Friday, January 12, 2007

Asia: the new Thought Leader in Privacy?

Privacy and data protection have always been a big thing in Europe and in the US. In Europe, the experience of Nazism and communist dictatorship have given rise to comprehensive legal instruments giving people extensive control over how data relating to them are processed (referred to as “informational self-determination”) by both the government and private companies. In the US, there is a long-standing tradition of privacy rights, but traditionally, most concern has been voiced about data processing by the government.

Europe and the US have become embroiled in a number of privacy-related squabbles recently. For example, European legal restrictions on transferring personal data outside the EU have led to objections in the US, where such restrictions are sometimes felt to be unfair and protectionist. On the other hand, Europeans have become increasingly upset by US processing of European data for law enforcement purposes. Thus, for example, requirements that airline passengers pass on their data to US law enforcement before boarding a plane bound for the US caused controversy recently. These disagreement are to some extent inevitable, given the differing cultures and legal traditions in Europe and the US, and to some extent are caused by simple misunderstanding and wounded pride. However, both the US and Europe are ignoring an important development, namely the growth of interest in privacy in Asia.

With over three billion people, Asia represents over half of humanity, and dwarfs both the US and Europe. However, traditionally privacy has not had a high value in many Asian cultures, which have been built more around communitarian ideas. Nevertheless, privacy regulation is exploding in Asia. While a few Asian regions have long had some sort of privacy regulation (such as Hong Kong and Korea), others have recently passed laws, including Australia, Japan, New Zealand, Taiwan, and others. In addition, other countries (such as Singapore and Vietnam) are presently either drafting privacy legislation or seriously considering it.

There are several reasons for this surge in interest in privacy among Asian governments. One factor is the work done by the Asia Pacific Economic Cooperation group (APEC), which is a group of Asia-Pacific countries (including the US) that get together to increase cooperation among their economies. In 2004, APEC approved a set of non-binding privacy principles for governments to follow in passing privacy legislation, and is currently working on other privacy-related issues such as international data transfers.

In addition, Asian countries see an economic benefit in passing privacy legislation. Experience in Europe an the US has shown that such legislation is a pre-condition to increasing consumer trust, particularly trust in online commerce. In addition, many large multinational companies are hesitant about locating large-scale outsourcing operations in countries without any legal framework for publishing breaches of data security and data privacy. Finally, as their economies have developed, more and more Asian citizens are demanding some sort of privacy protection.

In developing their privacy framework, the Asia-Pacific countries have a unique opportunity to draw from the good of the European and US frameworks, and reject the bad. Of course, the sheer size of Asian countries, and the diversity of their cultural and legal systems, makes implementing the APEC framework a significant challenge.

The wild card in all of this is China. With over one billion people, any privacy law enacted by the Chinese government will have immense impact, both inside Asia and beyond. In fact, the government has begun drafting a privacy law, the outlines of which will likely become clear in the coming months.

Despite these developments, privacy regulators in Europe and the US remain clearly focused on themselves and each other and their differences. In our globalized world, it is crucial that regulators work together more, and as the Asian economy picks up speed and China overtakes the US as the world’s largest economy, it is dangerous to focus only on transatlantic privacy issues and ignore what is happening in the Asia-Pacific region. Europe and the US should realize that they need to make their privacy regimes interoperable with such regimes in Asia. In our globalized world, any bilateral, or even regional, approach to regulation of the flow of information is doomed to eventual failure. Both Europe and the US are already dwarfed in terms of population size by the Asia-Pacific region, and will eventually be dwarfed economically as well. In this situation, it is in everyone’s interest to regard privacy not only as a transatlantic issue, but as a global one.

1 comment:

Kanjm said...

Interesting article. Do you know whether any countries in Asia, particularly Singapore, Japan or China, require that companies notify customers whose data has been breached (i.e. do these countries have any breach notification laws?)