Asia as a region has lagged behind Europe, in particular, in terms of the development of updated data protection laws. The last few years have seen a real rapid pace of development in this area. We’ve actually had a number of jurisdictions — Australia, New Zealand, Hong Kong, and Japan — which have had data protection laws for quite some time. These are advanced, European-style comprehensive data protection laws, based on the 1980 Organisation for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
There was a bit of a time lag there; the APEC Privacy Framework came through in 2005. Under this, the APEC member economies agreed upon a framework for developing a uniform standard of data protection law across the region. And the focus here was economic; the focus is on building consumer confidence in e-commerce and across border-data transfers, and achieving that through agreeing a common standard of data protection compliance across the region.
What we saw in the aftermath of the APEC Framework was a flurry of new comprehensive laws across the region. South Korea, Taiwan, the Philippines, Malaysia, and Singapore have now all adopted comprehensive European-style data protection laws.
The European model is a consent-based model for data protection regulation where data is regulated on the basis of general data protection principles across industry sectors without distinction.
So with that, we’ll also mention India. India is not an APEC member, but it, too, joined the comprehensive regulatory fold in 2011 with the introduction of its Information Technology (IT) Rules, which also introduced formal data protection regulation to India.
Source: JD Supra