IAPP Asia Privacy Forum

It is an exciting time for privacy in Asia and for the privacy profession, which is growing rapidly in the region.

The growth we are seeing in Asia is driven by individuals’ increasing confidence in using technology to engage with each other and companies and awareness of their privacy rights. This fact was highlighted in Raymund Enriquez Liboro’s (Philippine Privacy Commissioner) closing session keynote.

His office has received over 400 complaints over the past few months regarding several mobile online lending operators that contact people on an individual’s contact list if the individual fails to make their loan payment of the individual’s delinquency.

It is stories such as this that show the increasing use of mobile applications and other technologies to conduct transactions and awareness of privacy rights under a country’s laws.

Technology Use Increases Awareness of Privacy Rights

Increasing individual awareness and use of technology puts greater responsibility on companies to ensure they have appropriate data governance controls in place.

Data governance and accountability were a theme throughout many of the conference sessions stressing the importance of having a data governance framework in place to guide the company’s data use and management decisions, especially in the light of the increased use of evolving technologies such as machine learning AI.

Another notable topic is the rise in localization requirements being folded into data protection laws and the impact on cross-border transfer. Notably, China and Singapore include localization requirements in their respective cybersecurity and data protection laws.

Neither law prohibits onward transfer in the way Russia’s localization does.

However, companies need to take steps to demonstrate appropriate measures are in place to limit transfers. Or protections are in place such as China’s security assessment requirement to transfer personal data cross-border.

As digital services continue to grow in Asia along with individuals’ awareness of their privacy rights, data governance, accountability and the ability to demonstrate control effectiveness are going to be key priorities for companies doing business in the region.