Hello privacy pros,

As the year draws to a close, this will be the last Asia-Pacific Digest from the IAPP for 2021. With that in mind, below are my reflections on some of the key developments for privacy in our region over what has been another challenging year.

The hot privacy topic in Australia for 2021 has been the comprehensive review of Australia’s privacy regime, starting with a flurry of submissions in response to the attorney general department’s issues paper in early 2021 and resulting in a discussion paper in October. For a wonderful overview of the scope of changes proposed, as well as some editorial viewpoints, I recommend "Privacy law reform in Australia — the good, the bad and the ugly" by Anna Johnston of Salinger Privacy. Aside from the Privacy Act review, notable privacy enforcement actions from the Office of the Australian Information Commissioner this year include determinations related to Uber, 7-Eleven and Clearview AI.

Looking across the Tasman Sea, privacy professionals in New Zealand experienced their first year applying a freshly updated Privacy Act. Although the updates to the act, including mandatory breach notification, were welcomed by Privacy Commissioner John Edwards, he also noted that it was a privacy act “fit for 2013.” Speaking of Commissioner Edwards, the announcement of his impending departure to become the new U.K. Information Commissioner made news around the world. As a prominent figure not only within New Zealand privacy but on the international stage, it’s no surprise that he was tapped for the U.K. role. We wish you all the best, John!

Elsewhere in the region, many expected to see India’s long-coming Personal Data Protection Bill finally passed into law this year, but it looks as though we may need to wait until 2022. In a recent article in Financial Express, Mishi Choudhary of the Software Freedom Law Center provides insight into the challenges that have hampered India’s privacy law ambitions. However, we did see some progress this week as the Joint Parliament Committee shared its final report with Parliament. You'll see more details in the lead blurb below.

In contrast, China published the first draft of its omnibus Personal Information Protection Law in October 2020, passed the final draft into law in August 2021, and the law came into effect less than two months later on 1 Nov.  

In August, privacy think tank Future of Privacy Forum launched its Asia-Pacific office in Singapore with the appointment of Clarisse Girot as Director for Asia Pacific. Clarisse is an internationally recognized expert with significant experience in the region and we welcome her continued leadership through her role at FPF.

Reflecting on the activities of the IAPP, the continued lockdowns of 2021 brought both challenges and some unexpected benefits. Although it has been disappointing to miss out on the in-person interaction we get from seeing each other at events, the online nature of our events has meant increased turnout and regional participation. Our Australia and New Zealand KnowledgeNet Chairs organized just under 20 events throughout the year, with attendees and speakers from throughout the Asia-Pacific region. My hope for 2022 is that we can have more hybrid events that combine in-person sessions with virtual attendees.

Speaking of 2022, although the IAPP ANZ Summit Online 2021 just finished (on-demand sessions are available online), it’s time to think about our sessions for next year’s Summit. Our call for proposals is open until 20 March 2022 and I encourage you to get involved, engage with your fellow privacy professionals and help to develop our profession.

In closing, I’m grateful for the enthusiastic engagement we have had from privacy professionals throughout the region this year to help us all stay informed and connected. Our profession continues to grow and to thrive, and it’s a privilege to play a small part in what has become such a critical political and social issue of our day.

Wishing you happiness, health and success in 2022!