Time Session




Asia Overview

Regional developments and what we are seeing in the market

Professor Graham Greenleaf and Adrian Fisher



  • A coherent set of data protection laws by the Cybersecurity Law and the ’standard' after two years
  • Developments in personal data rules – moving towards a single framework or continued fragmentation?
  • China’s updated draft cross-border rules
  • The new and uncertain data localisation and data export rules, and the risks involved for foreign companies
  • Will the ‘Chinese model’ be emulated elsewhere?

Adrian Fisher (Lead)



  • The modest and inadequate reforms of 2015
  • ‘Adequacy’, but only if your data comes from Europe, not from Japan or elsewhere
  • The EU shuts the ‘Japanese back door’ on APEC-CBPRs transfers to US companies
  • Lack of evidence that the DPA enforces the law
  • The Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and Prime Minister, Shinzō Abe’s ‘Data Free Flow With Trust’(DFFT): What does it mean?

Graham Greenleaf (Lead)


Questions and Answers





  • Enforcement trends, for example, recent Personal Data Protection Commission (PDPC) decisions
  • Proposed amendments to the Personal Data Protection Act (PDPA), for example, to legal bases for processing and breach notification; data portability
  • PDPC’s approach to data and innovation, for example, the Artificial Intelligence (AI) governance framework and regulatory sandbox
  • Strong enforcement, but with a S$1million limit
  • Fashioning a complex set of alternative approaches to data export

Adrian Fisher (Lead)



  • Further strengthening of enforcement: EU-level administrative penalties in use; statutory damages
  • Confusion over DPA powers, and Bills to resolve this issue which affect adequacy
  • A different path to EU adequacy: implementing GDPR-level protections for Koreans and others
  • Prescriptive requirements for transferring personal data out of Korea

Graham Greenleaf (Lead)


Other developments across the region

  • Thailand: Personal Data Protection Act now in force; Establishment of the Personal Data Protection Committee; Entry into force; Extra-Territorial application
  • Hong Kong: The Cathay Pacific decision
  • India: The Puttaswamy Case sets the parameters; the Srikrishna draft Bill: a GDPR-influenced law, but with distinctive differences; the Indian approach to data localisation differs from China’s; another Asian model for possible emulation

Professor Graham Greenleaf and Adrian Fisher


Major developments expected across other Asian jurisdictions in the next 12 months

Professor Graham Greenleaf and Adrian Fisher


Questions and Answers


Lunch hosted by Linklaters



A confidential exchange of experience with case studies

  • Challenges and issues that arise in the implementation of a global data privacy project across the diverse countries of the APAC region
  • Dealing with different legal bases for processing personal data
  • Cross border transfers
  • New/untested regulators
  • The overlay of cybersecurity laws that are emerging in some countries
  • Other

Please note: the Roundtable is optional and no additional cost, but places are limited.  The Roundtable is fully booked - if you would like to attend this part of the day we can add you to the waiting list.