By Sunny Park, Assistant General Counsel and APAC Regional Director, Corporate, External and Legal Affairs, Microsoft Asia Pacific.
28 January is Data Privacy Day and it’s a subject I am passionate about as it continues to be important in Asia Pacific. Microsoft believes that data privacy is a fundamental human right, which is why we supported the European Union’s Global Data Protection Regulation. We want to ensure that apart from governments, organizations also take ownership in creating trust with their consumers’ data. I’ve noticed that when discussing these issues, one thing is clear – everybody wants to do the right thing. The question is, how. We should look at working better together by reviewing the holistic picture of data ownership, movement and trust in the era of digital economies and artificial intelligence. And how data can bring economic prosperity and deliver value to the region. So, what’s holding us back?
ASEAN is one of the most data-rich regions in the world. We have the third-largest number of mobile- phone users and fourth largest number of Internet users globally. This flow of rich data is central to business models, job creation, and economic opportunities, driving growth of SMEs and enhancing citizen services. The availability of cross-border data flows creates new demand for digital services, and we see the potential it has in increasing the GDP in the region between US$220 billion and US$650 billion by 2030.
Cross-border data flow has created new digital services, which in turn as resulted in ‘unicorn’ companies, like Grab, which has leapfrogged from small operations to raising over billions in investments within a short time span. Additionally, business leaders, especially those in manufacturing see digital transformation and data as a key driver of future growth, which is promising to the economic landscape in the region.
The opportunities are clear, but they also come with new challenges. Managing, storing and processing this data brings important new privacy responsibilities for governments and businesses. As data privacy is a fragmented theme within and across ASEAN, the region as a whole has been lagging behind the rest of the world.
Almost all the countries in the region have recognized or begun to recognize the importance of data (customer data and consumer protection) and have started creating frameworks and joining regional and international initiatives on privacy issues. Countries like Japan and Singapore have focused well on both aspects. They have maintained their focus on cross border data flow, with strong cross-sectoral domestic privacy rules that are increasingly consistently aligned and applied, and remain flexible to take into consideration developments like artificial intelligence and 5G. In Singapore and the Philippines, the Personal Data Protection Act (PDPA) and the Data Privacy Act were created in a bid to protect the privacy of citizens while ensuring the free flow of information to promote innovation and growth.
Now, herein lies the challenge because not everyone shares the same perspective on data privacy.
Lack of harmonization of privacy regulations across the region makes it more difficult and costly for organization to comply as businesses grapple with the desire to go to market with fast innovative digital services, while navigating the ambiguity of differing requirements across the region, including data localization. The fact that data privacy regimes across the region don’t align creates a gap. That gap creates challenges from corporate and government compliance, to establishing good user behavior and increasing trust.
We continue to see challenges in regulatory discussions about the best ways to build trust through privacy protection. One example is when governments focus too much on where data is located, rather than how it is protected. An undue focus on data localization introduces regulatory complexity which can limit economic growth without any positive impact on privacy protection.
Against this backdrop, businesses face a twin challenge: navigating this complex regulatory web; while also building trust with consumers and citizens in how the data is used.
Microsoft recognizes that navigating this complexity is a challenge, especially for small companies and startups. We work closely with regulators and our customers to help address these challenges. Through our Trusted Cloud principles, Microsoft puts privacy as a cornerstone, along with security, transparency and compliance. We see helping businesses build trust with consumers and government’s with their citizens as an essential part of our work. Good data privacy and protection engenders greater consumer trust. And when consumers and the general public are more confident in sharing their personal data with organizations, organizations can deploy more data-driven innovations. This will be central to ASEAN’s future.
So how can we all benefit from cross-border data flows while maintaining data privacy?
A ‘One ASEAN’ (or APAC) approach to such key issues should look to set of principles founded on international standards, and good practices, which provide a common baseline and enable countries to progress as they mature. This sets a strong and high standard for all players to move forward, without being kept to the lower common levels. It builds on common frameworks and proactive communications, which importantly must be tri-sector – bringing in private sector expertise, government governance frameworks and civil sector input.
It’s crucial that governments in Asia Pacific get together to agree on privacy principles, and work towards removing barriers to data flow and localization requirements. The principles should enable Asia Pacific to share its data across the region freely, to benefit from the rich data that it has. If countries in Asia Pacific want to attract more investments and become more competitive in the global market, each country needs to work together towards this cause.
We’re all part of a global network, and every country in Asia Pacific is on the treadmill called digital transformation, together with the rest of the world.
We cannot afford to lose this opportunity for the region.
