The state of privacy regulations across Asia

While GDPR looms large across the Asia-Pacific region, there are significant differences as jurisdictions develop their own national approaches to privacy. There’s also a growing focus on data security in many countries.

asia fom space night shutterstock 1422245984
Shutterstock

Throughout Asia, it’s clear that the European Union’s GDPR privacy regulations, which apply globally when handling EU residents’ data, has marked out many of the ground rules in how to handle privacy laws. But although there are some common elements, there’s no overarching uniformity. Sovereign countries have their own data-protection frameworks and focal points when it comes to regulating privacy.

And although there is some movement to better align local regulations with GDPR, some countries are actually further ahead of the EU on certain aspects of privacy regulations. “There is a miss misunderstanding that the EU is the highest standard. It definitely is in some areas, but in some areas, definitely not,” says Miriam Wugmeister, a Morrison Foerster partner and cochair of its global privacy and data security group. For example, “countries such as South Korea, Japan, and Singapore are the leaders in terms of data security. On data localization [a.k.a. data sovereignty], China’s way ahead of Europe,” Wugmeister tells CSO Online.

The move to greater consistency at the same time as increased local variation will pose challenges to businesses throughout the world when doing business in Asia, making some efforts easier to scale across the region but still requiring custom implementations around data protection and privacy.

Where GDPR has influenced Asian data-protection laws

Data-protection legislation in Asia has been influenced by the 1980 version of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data,” says Peggy Chow, counsel at Herbert Smith Freehills Singapore. “Most Asian data-protection regimes are principles-based and follow the main principles around choice and notice, consent, data minimization, use limitation, retention and destruction of personal data, and cross-border data transfer restriction,” she says.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)