By Desarack Teso | March 8, 5.00pm SGT
With a new wave of privacy legislations coming into force or are being updated in the biggest Asia economies, policymakers, and regulators alike throughout the region are off to a running start in 2022. China’s Personal Information Protection Law came into force in November 2021, while Japan’s amended Personal Information Protection Act will take effect on April 1, 2022. India and Korea, meanwhile, have issued legislative drafts on new or amended privacy legislations. Thailand, the second biggest economy in ASEAN, is also getting into the act: the long-awaited, GDPR-model Personal Data Protection Act, twice delayed due to the pandemic, is slated to enter into force on June 1.
While these developments are positive, policymakers should now turn their attention to new technology and business trends which have already arrived, or which are expected to hit main street in 2022. The sophistications of these technologies – AI, the metaverse, Web3, digital marketing – will further test the existing or updated legal frameworks, be it privacy, IP, antitrust, or digital assets. Web3, for example, will test the data subject rights of correction and deletion since Web3 essentially runs on blockchain, which by design is immutable, i.e., it cannot be deleted nor amended. A virtual community in the metaverse will be operated by different independent entities, likely consisting of platform, content, social media, and advertising providers. These complicated and competitive interactions will surely test how the data subject right of portability will be enforced, or whether data exchanges between the competitors will give rise to antitrust concerns.
Perhaps a good starting point for Asia’s policymakers is to monitor the policy developments in Europe. The next wave of legislations being developed in Brussels are both broad and deep, including e-Privacy Regulation, Data Governance Act, Data Act, AI Act, Digital Services Act, and Digital Marketing Act, among others. These new wave legislations are happening all the while robust GDPR enforcement actions across the EU are being carried out. To this end, regulators are broadening their GDPR enforcement focus from data breaches to legal bases for collecting and processing of data, to sharing of data with third parties, and to reining in digital marketing.
Not surprisingly, South Korea, long known as the fastest adopter of new technology trends, is an early responder to this new tech trend. Its lawmakers in January 2022 announced that there are plans to introduce new legislations relating to the metaverse.
Will we see other policymakers in Asia follow suit in 2022?