumer Commission released a long-awaited report on its inquiry into big tech and digital platforms. The report, which comes just days after Facebook was hit with landmark fines, represents further significant pressure on big tech to confront consumer privacy, data ethics and the use of social media platforms to spread extremist content. The sweeping report makes 23 recommendations, including the establishment of a new digital platform branch within the ACCC to scrutinize the powerful and secretive algorithms behind many of the dominant digital platforms.
Cosmetic store Sephora notified users of its online services in Southeast Asia and ANZ of a data breach that exposed personal information, including name, date of birth, gender, email addresses and password, as well as information about beauty preferences. Interestingly, there was little detail in the notification email, which may create uncertainty for affected consumers as to the scope and extent of the breach. This is highly relevant to debates in NZ at present about our upcoming mandatory breach notification regime and whether it is better to notify early with little detail or later with more clarity and helpful guidance. I’m sure NZ is not alone in trying to grapple with this question.
If anyone is searching for some gripping privacy-related evening entertainment and, like me, has already exhausted Netflix’s “Black Mirror” or “The Great Hack” (recommended), head to the NZ Parliament website to view recently uploaded videos of our Privacy Bill’s second reading in Parliament. Nice to know our lawmakers have time to debate the pronunciation of the word “privacy.” This is an interesting juxtaposition to the apparent secrecy surrounding the future of India’s Personal Data Protection Bill.
The program for the IAPP ANZ Summit in Sydney 29 to 30 Oct. is really starting to take shape, with Woodrow Hartzog confirmed as a keynote speaker, in addition to Privacy Commissioners John Edwards and Angelene Falk. Early bird registrations closes 16 Aug., so get in quick to secure your spot in the next epic privacy event for our dynamic region.
Enjoy the digest.
Nga mihi nui
If you want to comment on this post, you need to login.