Appendix B: Methods of Engaging with International Processes
There is a thirst for knowledge about the Asian policy landscape for privacy. At the international level there is an ideological battle going on between U.S. industry and European policy-makers. U.S. industry is worried about burdensome privacy laws and want to ensure that they do not spread beyond Europe into Asia. European policy-makers who are concerned about privacy as a human right do not want to see European citizens' data being sent to Asia for processing in breach of European law. Both stakeholders see the need for some form of data protection law, but their approaches are quite different. To both these stakeholders, Asia is the key battleground to decide which model will dominate global regulatory standards.
To date, Asians have not been given a voice on these matters. Instead, people speak for them. That is, governments represent their interests, but are usually focussed only on enhancing global trade so they are keen to create regulatory frameworks in their countries that will permit the flow of data from Europe, but these governments are not interested in seeing privacy rights extended to their own citizens. Meanwhile, U.S. industry speaks for Asian peoples by saying that in Asia there is no culture of privacy, that people are not interested in such issues because of different cultural interests.
Our research over the past 18 months has shown a very different landscape from either of these. This is not to say that people are clamouring for a data protection act within their countries. Rather, they are just as unsettled by some of the modern developments such as identity fraud, online fraud, hacking, telemarketing, and data breaches as people in other parts of the world. The lack of information is the key difference.
We have been working hard to raise these points at the international level. We work with privacy regulators from around the world and over the past 18 months we have been continuously feeding our research results to them. We participated in the International Data Privacy Commissioners Conference in Strasbourg in October 2008 where we presented the initial findings of our research on Asia and refugee communities. We also presented our research findings in February 2009 at the International Working Group on Telecommunications Privacy in Sofia.
We have also been regularly communicating with international industry leaders. We meet regularly with industry representatives from the largest IT companies in the world, who play significant roles in privacy politics around the world. We discuss our findings with them, discuss our shared interests, and seek to share ideas on where we disagree. Our research in Asia has enabled us to participate in these processes with greater legitimacy and awareness.
There are two key developments in this international engagement process: the 'Galway Process', and the work of the Data Privacy Subgroup at APEC.