IGF 2019 WS #83
Different Parties' Role in PI Protection: AP's Practices


Organizer 1: Yueqiao Wang, CyberSecurity Association of China
Organizer 2: Jian Zhang, CyberSecurity Association of China
Organizer 3: Xiaobo Yang, CyberSecurity Association of China

Speaker 1: Yuxiao Li, Civil Society, Asia-Pacific Group
Speaker 2: Yanqing Hong, Civil Society, Asia-Pacific Group
Speaker 3: Robert Yonaitis, Private Sector, Asia-Pacific Group

Additional Speakers
  • Wolfgang Kleinwchter, Professor Emeritus for Internet Policy and Regulation at the University of AarhusMember of the ICANN Board
  • Jovan Kurbalija, Executive Director of DiploFoundation, Secretariat of the UN High-level Panel on Digital Cooperation
  • Duncan Macintosh, CEO of the APNIC Foundation
  • Ajay Data, Founder & CEO of Data XGen (Remote)
  • Henry Gao, Associate Professor of Law, Singapore Management University

Jian Zhang, Civil Society, Asia-Pacific Group

Online Moderator

Yueqiao Wang, Civil Society, Asia-Pacific Group


Yueqiao Wang, Civil Society, Asia-Pacific Group


Panel - Auditorium - 60 Min

Policy Question(s)

The full title of this workshop is "Different Parties’Roles in Personal Information Protection: Practices and Attempts in the view of the Asia-Pacific Region". The workshop will focus on the following questions: 1. What is the role and responsibility of each party, including government, civil society, technical community, private sector, individual, etc, in the process of personal information protection? 2. What practices and attempts in personal information protection has Asia-Pacific Region taken, and what are the values? 3. What should we do to achieve the balance between the innovation of data-driven technology, application & services, and personal information protection?


GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals


This workshop is co-organized by Cybersecurity Association of China & Communication University of Zhejiang.

The session will be a panel discussion.

Agenda Outline:

1. Opening Session - 5 minutes. The moderators will start off the session by welcoming the panelists, framing the topics and introducing the purpose and arrangement of the workshop.

2. Presentation - 25 minutes. The purpose of the presentation is to bring together multi-parties, including representatives from government, civil society, technical community, think tank, private sector, etc, to promote the communications in personal information protection. There will be 6 short presentations, panelists from China, Singapore and Australia will introduce personal information protection legislation and measures that have been taken in their countries in the view of the group they represent. Speaker will also share the position and role of each group as well as explore the approach on how different parties can reach the balance in the process of information protection.

3. Discussion and Q&A - 25 minutes. After the presentation, the moderator will engage the guests from China, the U.S, Russia and the EU in a lively discussion to get their comment on personal information protection issues in the Asia-Pacific region from the aspect of government authority and technical community, etc. They will also initiate dialogue on sharing best practices and shed light on the concerns on the cooperation of personal information protection at international level.

4. Closing Session - 5 minutes.

Expected Outcomes: 1. Effectively publicize the measures and practices of personal information protection in the Asia Pacific Region. 2. Enhance participants' mutual understanding on the role that different subjects can play in personal information protection. 3. Enhance dialogue on personal information protection in different countries in the Asia Pacific region by initiating dialogue for sharing excellent practise and experience. 4. Explore the practice and measures in the Asia-Pacific Region with referential value.

The floor will be open to both onsite and remote participants to engage with speaker during the Q&A session, the workshop will be highly interactive.

Relevance to Theme: Personal Information protection is crucial in data governance. Nowadays we are confronting more and more privacy leakage incidents, illegal transactions of personal information in underground markets, and unreasonable collection, usage & transfer of them from information technology enterprises. Emerging technologies and applications such as 5G, IoT and AI cannot be developed without suficient data as well as trust and confidence from individuals. Therefore, balancing personal information protection with technical innovation is of great value in data governance area. Asia-Pacific region has a massive number of Internet users (especially in China and India). However, it’s also the region who has the most prominent imbalance in data governance, due to the region’s diverse political systems, governance capabilities, cultures and development levels. In recent years, the Asia-Pacific region has come to realize the importance of strengthening data governance. Countries like Singapore, Japan, Korea, Indonesia, China and so on have enacted laws & regulations or taken actions to build or amend their personal information protection systems. Carrying out such a workshop to exchange and share experience, will, on the one hand, form a good mechanism for interaction, and on the other hand, explore the value of the practice in Asia-Pacific region in a global perspective.

