The data privacy landscape in Asia is evolving rapidly, but not always in lock-step with the rollout of Europe’s General Data Protection Regulation. Our region remains unique and the challenges to provide safety and security are never straightforward. Putro Harnowo reports
Recent years have seen positive developments with data protection regimes in Asia. China, for example, unveiled its draft of the Personal Information Protection Law (PIPL), and Indonesia announced its draft of a Personal Data Protection (PDP) Bill to the public in 2020, marking their first attempts to legislatively establish provisions on the protection and regulation of personal information.
Last year, Japan amended its Act on the Protection of Personal Information (APPI), and South Korea amended its three major data privacy laws: The Personal Information Protection Act (PIPA); the Act on the Promotion of Information and Communications Network Utilisation and Information Protection (network act); and the Act on the Use and Protection of Credit Information (credit information act).
Hong Kong, meanwhile, proposed amendments to its Personal Data (Privacy) Ordinance in January 2020, although an update on official implementation is still unknown. Previously, in 2019, India tabled its Data Protection Bill to overhaul the current data protection regime, which is still pending. Thailand published its first Personal Data Protection Act (PDPA), which will take effect on 31 May.
Singapore expects the amendment to its PDPA to come into force this year, while on 9 February, Vietnam released a draft decree on personal data protection, which sets out principles of data protection and the regulation of cross-border data transfers. The draft is open for public consultation until 9 April.
All this progress is not surprising, as many jurisdictions have seen a rise in social and economic activities taking place virtually, and the importance of data privacy and protection has risen with this phenomenon.
However, the efficacy of these laws will be contested in the short term as data breaches continue to increase and regulators struggle to curb the damage.
In Japan, the APPI is scheduled to be reviewed every three years, and it is assumed that the protection of personal data will be strengthened step-by-step, rather than all at once, considering public opinion and an expected burden on business owners.
You must be a subscribersubscribersubscribersubscriber to read this content, please subscribesubscribesubscribesubscribe today.
For group subscribers, please click here to access.
Interested in group subscription? Please contact us.