Data Privacy in ASEAN and Europe

October 16, 2019
The panel consisting of (from left to right) moderator Geraldine Pelissier and guest panellists Wendy Lim and Clarisse Girot

On 15 Oct, we partnered with French Tech Cyber to bring both our communities a panel discussion around the topic, “Data Privacy in ASEAN and Europe”, with guest panellists Clarisse Girot, Data Privacy Project Lead at Asian Business Law Institute (ABLI), and Wendy Lim, Director, Cyber Security Consulting at KPMG. Geraldine Pelissier from French Tech Cyber moderated the event.

We were also very honoured to have the French Ambassador, His Excellency Marc Abensour giving an opening address at the event.

Key takeaways from the panel include:

Privacy is not limited to the EU

The GDPR came into force in May 2018, two years after it was published in the EU Official Journal in May 2016. While not offering the same level of protection as the EU yet, data privacy protection in ASEAN countries are moving towards this.

In November 2016, the ASEAN Framework on Personal Data

Protection established a set of principles to guide the implementation of measures at both national and regional levels to promote and strengthen personal data protection in the region.

The following year, ASEAN released a statement of cybersecurity cooperation in addition to ongoing efforts to foster regional cybersecurity cooperation.

Singapore’s Personal Data Protection Act 2012 (PDPA), which has been in force since 2014, is the closest regulation to GDPR in the region.

HE Marc Abensour giving his opening address

Lengthy privacy notices are ineffective

There is really no point putting up lengthy privacy notices that no one reads or understands. In a study done by McDonald and Cranor, they estimated if an average person were to read the privacy policy on every single website they visited in a year, this person will spend about 244 hours of reading time.

So it’s better for organisations to consider other options for privacy notices. For example, according to Florian Schaub in this article, an organisation could break up documents into smaller chunks and deliver them at times that are appropriate for users.

Privacy laws are not hindrance, they are enablers for businesses

Compliance with the GDPR will do all businesses good. It helps companies transfer data between countries outside of the EU with the EU, and helps to promote and grow regional and global trade.

Earlier this year, the European Commission (EC) issued its adequacy decision on Japan — this means Japan’s privacy regulations “mirror” the GDPR, easing data transfer between the two markets, making it easier to do business.

Singapore’s Infocomm and Media Development Authority (IMDA) has launched the Data Protection Trustmark (DPTM) certification to help organisations demonstrate accountability for data protection practices. Businesses should consider getting DPTM certification to increase their competitive edge and build customer trust.

For more updates like this, follow ICE71 on our web and social channels!