Data Privacy : A Difficult Balance for Asia?
In many industrialized nations, data privacy is a given. While there are occasional differences in expectations of privacy protection, for instance between the United States and Europe, or between opt-in and opt-out practices, for most, there is general consensus that privacy is an individual right, and that some form of data privacy legislation is necessary. This, however, is not something to be taken for granted among developing economies. In Asia Pacific, while Australia, Hong Kong, Japan and South Korea have data privacy provisions in place for some years, countries such as Philippines and Thailand are only in the drafting stages of their privacy bills. Others such as Singapore and Malaysia still do not have data privacy laws in their statutes even after going through the rigors of considering such legislation over many years. Speaking of which, I recall participating as a government representative at an”Asian Personal Data Privacy Forum” from as early as 2001 where among others, Indonesia, Malaysia, Singapore and Thailand each presented the privacy law developments of their countries. Some eight years later, things are still very much on the drawing board.What makes it so difficult to put data privacy legislation in place?For starters, in many Asian countries, there is no constitutional right to individual privacy. Instead, we see the influence of Confucius’ teaching that the interest of the society comes before the individual. The idea of individual rights does not always sit comfortably with these socialistic governments. Even the citizenry do not always come to expect it. Could it be that the concept of privacy is one that is imported from western nations?The advent of electronic information storage and interconnected networks means that personal information is easily collected, shared and matched with a click. Names, addresses and phone numbers can be given away without much consideration. I am always surprised at how readily some people give away personal details just for an opportunity to participate in a lucky draw, or at the amount of personal details that are shared indiscriminately by some users on social networking sites. Sometimes, entire identities are recorded online. We have reached a stage where a cyber burglar can freely seize what their eyes can feast upon in an identity theft, leaving the victim none wiser.On the positive side, increasingly, many are recognizing the importance of keeping data safe and sharing information discreetly. The digital natives are also becoming more vocal in demanding their rights. However, the fact remains that many countries in the Asia Pacific region are still without good data privacy legislation in place. For governments and legislators, the most common arguments against having data privacy legislation lie in the added compliance costs for businesses, and fear of the consequences of allowing scrutiny of the data and information collected by the government.Let’s consider the first argument of business cost. A common concern is that privacy rules can become overly onerous, imposing too many restrictions for organizations to operate efficiently. Today, many global companies recognize the need to take responsibility for the personal data that they hold, and are already subject to high levels of compliance by virtue of laws in other countries. Having similar rules in one more country does not increase the operating costs as it once did. Some may contend that domestic companies are not yet at those levels of compliance. But if they have ambitions to grow beyond their local markets, achieving compliance is unavoidable. The remaining challenge is for countries with privacy laws to have similar levels of protection so that businesses can maintain a similar standard and be cost effective as they operate across national boundaries. Guidelines such as the APEC Privacy Principles are a good starting point to work from.The second argument -fear of scrutiny of government-held data -however is more deeply seated and more challenging to address. Countries without a historical right to privacy find it unintuitive and culturally difficult to change the prevailing mindset, behavior and practices. Even legislative carve-outs for government-held data do not seem to overcome those fears. Fortunately, this too is beginning to change as international trade practices such as restriction on data flows impress on countries the need to have more internationally acceptable practices in place, even at the inconvenience of having to face a challenge from a data subject from time to time. For economies that are substantially based on outsourcing (e.g. India or Philippines), it is imperative for data in those countries to be appropriately protected, lest businesses choose to send their data elsewhere for processing.The winds are changing, but these changes will not happen overnight -much more education on the benefits of data privacy legislation is needed, including the right balance these laws should strike. In the mean time, it rests upon the individual to take personal responsibility over his or her data, by adopting best practices for online activity and transactions so as not to fall prey to identity theft or be victims of other fraud. Technological solutions exist to help, and should be used appropriately. Ultimately, whether personal information online is protected by law or not, consumers ought to know when and how to take charge of their own privacy.Some further tips on protecting you and your family online can be found here.