Hello privacy pros. Greetings from Beijing. The IAPP Asia Privacy Forum 2024 in Singapore wrapped up last Thursday, but I am still buzzing with excitement after meeting and talking with so many amazing privacy pros from the APAC region, and beyond.
A highlight was co-speaking with peers from the IAPP Women Leading Privacy Advisory Committee. Our panel session focused on the data privacy and compliance challenges facing financial institutions in China, India, the Philippines, and other regions. We also shared some best practices businesses can adopt to overcome these challenges.
The IAPP APF24 was full of insightful panel discussions and talks. Here are some quick reflections:
- Asia is home to a rapidly growing number of dynamic new privacy and artificial intelligence laws and policies, which often have local characteristics due to cultural differences.
- Privacy-enhancing technologies are advancing rapidly, providing practical tools to address some of the existing privacy challenges.
- Advertisement technology privacy remains a global focus, with Big Tech companies exploring ways to benefit both the industry and consumers.
- Challenges remain in cross-border data transfers, but efforts like the Association of South East Asian Nation's cross-border privacy rules and multilateral/bilateral collaborations are being explored.
There is no doubt AI was one of the hot topics at APF24. Asian countries are eagerly embracing AI, aiming to balance innovations with governance and risk management.
Recent legislative and enforcement developments in China, Hong Kong and South Korea are reflecting this trend.
On 17 July, South Korea's Personal Information Protection Commission published the Guide to the Processing of Disclosed Personal Information for AI Development and Services. The guidelines aim to clarify the use of public data for AI technologies, focusing on the safe and legal use of public data within South Korea's regulatory regime and seeking to address some ambiguities surrounding the use of public data for AI development.
A similar balanced approach was also evident in a speech by a senior official from China's top legislature at the China Internet Legal System Conference held in Beijing in July. China intends to prioritize inclusivity, caution, and phased implementation in drafting AI laws and regulations. Lawmakers will prioritize issues related to training datasets for large language models and fair use of intellectual property rights. Regulators in some industry sectors such as mobility will be encouraged to experiment with innovative AI regulatory regimes for pilot projects.
However, promoting AI innovations does not mean businesses can operate without caution when developing or using AI technologies. In China, some companies have faced regulatory actions for illegally collecting and using personal data in AI products, failing to monitor AI-generated content, and neglecting security impact assessments and regulatory filings for AI algorithms. The noncompliance has resulted in the suspension of their apps pending rectification.
On 25 July, Hong Kong's Privacy Commissioner for Personal Data published an article highlighting that while business organizations have been exploring ways to integrate AI into their operations to enhance efficiency and diversify their business portfolios, the technology's adoption presents privacy and ethical risks. Businesses are therefore encouraged to follow the AI Model Personal Data Protection Framework in compliance with Hong Kong's Personal Data (Privacy) Ordinance when procuring, developing and deploying AI technologies.
More AI policies, laws and guidance from regulators in the APAC region are expected to be on the horizon. Until next time.
Barbara Li, CIPP/E, is a partner at Reed Smith.