Asia-Pacific Roundtable

27 May 2015

Dentons, London, UK


Understanding Asia-Pacific data privacy laws

Click here for the full conference programme.

Professor Graham Greenleaf, University of New South Wales, Australia and Asia-Pacific Editor, Privacy Laws & Business International Report, will lead this roundtable on the countries and issues of most interest to business in the Asia-Pacific region.

Professor Greenleaf has researched and written expert reports for the European Commission on the data privacy laws of India, Australia, Japan and Hong Kong. He is also the author of Asian Data Privacy Laws: Trade & Human Rights Perspectives (published by the Oxford University Press).


9.00 Registration and Coffee

9.20 Welcome Host
Nick Graham, Partner, Dentons

9.25 Introduction to the Roundtable
Stewart Dresner, Chief Executive, Privacy Laws & Business

9.30 Asia-Pacific privacy laws in global perspective;
Comparing data privacy laws
Professor Graham Greenleaf

  • Asia's place in the context of global expansion of data privacy laws
  • Why the Asian institutional context is different from Europe
  • The 'basic' OECD/APEC standards compared with 'European' standards (EU/CoE)
  • The many international dimensions of data privacy laws

9.55 China - More comprehensive laws, and criminal prosecutions
Professor Graham Greenleaf

  • Emerging consistency in China's many data privacy laws
  • The remaining gaps in the laws
  • Enforcement via the criminal law
  • Civil actions for damages - a growth area?

10.35 India - An incoherent current law, but a comprehensive Bill may soon arrive
Professor Graham Greenleaf

  • The incoherence of India's 'Rules'
  • The enforcement system - does it function?
  • The comprehensive draft Bill and why it may be enacted
  • India's prospects for EU adequacy

11.15 Coffee

11.30 Managing privacy consistently across multiple Asia-Pac jurisdictions as part of a global business
Shona Harper, Chief Privacy Officer Europe and Asia Pacific, TD Bank Group, London

  • TD Bank Group's role in the Asia-Pacific region and how privacy policy fits into the business
  • Overcoming misunderstandings due to differences in privacy laws in Asia-Pacific, Europe and North America
  • Employee monitoring, data security and data breach management
  • Employee awareness and training
  • Specific issues faced by a bank, for example, anti-money laundering and conflicts of laws

12.10 Hong Kong - An activist Commissioner enforcing many issues
Professor Graham Greenleaf

  • The significance of new rules and enforcement powers
  • Notable recent cases (Do No Evil, Sudden Weekly etc.)
  • The Commissioner's 'Guidance' on data exports

12.50 More questions from the morning's sessions

13.00 Lunch

13.50 Japan -Progress report on the Government's new Personal Information Bill for both private and public
sectors: Impact on business
Hiroshi Miyashita, Law Professor, Chuo University, Tokyo, Japan

  • Progress report on the Diet's (legislature) debate on the Government approved Personal Information Protection Bill
  • Definition of personal information
  • Use of anonymous data
  • Legal duties for data brokers
  • Establishment of an independent Personal Information Protection Commission
  • Regulation of data exports
  • Abolition of exemption for small and medium enterprises

14.40 Singapore - New Act now in force, with tough powers
Professor Graham Greenleaf

  • Complex principles based around exceptions
  • Very serious enforcement powers, but still only on paper
  • A unique approach to data exports

15.20 Privacy issues companies want resolved when doing business in Asia-Pac
Nick Graham, Partner, Dentons, London

  • How do I prioritise the compliance effort across APAC? - a data heat map
  • Are there data localisation or residency laws?
  • When do I need consent?
  • Are there other local rules?
  • Is a US or EU benchmark for data governance sufficient?
  • Impact on "business as usual", HR investigations and conflicts of laws

16.00 Tea

16.15 Australia — Stronger powers, and data retention, but enforcement lags
Professor Graham Greenleaf

  • Increasing damages decisions by the Commissioner
  • Strong new enforcement powers, but will they be used?
  • A data retention law, and mandatory data breach reporting this year

16.55 APEC Cross-Border Privacy Rules - More countries involved, but what is the business case for

Professor Graham Greenleaf

  • Are any countries fully participating in Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) yet?
  • What does APEC CBPR certification mean for consumers and businesses?
  • Is there a business case for certification?
  • Does APEC CBPR have any global significance?

17.20 Conclusions and final questions (including questions about any other Asian countries)

17.30 Close

PL&B's previous Asia-Pacific events

This Asia Roundtable follows previous PL&B Asia-Pacific conferences and workshops held in London in 2013, 2011 and 2007, Strasbourg in 2008. PL&B have also sponsored Professor Greenleaf's presentations at the Asia-Pacific Privacy Scholars Conference in Sydney in 2011, Tokyo in 2012, Hong Kong in 2013 and Tokyo in 2014. There have also been many Asia-Pacific sessions featuring national commissioners and other experts at PL&B's Annual International Conferences starting with the 3rd conference in 1990.