Cross-border enforcement

31.219 The ability to investigate breaches of local privacy laws in foreign countries poses particular challenges for privacy regulators.[334] The OECD identified considerable scope for a more global and systematic approach to cross-border privacy law enforcement cooperation.[335]

31.220 The ALRC notes that the OPC is already involved in a number of forums aimed at improving cooperative arrangements between privacy regulators in other jurisdictions. For example, the OPC is a member of the Asia Pacific Privacy Authorities (APPA) Forum. APPA meets biannually and includes the federal, state and territory privacy regulators of Australia, New Zealand, Hong Kong and South Korea. APPA’s objectives include: facilitating the sharing of knowledge and resources between privacy authorities within the region; fostering cooperation in privacy and data protection; promoting best practice amongst privacy authorities; and working to improve performance to achieve the objectives set out in privacy laws of each jurisdiction.[336]

31.221 In addition, as discussed above, the Australian Government, including the OPC, is involved in the implementation of the APEC Privacy Framework and is leading three of the Data Pathfinder Projects.[337] This will involve cooperation between regulators in APEC economies.[338]

31.222 The OPC also has entered into an agreement with the New Zealand Privacy Commissioner that allows for cooperation on privacy related issues. The MOU covers the sharing of information related to surveys, research projects, promotional campaigns, education and training programs, and techniques in investigating privacy violations and regulatory strategies. Other areas addressed include cooperation on complaints with a cross-border element and the possible undertaking of joint investigations. The ALRC encourages the Australian Government and the OPC to continue to seek opportunities for further cooperation with privacy regulators outside Australia. This will be important to the effective implementation of the recommended ‘Cross-border Data Flows’ principle.

[334] See, eg, Lawson v Accusearch Inc (2007) (Federal Court of Canada, Harrington J, 5 February 2007).

[335] Organisation for Economic Co-operation and Development, Report on the Cross-Border Enforcement of Privacy Laws (2006), 4.

[336] Asia Pacific Privacy Authorities Forum, Statement of Objectives (2005).

[337] K Curtis, ‘Information Workshop for Australian Stakeholders’ (Paper presented at APEC Data Privacy Pathfinder Seminar, Sydney, 6 February 2008), 5–7.

[338] See, eg, Second Technical Assistance Seminar on the International Implementation of the APEC Privacy Framework, Cairns, 25–26 June 2007.