TrustArc colleagues have participated at IAPP Asia Privacy Forum since its inception in 2014, both contributing to and gaining many insights from the focus on key developments in the region and how those relate to global trends. TrustArc team members from the APAC region and U.S. headquarters attended this year’s conference as well as a number of side events. It is an exciting time for privacy in Asia and for the privacy profession, which is growing rapidly in the region. Conference attendance was more than double from the prior year with over 350 attendees from a wide variety of industries and the discussion evolving to focus on topics such as data governance, accountability, onward transfer, and localization.
The growth we are seeing in Asia is driven by individuals’ increasing confidence in using technology to engage with each other and companies, and awareness of their privacy rights.. This fact was highlighted in Raymund Enriquez Liboro’s (Philippine Privacy Commissioner) closing session keynote. He discussed how his office has received over 400 complaints over the past few months regarding a number of mobile online lending operators that contact people on an individual’s contact list if the individual fails to make their loan payment of the individual’s delinquency. It is stories such as this that show increasing use of mobile applications and other technologies to conduct transactions and awareness of privacy rights under a country’s laws.
Increasing individual awareness and use of technology puts greater responsibility on companies to ensure they have appropriate data governance controls in place. Data governance and accountability were a theme throughout many of the sessions of the conference stressing the importance of having a data governance framework in place to guide the company’s data use and management decisions, especially in the light of increased use of evolving technologies such as machine learning AI.
The other big topic addressed at the conference is the rise in localization requirements being folded into data protection laws and the impact on cross-border transfer – notably China and Singapore including localization requirements in their respective cybersecurity and data protection laws. Neither law prohibits onward transfer in the way Russia’s localization does. However, companies need to take steps to demonstrate appropriate measures are in place to either limit transfers or protections are in place such as China’s security assessment requirement to transfer personal data cross-border.
As digital services continue to grow in Asia along with individuals’ awareness of their privacy rights, data governance, accountability and the ability to demonstrate control effectiveness are going to be key priorities for companies doing business in the region.
TrustArc regularly attends and hosts events around the world and online – learn more here.