A warm hello to my fellow privacy professionals.

Recently, my mind got to thinking about how privacy in Asia is like rice — and here's how.

  • It's embedded across the region: Rice is a staple in our region's cuisine. Similarly, privacy has become ingrained in our societies. Even with state laws at varying levels of maturity, seeds have been planted and it will only be a matter of time until they are harvested. Just as rice fields have become a unique feature of our geographical landscape, Asia now boasts some of the world's most revered privacy frameworks.
  • Diversity: There is a wide array of rice-based dishes in Asia. Whether it is Thailand's long grain or India's basmati, cooking techniques deviate from each other, yet result in equally delicious outcomes — from Greater China's congee, Korea's bibimbap and Japan's sushi to Indonesia's nasi uduk, Malaysia's ketupat and Singapore's chicken rice. In the same vein, privacy requirements in Asia are highly nuanced and their implementation is tailored to suit local needs, culture and policy objectives.
  • Fundamentals: Notwithstanding, we share common underlying principles in protecting individuals' privacy while encouraging responsible data use and innovation, which boost our economies and enhance standards of living. We see this uniformity in the setting of responsibilities and standards for protecting personal data, conferring of data subject rights, scoping of legal bases for processing and even mapping out of cross border data transfer rules.
    On consent, for instance, even if local requirements are fragmented about the specificity or language in which consent needs to be communicated, it is still the core common denominator for processing personal data in Asia. Data transfer requirements, too, see great synergy among each other, even if features are distinct within each mechanism or standard.
  • It's alive and cooking: Despite varying levels of development, regulatory and enforcement activity are undeniably picking up steam across the board in Asia. The Philippines recently released a circular on its consent guidelines and proposed legitimate interest guidelines. In November alone, financial penalties of SGD92,000 were imposed for two infringements in Singapore. Thailand's Expert Committee published four separate enforcement decisions within a single month. New Zealand’s Human Rights Review Tribunal imposed a penalty of NZD10,000 for unlawful targeted advertising using personal data of breast cancer survivors. South Korea's preemptive reviews of AI-driven data processing got underway and a slew of amendments to its law — including on automated decision-making, data protection officer requirements and public sector processing— will be introduced leading up to January 2024. Finally, China's draft regulation proposing to ease cross border transfer restrictions will soon come into force.

As we approach 2024, leaning into our growing community and network of resources, and tapping into our collective wisdom navigating privacy in this vast and vibrant region, we should commit to recognizing our similarities over and above our myriad differences — as we might do with rice.