Happy end of financial year from Australia, where the 30 June deadlines are giving no respite from the workload created by the 22 Feb. introduction of local mandatory breach notification laws and the response of local businesses to being bombarded with EU General Data Protection Regulation agreements, notifications and updates to terms.
While GDPR Day may have passed 25 May, it continues to be at the forefront of privacy news, including across the Asia-Pacific region, Association of South East Asian Nations and Indian subcontinent.
In this issue of the Digest, there is commentary on the political and economic consequences of the GDPR for the ASEAN countries in light of their internal economic drivers, especially considering the significance of IT infrastructure and cross-border data exchanges to those economies. The GDPR may well have an impact on bilateral and multilateral free trade agreements, and this may, in turn, drive change and a push for uniform regulation in a region that has a patchwork of approaches to privacy and data protection, including a number of countries with no rules whatsoever.
In addition to these broad issues arising from the GDPR, the issue of statehood and sovereignty of data arises in Australia, in relation to the government contracts for the rollout of Australia’s 5G mobile network and Chinese-owned company Huawei. This has been an ongoing issue where concerns have been raised around Chinese national intelligence laws, which require all organizations and citizens to help the country’s intelligence network.
This has raised fears in Australia that, if appointed, Huawei could alert the Chinese government to vulnerabilities they identify and allow those exposures to be exploited, to the detriment of Australia and its citizens. The Australian government has yet to make a final decision on the point, but the chairman of Huawei Australia reported to the press last week that it would not be required to comply with the Chinese law as it did not apply outside of China and that it should be considered for the contract. A decision is yet to be made, but this is another example of cross-border data issues permeating modern life at every level.
Moving away from the political and economic issues, data breaches in the region continued to be exposed. In Australia, the Health Engine app, which helps patients and medical practices schedule and manage appointments, has allegedly shared patient data with personal injury law firms to give them client leads. This scandal and the process of “claim farming” for personal injury prospects has received significant negative media attention.
With all that and the first hundred or so breaches under the GDPR that have been lodged in the EU starting to make their way through the systems of the relevant supervisory authorities, it is clear that there will be little downtime for privacy professionals in the Asia-Pacific region for the foreseeable future.
If you want to comment on this post, you need to login.