Overview of Objectives and Activities
The primary goal of the Asia Privacy Project was to serve as a scoping exercise that will help to identify key Asian partners and issues in an overall process of promoting privacy protection in Asia. To do so, we identified three primary objectives.
Project Objective 1: Identify the state of law
We conducted extensive research on the legal situations in a number of countries across Asian developing countries. This was not so simple as identifying "Privacy Law 19xx" but rather, we assessed the real state of regulatory protections (e.g. the jurisdiction and powers of the regulators) and legal protections (e.g. jurisprudence). When we met with partners across the region we identified a number of analytical points to identify the strength and weaknesses of the existing legal protections.
Project Objective 2: Identify key institutions for future engagement
In the first stage of our research we identified institutions, actors, and stakeholders involved in privacy issues. This often involved reaching out to groups who did not previously engage on privacy issues, such as consumer protection organisations, or freedom of information specialists. With these stakeholders we explored potential modalities for forming a community of practice on the issue, which culminated in our workshops and public forums. We also engaged with national institutions, industry and industry organisations.
Project Objective 3: Engage with international institutions in the region to promote privacy
There is a strong interest in international circles regarding privacy issues in Asia. The primary international institution is Asia Pacific Economic Cooperation, and their subgroup on data privacy. We needed to engage actively with APEC to promote stronger standards for the region. We also identified the need to focus on the work of the Association of Southeast Asian Nations (ASEAN) because of their work on security agreements that tend to undermine human rights safeguards, though we were less successful in gaining access to ASEAN's deliberations. We also participated at the Internet Governance Forum meeting in Hyderabad. Finally, we engaged with the international regulatory community and international business community, as they both have keen interests in privacy as a geo-political and global regulatory issue.
Apart from these primary objectives, we also assisted the United Nations High Commissioner for Refugees in Malaysia. We were appointed external evaluators to the UNHCR to guide them on their refugee registration processes, and in particular, the use of biometrics. We engaged with the refugee population in Kuala Lumpur, met with government officials on national identity registration strategies, and assisted UNHCR staff in Malaysia and in Geneva to understand the privacy issues relating to identity registration.