IGF 2019 WS #236 A universal personal data protection framework? How to make it work?

Organizer 1: Ying Tung, Mandy Chan, The University of Hong Kong
Organizer 2: Mingzhu Li, Hong Kong Shue Yan University
Organizer 3: Steven Chen, The Chinese University of Hong Kong
Organizer 4: Aidana Alken, The Hong Kong Polytechnic University
Organizer 5: JING HAN DONG,

Speaker 1: Arthur Gwagwa, Technical Community, African Group
Speaker 2: Jaewon Son, Civil Society, Asia-Pacific Group
Speaker 3: Peter Kimpian, Intergovernmental Organization, Western European and Others Group (WEOG)
Speaker 4: Lih Shiun Goh, Private Sector, Asia-Pacific Group

Policy Question(s): 
  • What are the fundamental principles for personal data protection in cross border context? 
  • What are the current difficulties/dilemma for personal data protection in cross-border context? 
  • What are the implications of recent institutional regulations on data protection in the global south and global north? (SDG 16)
  • How can technical community, private sectors, governments, civil society and transnational organizations employ and design a universal personal data protection framework to develop effective policy? (SDG 17)
  • Is it possible to establish a universal jurisdictions that settle disputes towards data governance? (SDG 9, 16, 17)

Relevance to Theme:

The development of automatic data processing and the accelerating development of technology enables vast quantities of data to be transmitted within seconds across the world. In the era of globalisation, a vast quantity of personal data could be transmitted and misused easily if there is no personal data protection framework or legislation to protect data breaches. 

Despite the fact that many international organizations have introduced a set of principles, guidelines and policy suggestions, personal data protection law on a national level has not been enacted widely across the globe yet. Meanwhile, the implementation of GDPR imposes stricter protection on cross-border personal data transfer which provide a realistic option for those who wish to transfer data to everywhere they like.

Some countries may resort to follow the existing data regulatory model which in turn risk creating a more fragmented global geometry for commerce and information exchange. It will affect the flows of cross-boundary data and leads to isolation and siloing of data usage within a specific country. Restrictions on these flows could cause serious disruption in important sectors of the economy, such as banking and insurance.The issue is imminent and involves not only the governments and the global community but individuals. 

For this reason, this workshop hopes to build up the conversation on reviewing the existing principles set out by different institutions and international organizations. It aims to help harmonise national privacy legislation and to avoid interruptions in international flows of personal data. We hope to reach a consensus on the fundamental principles on cross-border personal data protection by reaching out to different stakeholders for their concerns of the issue, and ultimately to touch on the possibility of establishing a universal jurisdiction that will hopefully serve as a reference for the future legislation and discussion.  

Relevance to Internet Governance

Data governance concerns an array of diverse and sensitive issues like protection of personal data, law enforcement and other security issues. Different governments have different models to steward their data, so as to foster better governance. These issues are interwoven with internet governance, since the internet is a vast network which is connected by standardized data communication protocols.

A vulnerable data management may result in data and privacy breaches which poses risk of crime, abuse, surveillance and social conflict at domestic or even international levels. The collection and use of network data, when not being properly regulated and stewarded, could put the cybersecurity at risk, hindering the proper functioning and use of the internet. 

Above scenarios demonstrate the importance of data governance in the use of the internet, and thus are highly relevant to internet governance. In our policy questions, we focus on practical mechanism in governing personal data in cross-border context. We seek for better understanding on the capability of the global south in handling issues related to personal data governance and the impacts of doing so. Examining the different limitations and advantages that when regulating personal data privacy issues can give us insight in understanding the strengths of and the possible assistance needed for an effective stewardship in different countries. Learning about the differences and uniqueness between the global north and global south could help in constructing a universal personal data framework that could facilitate international cooperation and meaningful participation among different countries, regardless of their developmental level, in global internet governance.

