The state of privacy regulation in Asia

Across Asia, it is clear that the European Union’s GDPR privacy regulations, which apply globally when dealing with EU residents’ data, have set many of the ground rules for dealing with privacy laws. But while there are some common elements, there is no overarching uniformity. Sovereign countries have their own data protection frameworks and concerns when it comes to regulating privacy.

And while there is some movement to better align local regulations with the GDPR, some countries are even further ahead of the EU on certain aspects of privacy regulation. “There is a misconception that the EU is the highest standard. In some areas it certainly is, but in some areas it certainly isn’t,” said Miriam Wugmeister, a Morrison Foerster partner and co-chair of the global privacy and data security group. For example, “countries like South Korea, Japan and Singapore are leading the way. in the field of data security.About data localization [a.k.a. data sovereignty]China is way ahead of Europe,” Wugmeister tells CSO Online.

The move to greater consistency while increasing local variation will present challenges for companies around the world when doing business in Asia, making it easier to scale some efforts across the region, but custom implementations around data protection and privacy are still needed .

Where the GDPR has influenced Asian data protection laws

Data protection legislation in Asia has been influenced by the 1980 version of the OECD Guidelines on the Protection of Privacy and Cross-Border Flows of Personal Data,” said Peggy Chow, counsel at Herbert Smith Freehills Singapore. “Most Asian data protection regimes are principled and follow key principles around choice and notice, consent, data minimization, use restriction, retention and destruction of personal data, and restriction of cross-border data transfers,” she says.

Leave a Comment