Economic ambitions drive Asian data shake-up
Aug24

Economic ambitions drive Asian data shake-up

Data protection has been something of a focus for Asian law-makers recently. Until the last couple of years, there were very few laws or regulations in the region which addressed the issue specifically. This is not to say that there were no laws to protect privacy but, rather, that they tended to come from a number of older statutes or case law, and were in many cases no longer appropriate for countries competing on a global scale in the face of technological advances. That is changing. Driven by economic and commercial ambitions (and not just by protection of consumers), legislators across the region have recognised the need to bring their data protection regimes more in line with international standards. The ASEAN region in particular has become the most active in the world for new data legislation. As a result, organisations based in Asia or that have online platforms targeted at or hosted in Asia are having to wrestle with the new rules. So what does this all mean for businesses? We look here at the three most recent new laws in the region, in the Philippines, Malaysia and Singapore, and the practical steps that businesses will need to take to comply. Some context: economic ambitions as a driver for data policy in Asia Having in place a consolidated data protection law has some clear advantages. There is the obvious benefit to consumers, who will now be subject to a privacy framework that is more in line with that enjoyed by citizens elsewhere, such as in Europe. However, economic ambitions are the key driver. In order to compete on an international scale, countries in the region need to be able to demonstrate that they are “safe” places to do business and that the requirements they impose on organisations are in line with international standards. In order to get themselves on any “white-list” of adequate jurisdictions for data processing, governments have recognised the need to have legislation in place. At a business-to-business level, businesses wanting to source suppliers (e.g. customer call centre providers) or to locate operations in the region (e.g. data centres) need to know that data will be held and processed securely, to the standards that their customers (and their own regulators) expect. The Business Processing Association of the Philippines believes that the legislation will raise the country’s profile as a destination for IT outsourcing projects that involve the handling of sensitive personal data, describing the legislation as “an important step to increasing confidence among foreign investors”. In Singapore, the government’s ambition was to “strengthen and entrench Singapore’s position as a trusted hub for business”. The Philippines: “keystone legislation”...

Read More