Relevance to Internet Governance: Given the fact that the Internet development in a majority of Asia-Pacific countries starts late, the region contributes less to formation of Internet governance in the early stages. But today, as Asia-Pacific is becoming the most active gathering place for Internet innovation and the most dynamic scenario of Internet governance, balancing personal information protection with value creation is especially an urgent need of this area. Over the past decade, experience in Internet governance has demonstrated the importance of multi-parties’ participation. However, the Asia Pacific perspective has not been thoroughly explored in the past IGFs, it is essential for the world to see Asia-Pacific’s views and efforts. We hope the attempts and practices from governments, civil societies, private sectors and individuals in the Asia-Pacific region will enrich the model of Internet governance. And we wish to work with different parties to form a joint force to promote personal information security.

Online Participation

We suppose to utilize the official IGF online participation platform to allow remote participants. 

1. Key Policy Questions and Expectations

Policy Questions

  • Asia Pacific Region's practices and attempts in personal information protection.
  • Different parties' (including government, civil society, enterprises, research institutions and think tank) roles and responsibilities.
  • The balance between technology innovation and information protection.


  • Effectively publicize the measures and practices of personal information protection in the Asia Pacific Region.
  • Enhance participants’ mutual understanding on the role that different subjects can play in personal information protection
  • Enhance dialogue on personal information protection in different countries in the Asia Pacific region by initiating dialogue for sharing excellent practices and experience.
2. Summary of Issues Discussed

This workshop focused on personal information protection in the current context, by reflecting on existing data protection regulations in the Asia Pacific region, the workshop was designed for participants to share views on different parties’ roles in personal information protection. The following are discussed: Government should strengthen their privacy law frameworks; Technical community call on policy makers understand their priorities in terms of managing personal information and the needs of how they want to operate the Internet; Civil societies should actively organize and publicize the best practice cases and experiences of personal information protection; Private sectors need to keep informed of the changing and diverse privacy regulatory landscape to minimize the privacy risk; Individuals should raise their awareness and know how to control their personal information.

There was broad support for the view that the right to personal information and privacy is a fundamental right for everyone, each party should play an effective role in the process of personal information protection. Some of the panelists also indicate that it is going to be a huge challenge for government, civil society, technical community and private sectors to reconcile economic, cultural, technical, and security perspectives on data in existing and future policies. The exchange in Asia Pacific region should be richer and more active.

3. Policy Recommendations or Suggestions for the Way Forward

Personal information protection is becoming a more and more severe issue not only in Asia Pacific region but the entire world. To further strengthen IGF's role in global data governance, it is suggested that more practical measures should be taken, such as call for best practices, successful cases exhibition, data protection compliance training, etc.

4. Other Initiatives Addressing the Session Issues

Some panelists shared information about China regulatory agencies' special clean-up campaigns which targeting apps that collect and use personal information illegally. Apart from the government and civil societies’endeavors in this campaign, it also encourages netizens to report violation behaviors in apps, which get individuals fully involved in the process of personal information protection.

5. Making Progress for Tackled Issues

More active discussions and research works among different regions and countries should be conducted. With a historical advantage in the field of Internet governance, as well as the support from the UN, IGF is always an effective platform for in-depth communication.

6. Estimated Participation

We have at around 50 on-site participants and 10 online (zoom) participants, according to a rough tally, 40 percent of them are women.

7. Reflection to Gender Issues

It has been an consensus that the legal protection of personal information and privacy should be the basic right for everyone, no matter what the person's gender, region or community. One of the panelist even indicated that in some country in Asia Pacific, women's privacy right was protected ahead of men's right.

8. Session Outputs
  • Participants have reached the consensus that in the absence of global personal information protection rules, each party should clearly define its role and responsibilities in the protection process, especially in the Asia Pacific region, where the basis of data governance is weaker, and the governance capacities and policies are quite discrepant.
  • Communication channels need to be established between government, civil society, technical community, private sector and individual, to jointly build a trust and sustainable network.
  • Proposed building alignment across the region to form a mutual recognition mechanism on personal information protection. 
  • Put forward the need to attach great importance to promote the development of regional personal information protection and promote the need for cooperation, thus enhance the level of global data governance.