Asian Data Privacy Laws Conference

30 October 2019

Linklaters, London


Conference and Roundtable on Asian Data Privacy Laws and their impact on business.

Conference programme now available — click to download

Date and Times:
Conference - 09.00 - 13.15, 30 October 2019
Roundtable - 14.15 - 16.15, 30 October 2019 (Optional)

Linklaters, London

Data protection and privacy laws work very differently in Asia compared with Europe and North America.
  • How do you address privacy challenges in this fast-growing region?
  • To what extent are the Asian laws responding to the EU Data Protection Regulation?
  • To what extent do the APEC Cross Border Privacy Rules have traction in this region?
  • In which countries should companies expect mediation to play a role?

If you have business in Asia, this is your ideal opportunity to gain unique insights into the working of privacy laws in China, Japan, Singapore and South Korea. Plus:

  • Significant developments expected across other Asian jurisdictions
  • Questions companies are asking and practical steps they are taking to adapt their operations
  • Helping your company plan where to allocate resources according to your risk profile

This event qualifies for up to 5 SRA CPD hours and 5 CPE Credits.


Conference Agenda

Time Session




Asia Overview

Regional developments and what we are seeing in the market

Professor Graham Greenleaf and Adrian Fisher



  • A coherent set of data protection laws by the Cybersecurity Law and the ’standard' after two years
  • Developments in personal data rules – moving towards a single framework or continued fragmentation?
  • China’s updated draft cross-border rules
  • The new and uncertain data localisation and data export rules, and the risks involved for foreign companies
  • Will the ‘Chinese model’ be emulated elsewhere?

Adrian Fisher (Lead)



  • The modest and inadequate reforms of 2015
  • ‘Adequacy’, but only if your data comes from Europe, not from Japan or elsewhere
  • The EU shuts the ‘Japanese back door’ on APEC-CBPRs transfers to US companies
  • Lack of evidence that the DPA enforces the law
  • The Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and Prime Minister, Shinzō Abe’s ‘Data Free Flow With Trust’(DFFT): What does it mean?

Graham Greenleaf (Lead)


Questions and Answers





  • Enforcement trends, for example, recent Personal Data Protection Commission (PDPC) decisions
  • Proposed amendments to the Personal Data Protection Act (PDPA), for example, to legal bases for processing and breach notification; data portability
  • PDPC’s approach to data and innovation, for example, the Artificial Intelligence (AI) governance framework and regulatory sandbox
  • Strong enforcement, but with a S$1million limit
  • Fashioning a complex set of alternative approaches to data export

Adrian Fisher (Lead)



  • Further strengthening of enforcement: EU-level administrative penalties in use; statutory damages
  • Confusion over DPA powers, and Bills to resolve this issue which affect adequacy
  • A different path to EU adequacy: implementing GDPR-level protections for Koreans and others
  • Prescriptive requirements for transferring personal data out of Korea

Graham Greenleaf (Lead)


Other developments across the region

  • Thailand: Personal Data Protection Act now in force; Establishment of the Personal Data Protection Committee; Entry into force; Extra-Territorial application
  • Hong Kong: The Cathay Pacific decision
  • India: The Puttaswamy Case sets the parameters; the Srikrishna draft Bill: a GDPR-influenced law, but with distinctive differences; the Indian approach to data localisation differs from China’s; another Asian model for possible emulation

Professor Graham Greenleaf and Adrian Fisher


Major developments expected across other Asian jurisdictions in the next 12 months

Professor Graham Greenleaf and Adrian Fisher


Questions and Answers


Conference close and Lunch for participants attending the Roundtable

Roundtable Agenda

Time Session



A confidential exchange of experience with case studies

  • Challenges and issues that arise in the implementation of a global data privacy project across the diverse countries of the APAC region
  • Dealing with different legal bases for processing personal data
  • Cross border transfers
  • New/untested regulators
  • The overlay of cybersecurity laws that are emerging in some countries
  • Other




  • Graham Greenleaf

    Professor Graham Greenleaf

    Asia-Pacific Editor, Privacy Laws & Business International Report

    Professor Graham Greenleaf AM has been an advisor and contributor to PL&B Reports since 1991 and PL&B’s Asia-Pacific Editor since 2007. He is also a regular speaker at PL&B's Annual International Conference and provides periodic events in London on Asian Data Privacy Laws.

    Graham is a Research Professor of Law & Information Systems at UNSW Australia. He is Senior Researcher and Founding Co-Director of the Australasian Legal information Institute (AustLII). In 2010 he was made a Member of the Order of Australia (AM) for his contributions to both free access to legal information and privacy protection. Since the 1970s his involvement in privacy policy and research has involved Australian DPAs (as an official and as consultant), the Australian Privacy Foundation (as a co-founder and Board Member 1987-2017), the Asian Privacy Scholars Network (as founder, 2010) and Privacy Law & Policy Reporter (founder and editor 1994-2006). He has provided consultancy advice to the European Commission on data privacy laws in seven countries in the Asia-Pacific. His most recent book on this area of the law is Asian Data Privacy Laws: Trade and Human Rights Perspectives (OUP, 2014).

  • Adrian Fisher

    Adrian Fisher

    Partner & Head of Privacy Practice, Linklaters, Singapore

    Adrian Fisher is a senior technology and data privacy lawyer, and leads Linklaters’ data privacy practice in Asia. Adrian is based in Singapore, and has previously worked in China, Hong Kong, Australia and Europe. Adrian and his team work closely with clients throughout the Asia-Pacific region across a range of industries on the implications of the emerging data privacy landscape in Asia. Digitisation and digital transformation are a large part of what Adrian’s team focuses on. As part of that, Adrian and his team support clients on the legal and regulatory issues (which increasingly revolve around data governance) that arise in moving operations and business functions from traditional environments to online or digital environments. Adrian is a regular speaker at conferences in Asia on data privacy and fintech, and is a committee member of the Singapore FinTech Association.



Early Bird Rate
up to 30 August 2019

Standard Rate
after 30 August 2019

Single registration £300 + VAT £350 + VAT per person
Multiple registrations from the same organisation

£250 + VAT per person

£300 + VAT per person


Our thanks to 

Our Host


Our Sponsor

Our Media Partner