Format: 

Round Table - Circle - 90 Min

Description:

This workshop will provide participants with an overview of personal data protection from domestic to a global level. With the specialisation of GDPR, it aims at investigating the current limitations and considerations of the transnational data protection law which hopes to shed light on the imminence of establishing a universal data protection framework.

Expected Outcomes: 

Throughout the discussion, it aims at establishing fundamental principles for personal data protection in the cross-border context on top of the exisitng one. We would like to identify the key limitation of the exisitng personal data protection legislature, ares for growth and opportunties for cooperation between global south and global north. And most importantly, our ultimate goal is to evaluate the possibility of settling disputes on personal data protection in universal jurisdictions

Onsite Moderator: 

Mingzhu Li, Civil Society, Asia-Pacific Group

Online Moderator: 

Ying Tung, Mandy Chan, Civil Society, Asia-Pacific Group

Rapporteur: 

Aidana Alken, Civil Society, Asia-Pacific Group

Discussion Facilitation: 

The session organisers will be responsible for managing the length of each session in achieving a meaningful yet balanced discussion on issues revolving around data governance. With the aim of exploring the possibility of establishing a universal personal data protection framework that settle disputes towards personal data incidents, the session organisers will facilitate the discussion by encouraging and bringing in novel questions and opinions from both onsite participants and online participants. Opportunities will be given to participants to share their thoughts on different dimensions of data governance with our professional speakers during the round table discussion.The round-table discussion is expected to enable interactions and exchange of views between participants with diverse backgrounds and speakers representing different stakeholders that could foster understanding of the present needs, existing limitations and potential resources for a global data governance mechanism.

Online Participation: 

By clicking on the link in any electronic agenda which will be published on the IGF website or the social networking sites, participants can be directed to the meeting room. If the speaker is a remote presenter, they can still access the the meeting room to present their ideas.

Proposed Additional Tools: Social Media hashtag on Facebook

SDGs: 

GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals

Agenda: 

AGENDA:

Introduction - (10 min) 

Our moderator will start this session with an introduction of different speakers and elaboration on the agenda and background of the workshop. 

Speaker sharing - (10 min) 

Mr. Peter Kimpian will share about the Convention 108+ and GDPR which will offers more insights on fostering international cooperation on the issue based on the commitment to respect common principles and the creation of a common legal space . This will facilitate the beginning of the discussion and will give participants the necessary background to refer to in discussing how a universal personal data protection framework can be built up.

The First Round Table discussion - (20 min) 

This is a primary discussion which is aimed on gathering more information about difficulties faced by different stakeholders in the personal data protection in the cross-border context. 

Guiding questions:

  1. What are the fundamental principles for personal data protection in cross border context? 
  2. What are the current difficulties/dilemma for personal data protection in the cross-border context?

Summary of the first roundtable discussion - (5 min)

The moderator will summarize the key points of the discussion and link them to the following discussion, with a focus on ways to develop a global data governance framework. 

The Second Round Table discussion (40 min)

In this roundtable discussion, the focus will be shifted to practical matters regarding the establishment of a global data protection framework, seeking to understand more about the challenges faced and ways to improve the data protection mechanism. The three other speakers who represent technical community, civil society, and the private sector respectively will be able to add different perspectives into the discussion and make the voices of different geographical regions be heard.

Guiding questions:

  1. What are the implications of recent institutional regulations on data protection in the global south and global north? (SDG 16)
  2. How can technical community, private sectors, governments, civil society and transnational organizations employ and design a universal personal data protection framework to develop effective policy? (SDG 17)
  3. Is it possible to establish a universal jurisdictions that settle disputes towards data governance? (SDG 9, 16, 17)

We will also open up the floor for the remote participants to comment and ask questions. Our on-site and online moderators will facilitate this session and may ask follow-up questions to encourage participants to interact. 
Conclusion (5 min) 

The moderator will summarize the key takeaways from the discussions and our on-site moderator will link ideas back to the topic of establishing a global data protection framework. Speakers will be able to add final remarks if they wish.