Asia’s Data Privacy Dilemmas 2014–19: National Divergences, Cross-Border Gridlock

(2019) No 4, Revista Uruguaya de Protección de Datos Personales (Revista PDP), August 2019, 49-73

UNSW Law Research Paper No. 19-103

27 Pages Posted: 19 Nov 2019 Last revised: 30 Dec 2019

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: August 30, 2019

Abstract

In 2014, thirteen of the 28 countries in Asia had enacted data privacy laws. They all implemented the ten minimum (‘1st generation’) principles for a data protection law which had consolidated in the 1980/81 OECD and Council of Europe instruments. They also implemented a little over half of the additional ten ‘2nd generation’ principles which distinguished the 1995 EU data protection Directive. In relation to cross-border transfers, a variety of instruments contended for primacy.

Five years later, much has changed in Asia, although the number of countries with data privacy laws has only risen to 15 (adding China and Bhutan). Amended laws include those in Thailand, the first law with strong GDPR influences, and in Japan and Korea, affected by their bids for EU adequacy. India and Indonesia have Bills with strong GDPR influences, but – like China – also strong commitments to data localization. This article assesses all these national developments in terms of whether new models for Asian data privacy laws are emerging.

The overall result of this half-decade of national developments is that the average of Asian laws has moved from the inclusion of 5/10 ‘2nd generation’ or ‘European’ principles, to 6/10. Furthermore, there are at least 40 instances of ‘3rd generation’ principles typified by the innovations of the EU’s GDPR being adopted in Asian laws, the most popular being data breach notification requirements. Enactment of GDPR-influenced laws in India and Indonesia will strengthen these trends. However, the absence of any significant regional standards in Asia (in comparison with Africa or Latin America) means that the adoption of particular principles is not uniform, and ‘convergence’ is not a very valuable concept in Asia.

Although numerous international instruments and their effects are influential in Asia (the CPTPP free trade agreement, APEC-CBPRs, Convention 108+, and GDPR adequacy), none of these have become dominant, or are likely to. As a result, individual countries will choose to engage with them as suits their national interests and other obligations. The new element of data localization laws is influential in quite a few countries, is disrupting traditional alliances, and is causing new models for data privacy laws to emerge, particularly those including data localization.

Keywords: data protection, privacy, surveillance, Asia, APEC, ASEAN

Suggested Citation

Greenleaf, Graham, Asia’s Data Privacy Dilemmas 2014–19: National Divergences, Cross-Border Gridlock (August 30, 2019). (2019) No 4, Revista Uruguaya de Protección de Datos Personales (Revista PDP), August 2019, 49-73; UNSW Law Research Paper No. 19-103. Available at SSRN: https://ssrn.com/abstract=3483794

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
86
Abstract Views
571
rank
315,229
PlumX Metrics