World-renowned security expert Bruce Schneier says that security is a process, not a product. Similar sentiments can be found in the field of privacy, embedded in the guides to compliance with privacy and data protection such as the concept of Privacy by Design. The revelations of the activities of the US’ NSA and the UK’s GCHQ has, amongst many other consequences, prompted greater interest in issues of privacy and surveillance amongst the mass of the population in many countries. This leads to further questions about how laws, technologies and social norms (and their intersections) can be influenced to make it easy for individuals to have privacy. How can we know who can be trusted? Whom are we obliged to trust? How can non-computer experts secure the contents and description (meta-data) of their communications from unwanted exploitation, and how can a balance be struck between providing individual security and privacy while allowing legitimate investigation of wrongdoing? How can users be empowered to limit the collection, retention and processing of their individual data without it being a full-time job to read privacy policies, track transfers of personal data and send cease-and-desist letters to direct marketers?
In addition to papers targetting the conference theme, papers on the legal, technology and social aspects of privacy and data protection in the Asia-Pacific region (or globally with applicability to this region) are also welcome.