Independence of data privacy authorities (Part I): International standards

Part I of this article analyses the views of learned commentators on what constitutes the ‘independence’ of data protection authorities (DPAs). It concludes that a more satisfactory answer needs to be found in the international instruments on data privacy and on human rights bodies, their implementation and judicial interpretation, and in the standards that have been proposed and implemented by DPAs themselves. It finds that only the OECD and APEC privacy agreements did not require a DPA (and therefore have no standards for its independence). Thirteen factors were identified as elements of ‘independence’ across these instruments and standards, five of which were more commonly found than others. Part II of the article will consider how these criteria have been implemented in laws in the Asia-Pacific.