What an exciting week. 28 Jan. was a double celebration marking both International Data Privacy Day and Chinese New Year's Eve. The highlights of my day included making and enjoying delicious dumplings, a traditional treat for Chinese New Year's Eve, and attending the IAPP LinkedIn Live during which IAPP President and CEO J. Trevor Hughes, CIPP, led an insightful discussion with global privacy thought leaders Julie Brill, AIGP, Harvey Jang, AIGP, CIPP/E, CIPP/US, CIPT, FIP, and Caroline Louveaux, CIPP/E, CIPM.
The panel shared their predictions for data protection and privacy in 2025 and reflected on how national and international legislative and enforcement developments will evolve, particularly at the intersection of artificial intelligence governance and digital responsibility.
One thing is clear: We can all expect a dynamic and transformative year ahead.
AI and privacy developments in the APAC region
DeepSeek, an emerging Chinese AI startup, is making huge waves in the global AI space with its low-cost, open-source innovations. As technology advances, legislative bodies across the APAC region have been actively shaping regulatory frameworks.
One major development is the South Korean National Assembly's release of the AI Basic Act, making it the world's second AI law after the EU AI Act. The South Korean law mirrors aspects of the EU's approach, classifying AI use cases by risk levels and imposing corresponding compliance requirements. Interestingly, legal liability for noncompliance under the South Korean AI Basic Act is far more lenient than the EU AI Act. This suggests the South Korean government is prioritizing the growth and development of its AI ecosystem.
Last week in China, the National Information Security Standardization Technical Committee released draft guidelines on labeling AI-generated content. The guidelines, open for public consultation until 5 Feb., aim to standardize labeling practices and strengthen AI governance.
Earlier this week, TC260 also issued a set of new cybersecurity guidelines on protecting personal information in facial recognition payment scenarios. These guidelines provide specific compliance requirements and best practices for payment operators, service providers, and equipment suppliers. Key areas covered include securing user consent, implementing multifactor verification and preventing fraud, enforcing data encryption, conducting real-time monitoring and risk assessment, and responding promptly to data incidents.
With the widespread adoption of digital payments in China, banks, payment and e-commerce companies, and related equipment vendors and service providers are expected to take appropriate steps to comply with these guidelines.
Barbara Li, CIPP/E, is a partner at Reed Smith.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.