Charting the inconsistencies and gaps in Asian data protection laws

Singapore, 25 May 2018 – Even before the firestorm of Facebook's massive personal data harvesting blows over, a similar scandal erupted in Thailand.

 

Personal data of about 46,000 users of True Move H, one of the country's largest telecom operators, was leaked into Amazon Web Services (AWS) cloud storage. The leaked data found by security researchers on AWS cloud storage, also known as the S3 bucket, included scanned images of users' ID cards, passports and driving licences.

 

This latest controversy begs the question of whether the legal framework for the use of personal data in any country in this region is sufficiently safe as the world aims to usher in greater digitisation.

 

Sharing data across borders has become the lifeblood of all segments of developed and developing economies, particularly in Asia where markets have embraced years of hyper-growth. The common challenge faced by governments is how to regulate this area of law in such a way as to protect individuals without sacrificing the benefits of data flows.

 

The different rules and standards enforced by Asian countries on the cross-border transfers of personal information is a big concern for businesses. Moreover, companies operating in China, Vietnam and Indonesia may need to incur additional costs to set up local data centres within these countries if data privacy laws prevent personal data generated by their citizens to be imported out of the country.  

 

As early as 2015, Chief Justice Sundaresh Menon had called for the need for greater harmonisation of data privacy laws within Asia. The Asian Business Law Institute (ABLI), of which Chief Justice Menon in chair of the Board of Governors, was set up in the same year as a neutral body to pull together governments, regulators and legal practitioners across Asia in this effort.

 

Earlier this year, on 7 February, it organised the first ever gathering* of 90 of the best experts and high-level government officials in the region for open discussions on existing data privacy laws, highlighting the commonalities and differences.

 

“This is a very complex area of law in Asia. ABLI’s role is to put forth practical solutions to policy makers and legal practitioners. We will do this by drafting recommendations to law makers and governments, in collaboration with experts, data protection regulators and the industry from across the region. The first set of recommendations for a more cohesive framework for cross-border data transfers in Asia will be ready in the first months of 2019,” said Dr Clarisse Girot, Senior Research Fellow and Leader of the Data Privacy Project at ABLI.

 

Concurrently, ABLI worked with data experts from 14 countries to gather information on data transfer rules currently in force in Singapore, China, India, Australia, New Zealand, Korea, Japan, Vietnam, Philippines, Thailand, Hong Kong, Macau, Malaysia and Indonesia.

 

The reports covered five key areas relating to data protection laws in Asia. These include the risks that businesses will face due to inconsistency of laws in different countries; the legal challenges posed by requirements to keep data localised within the country; the impact of national laws on data-related clauses in international trade agreements and treaties; how data transfer and consent requirements are to be implemented; and the role and powers of data privacy authorities to enforce the laws across borders.

 

The compendium, Regulation of Cross-Border Transfers of Personal Data in Asia, will be available to the public for free on the ABLI website, http://abli.asia/PROJECTS/Data-Privacy-Project, from 28 May 2018. Several public and private organisations have already expressed their intention to use the compendium as a resource for their respective data privacy projects.

“The reports in this volume have been written by some of the foremost experts on the subject of data privacy in their respective jurisdictions,” acknowledges Chief Justice Menon in his Foreword for the compendium. “Taken together, the reports offer a comprehensive survey of the regulatory landscape as it relates to cross-border data flows and data localisation obligations in 14 Asian jurisdictions and I have no doubt that they will prove to be a valuable resource, not only to practitioners but also to regulators and policymakers both in Asia and beyond.”

* More information about the ABLI Forum “Towards A Shared Legal Ecosystem for International Data Flows in Asia” held on 7 February 2018 can be found at http://abli.asia/NEWS-EVENTS/Whats-New/ID/52.

 

 

About the Asian Business Law Institute

ABLI was launched in January 2016.

It is a permanent institute based in Singapore that initiates, conducts and facilitates research with a view to providing practical guidance in the field of Asian legal development and promoting the convergence of Asian business laws.

Its mission is to remove unnecessary or undesirable differences between Asian legal systems that pose obstacles to free and seamless trade.

ABLI’s long term strategic direction in accordance with its aims is set by its Board of Governors chaired by The Honourable the Chief Justice Sundaresh Menon of the Supreme Court of Singapore. The Board comprises representatives from Australia, China, India and Singapore and other internationally renowned legal experts.

 

About the Singapore Academy of Law

ABLI is a subsidiary of the Singapore Academy of Law (SAL). SAL is a promotion and development agency for Singapore’s legal industry. Our vision is to make Singapore the legal hub of Asia.

SAL works with our stakeholders to set new precedents of excellence in Singapore law through developing thought leadership, world class infrastructure and legal solutions. Our mandates are to build up the intellectual capital of the legal profession by enhancing legal knowledge, raise the international profile of Singapore law, promote Singapore as a centre for dispute resolution, and improve the standards and efficiency of legal practice through continuing professional development and the use of technology.

As a body established by statute, SAL also undertakes statutory functions such as stakeholding services and appointment of Senior Counsel, Commissioners for Oaths and Notaries Public.

SAL is led by a Senate headed by Chief Justice Sundaresh Menon, and comprising the Attorney-General, the Supreme Court Bench and key leaders of the various branches of the legal profession. It has more than 12,000 members, including the Bench, all persons who are called as advocates and solicitors of the Supreme Court (i.e. the Bar) or appointed as Legal Service Officers, corporate counsel, faculty members of the three local law schools (i.e. National University of Singapore, Singapore Management University and Singapore University of Social Sciences) and foreign lawyers in Singapore.

More information can be found at www.sal.org.sg.

Foo Kim Leng (Ms)
Deputy Director
Corporate Communications
Tel:  6332 5365 / 9635 8850
Email: foo_kim_leng@sal.org.sg

 

Alyssa Nyam (Ms)
Assistant Manager
Corporate Communications
Tel: 6332 5371 / 9773 2333
Email: alyssa_nyam@sal.org.sg