Powered by Rouse

Powered by Rouse, the emerging markets IP firm. www.rouse.com

Wednesday, July 6, 2016

ASEAN data privacy/protection regimes

Image result for dataThe development of data protection regulations in ASEAN (Association of South East Asian Nations) so far is been patchy. ASEAN has committed to harmonize legal infrastructure for e-commerce in the Roadmap for Integration of the e-ASEAN Sector. One of the targets in the Strategic Schedule for the ASEAN Economic Community (AEC) is to adopt best practices/guidelines on various cyber law issues including data protection.

Singapore, Malaysia and the Philippines are the only countries with specific data protection laws.

Indonesia, Myanmar and Vietnam are countries with data privacy requirements only as part of their general electronic systems and transaction laws.  In the case of Indonesia, change is afoot as the government rolls out regulations pursuant to its 2008 Electronic Transaction and Information law.  The Indonesian government has enacted two regulations on registration requirements for electronic systems operators as well. A new national Cyber Agency is proposed.


Vietnam's Information Security law came into effect on 1 July 2016.  The law contains annual inspections of information systems by the state.  The implementation of this requires further regulations. One concern is that inspection or registration requirements may be perceived as veiled attempts by a State to pry into stored personal data using the very law that is meant to secure personal data; another concern is the possible effect of clamping down on internet freedom. 

Indonesia and Thailand have circulated draft data protection laws.  It is important to monitor these bills through the legislative process.  One area of confusion for Indonesia is how one reconciles the data protection law (when enacted) with the data protection provisions in the pre-existing IT laws.  In the case of Thailand, the bill is not likely to be passed into law in the foreseeable future nor is the government infrastructure ready to implement the law yet, even if passed.

Cambodia still has not announced plans to enact data protection regulations. 

Businesses operating in the ASEAN region have a tricky task to keep on top of the differing regimes and developments. 


No comments:

Post a Comment