Dear privacy pros,

I trust your week is going well.

Those of you who drive will probably have experienced the agony of “losing” your car in a massive underground car park (and for those in Singapore, I would venture to guess probably in Suntec City or Vivocity). Well, I recently visited a hospital that implemented a great solution for that: Just enter your vehicle registration number on a digital display at the lift lobby, and the screen will tell you exactly which lot number you parked with a map showing the shortest way to get there, as well as a picture of your car and its immediate surroundings.

To me, this simple scenario is a good example of how technology can resolve issues while creating new ones. The functionality of the system is undoubtedly useful, but the picture of the car is arguably superfluous. One wonders if the system is smart enough to know when to take the picture so that no one would be captured in the image. Or what would happen if the picture accidentally captures someone in a compromising situation, such as littering or accidentally scratching another person’s car? As a wise man once told me, “Just because you can, doesn’t mean you should.”

Like Singapore, a number of other countries have embarked on the race to be a smart nation. Our trusty rival Hong Kong is also beta-testing a high-tech video surveillance system that can be used to police illegal parking in East Kowloon, with plans to eventually roll out the system citywide. Besides potentially putting traffic wardens out of a job, the system will likely need to address any potential concerns of the same type that we just examined.

Singapore’s Personal Data Protection Commission recently released a discussion paper raising the possibility of including a data portability requirement in the proposed revision of the Personal Data Protection Act. I will leave it to you to digest the finer points of the discussion paper that are well worth a read, but it is interesting to note at the outset how the PDPC seems to be acutely aware that the right to data portability sits at the confluence between data protection law and competition law. This harkens back to some of the themes I discussed here last year and really shows how the PDPC has established itself as a forward-looking regulator in the APAC region. Beyond considering the balance between an individual’s right to have their personal data protected and a company’s need to innovate through the reasonable use of data, the paper discusses how the right of data portability might facilitate competition by reducing switching costs, allow new entrants to establish a foothold by lowering barriers of entry, and encourage cross-sector data flows and the development of new business models. Sounds like privacy pros need to get at least some basic grounding in competition concepts going forward.

In other news, India appears to have introduced proposals to restrict the outflow of sensitive personal data in its draft national e-commerce policy. While not entirely unheard of, the potential width of data that would fall under the restriction and the somewhat nationalistic justification proffered for regulating such cross-border data transfers is still likely to raise some eyebrows.  

Finally, I would like to take this opportunity to announce that after a long search, the IAPP has appointed Jason Lau into the country leader role for Hong Kong. Jason, who is currently the CISO for Crypto.com, has an amazing skillset (not to mention a list of certifications and awards) spanning both cybersecurity and privacy and will undoubtedly prove to be an invaluable asset to privacy colleagues in Hong Kong. You will probably hear from Jason soon, so I will leave it to him to introduce himself in greater detail then.

With that, I wish you happy reading and a wonderful weekend ahead.