South Korea has became the fifth member economy to join the Asia-Pacific Economic Cooperation’s (“APEC”) Cross-Border Privacy Rules (“CBPR”) system, a voluntary but legally enforceable code of conduct that aims to facilitate secure data transfers and e-commerce between parties to the agreement.

Established in 2011, the CBPR system aims to provide a minimum level of protection for personal information exchanged among member economies as e-commerce continues to boom. It helps mitigate privacy concerns led by the ever-increasing flow of personal data across borders and build consumer trust by ensuring that data is processed in compliance with the CBPR’s high security standards without restricting data flows.  Countries and businesses that took part in the multilateral system agree to implement APEC’s nine privacy principles, which include, for example, preventing harm, notice, collection limitation, integrity, and accountability, in all cases involving the transfer or processing of personal information.
Continue Reading South Korea Joins the APEC Cross-Border Privacy Rules Framework

By Fredericka Argent

On 2 January 2013 the new Personal Data Protection Act  (PDPA) came into force in Singapore, following its enactment by the Singaporean Parliament on 15 October 2012.  A December press release also announced that Singapore’s government has also now established a Personal Data Protection Commission (PDPC) and a Data Protection Advisory Committee (DPAC) to administer and advise, respectively, on the new law.

The PDPA is intended to govern the collection, use and disclosure of personal data by organizations. Some of the key features of the new law include:

  • Data protection rules. Well-known concepts and principles of data protection law, as implemented in a variety of jurisdictions across the globe, also appear to be reflected in the new Singapore law.  For example, the law appears to require organizations to limit the purposes for which they process data, and to collect data only to the extent it is reasonably required.  Individuals also appear to gain certain rights, such as the ability to request access to data relating to themselves.
  • The establishment of a “Do Not Call” (“DNC”) Registry. The new DNC Registry will enable individuals to register their Singapore telephone numbers in the registry in order to opt out of receiving unsolicited marketing calls, text and fax messages.


Continue Reading Singapore’s New Data Protection Law Comes Into Force

On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic Cooperation Privacy Framework. Legislators stated that the Act was necessary due to the importance of the IT industry to the Philippine economy and the need for the Philippines to adhere to international standards.

A key provision of the legislation is the creation of a data protection authority, the National Privacy Commission, whose role it will be to implement and enforce the Act’s provisions. The Act also sets out a range of penalties for offences such as the unauthorized processing or unauthorized disclosure of personal information. These include prison terms of up to six years and fines of up to PHP 5,000,000. The power to prosecute and impose these penalties however will rest with the Department of Justice, not the National Privacy Commission.

Continue Reading The Philippines and Singapore Move Towards New Data Protection Regimes

Singapore’s Minister for Information, Communications and the Arts recently announced that the government will take steps to introduce a generic data protection statute in Singapore early next year.  The Singaporean government has been considering the issue for a number of years but now appears to have taken a concrete decision to proceed with targeted legislation in