Convergence of data privacy laws in Asia: ABLI’s project showcased at 3rd Paris Peace Forum
By Dr. Clarisse Girot
Since 2017 the Asian Business Law Institute (ABLI) has been offering an apolitical, non-institutional, non-profit, and trusted platform of regional cooperation to advance multi-stakeholder discussions on convergence of data privacy laws in APAC.
The timeliness of such discussions has been enhanced by the current Covid-19 crisis and we welcome the opportunity to pitch our project at the upcoming edition of the Paris Peace Forum in November.
The crisis has accelerated the take-up of technology across many sectors, and governments have harnessed digital technologies to support the public-health response to the virus among others through population surveillance, contact tracing, and use of mobility data. The future 5G mobile network will accelerate the use of data transmissions, all of which are dependent on smooth and secure cross-border data flows.
Yet Asia, in particular, remains a patchwork of different laws governing the collection, use and transfer of that data, despite drawing on the same sources, like the OECD Privacy Guidelines, the APEC Privacy Framework and Europe’s General Data Protection Regulation.
For instance, different rules apply in the regulation of cross-border data transfers in the Asia-Pacific. Transfers may be authorised or prohibited by default, subject to exceptions that vary. Jurisdictions like China, India, Indonesia and Vietnam have imposed strict obligations to localise their citizens’ data, citing digital-sovereignty and national-security concerns. Individual consent is a default requirement to transfer data overseas in some, not all jurisdictions. Consent may be understood differently. Not all compliance mechanisms that companies may use to transfer data as alternatives to consent are recognised in all jurisdictions.
Because of the interdependence of data-flows frameworks, decisions originating outside Asia also have major implications for policy and practice of privacy, in Asia and globally. For instance, the decision of the European Court of Justice striking down the Privacy Shield, a data-transfer agreement between the EU and the United States, or the presidential order given to ByteDance to keep US data on-shore lest its TikTok business is banned from the US, have made Asia’s contrasted legal landscape even more complex.
The resulting accumulation of legal uncertainty and inconsistencies weighs heavily on businesses, constrains innovation, and eventually limits economic growth across Asia. It further puts limits to regulatory cooperation and creates gaps in protection that are prejudicial to individuals.
Taken together, this multiplicity of parameters creates the paradox that responsible data flows are being restricted in an increasing number of ways at the same time as the pandemic has proven that they have never been so useful for all the sectors of our societies and economies.
Addressing these challenges requires international cooperation and collective action. But in the current geopolitical climate, a top-down approach to international data-flow governance does not work well. Yet despite the political obstacles to the adoption of global solutions, public and private actors urgently need short or medium-term technical and regulatory solutions to protect personal data in a context that will inevitably be ever more international.
To fill this gap in global data governance, less formal, more agile methods of cooperation are needed.
ABLI’s collaborative model offers a unique pathway to address the challenges that result from disparate laws in the Asian region. Through a diversity of actions, and with the support of a unique network of privacy regulators, law practitioners, and industry representatives, we promote regional convergence and certainty in the area of data protection, privacy and cross-border data transfer regulations.
We look forward to presenting our project at the Forum and hope to see new forms of cooperation emerge there.
See you in November!
Views expressed in this publication are the author’s and do not necessarily reflect the views of the Paris Peace Forum.
Clarisse is a Senior Fellow and Data Privacy Project Lead at the Singapore-based Asian Business Law Institute (ABLI). The project is a unique initiative covering 14 Asian jurisdictions that aims at facilitating the convergence of data privacy laws in Asia, with an initial focus on the regulation of international personal data flows. The project is run with the support of some of the most renowned data protection experts in the Asia region, supra-national organisations, data protection regulators, and ministries with data protection responsibilities from across the region.
Clarisse is the editor of the acclaimed “Regulation of cross-border transfers of personal data in Asia” (ABLI, 2018) and lead author of ABLI’s Comparative Analytical Review on Asian data transfer regimes (2020), among other written works. A well-known figure in the global data privacy community, she is a frequent speaker at international conferences and a contributor to high-level research projects, networks, and working groups in the area of data protection and privacy.
Before relocating to Singapore, Clarisse acted as Counsellor to the President of the French Data Protection Authority (CNIL) and prior to that role as Head of CNIL’s department of European and International Affairs. She is a law graduate from the Universities of Paris (1993) and Oxford (M.Jur., 1994) and holds a Ph.D. in comparative law from the University of Tilburg in the Netherlands (cum laude, 2001).
Information on ABLI’s Data Privacy Project is available at https://abli.asia/PROJECTS/Data-Privacy-Project.