South Korea has became the fifth member economy to join the Asia-Pacific Economic Cooperation’s (“APEC”) Cross-Border Privacy Rules (“CBPR”) system, a voluntary but legally enforceable code of conduct that aims to facilitate secure data transfers and e-commerce between parties to the agreement.

Established in 2011, the CBPR system aims to provide a minimum level of protection for personal information exchanged among member economies as e-commerce continues to boom. It helps mitigate privacy concerns led by the ever-increasing flow of personal data across borders and build consumer trust by ensuring that data is processed in compliance with the CBPR’s high security standards without restricting data flows.  Countries and businesses that took part in the multilateral system agree to implement APEC’s nine privacy principles, which include, for example, preventing harm, notice, collection limitation, integrity, and accountability, in all cases involving the transfer or processing of personal information.
Continue Reading South Korea Joins the APEC Cross-Border Privacy Rules Framework

On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic Cooperation Privacy Framework. Legislators stated that the Act was necessary due to the importance of the IT industry to the Philippine economy and the need for the Philippines to adhere to international standards.

A key provision of the legislation is the creation of a data protection authority, the National Privacy Commission, whose role it will be to implement and enforce the Act’s provisions. The Act also sets out a range of penalties for offences such as the unauthorized processing or unauthorized disclosure of personal information. These include prison terms of up to six years and fines of up to PHP 5,000,000. The power to prosecute and impose these penalties however will rest with the Department of Justice, not the National Privacy Commission.

Continue Reading The Philippines and Singapore Move Towards New Data Protection Regimes