In recent years, there has been an uptick in new (comprehensive) data protection laws in the Asia Pacific (APAC). This trend introduces challenges for cross-border compliance, particularly for the industry, legal practitioners, and the community of data protection regulators. As a result of the difficulties, these stakeholders acknowledge that there is a need for greater consistency in regional data protection frameworks.
Today, the Future of Privacy Forum (FPF) and experts from the Asian Business Law Institute (ABLI) released a report providing a detailed comparison of the requirements for processing personal data in 14 jurisdictions in the Asia-Pacific (APAC), including Australia, China, India, Indonesia, Hong Kong SAR, Japan, Macau SAR, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, and Vietnam. The comparative analysis follows a months-long dissemination of individual reports on each jurisdiction.
In the movement for enhanced consistency between different jurisdictions’ data protection laws, FPF and ABLI found that many APAC jurisdictions have engaged in conversations around the call to move away from consent-centric privacy practices. Consent practices are often restricted to individual jurisdictions and their legal systems. FPF and ABLI’s new report aims to elevate this discussion by promoting alternatives to consent measures, thereby increasing the accountability of organizations that process personal data.
By using various alternative legal bases other than consent and with an eye on supporting greater accountability, organizations can balance their interest in using personal data with broader societal concerns, such as developing a vibrant digital economy or preventing the harms of crime and fraud to individuals.
“The APAC region is presently undergoing a period of intensive law reform. This APAC comparative report provides an opportunity for lawmakers, governments, and regulators who draft, review or implement data protection laws to have a comprehensive overview and analysis of notice, consent, and related requirements that operate in the data protection frameworks of their respective jurisdictions, regional partners and neighbors,” said Josh Lee Kok Thong, Managing Director of FPF APAC in Singapore. “We hope the report serves as a catalyst for initiating a regional dialogue focused on clarifying existing uncertainties and enhancing the compatibility of regional data protection laws.”
Understanding that compliance-based approaches to data privacy, such as consent, notice, and choice mechanisms, have serious limitations, FPF and ABLI propose an accountability-based approach to data protection. This new system shifts the responsibility of protection to users and controllers of personal data by utilizing data protection impact assessments (DPIAs). Assessing risk and enhancing accountability provides organizations with legal certainty, ensuring better privacy accountability across the region.
Moreover, FPF and ABLI found that this accountability approach is necessary and important as data protection developments continue advancing across the APAC region. The rise of new developments conveys a rare opportunity to clarify existing uncertainties and enhance the compatibility of Asian data protection laws on these crucial privacy issues. The report’s comparative legal analysis and input from industry, privacy professionals, and regional practitioners have demonstrated that despite divergences, commonalities exist and can be leveraged to drive convergence between jurisdictions’ different legal systems.
“ABLI is delighted to see the fruit of its partnership with FPF culminating in the release of this comparative review at a time when digitalization is driving an increase in cross-border data flows,” said Mr. Rama Tiwari, Chief Executive of the Singapore Academy of Law, ABLI’s parent organization. “With the largest economies in APAC estimated to be able to reap economic benefits of approximately US$2 trillion if they fully capture their digital potential, the release of the report provides a timely and enabling reference for policymakers and practitioners alike as they design, reform and refine policies and practices for personal data processing both domestically and across borders.”
You can read the full report here.