Asia-Pacific Region at the Privacy Crossroads (2008)

1. Introduction

The Asia-Pacific region has reached a significant crossroads regarding the protection of privacy. This article examines current privacy developments in the Asia-Pacific region and provides some analysis of the benefits and risks of pursuing either the EU or the US/APEC approach to privacy regulation.

The region could choose to follow a path that is based on the traditional approach to privacy found in the EU Data Protection Directive of 1995[2] and the domestic laws of many countries, with strong comprehensive privacy legislation establishing independent regulators and imposing conditions on the transfer of personal information to parties in third countries. In this article it is referred to as the EU approach.

The alternative path is to follow a new model of privacy protection that involves greater reliance on self-regulation, self-certification, trust-marks and the registration of corporate rules. This approach is strongly advocated by US businesses and some features of this approach appear (in a limited way) in the APEC Privacy Framework of 2005[3] and related APEC Privacy Pathfinder Projects. In this article it is referred to as the US/APEC approach.

However, it is important to stress that the Asia-Pacific region does not face a political decision between the EU and APEC. It is more a pragmatic decision between the comprehensive privacy legislation favoured and encouraged by the EU, and alternative segmented business-centric approaches being promoted by US businesses and appearing in some aspects of the APEC Framework.

Note: This Article defines the Asia-Pacific region as East Asia, South East Asia and Oceania. It excludes South Asia (India, Pakistan etc.), Russia, and the Americas. The region covered by the countries included in this article is generically and commonly referred to as ‘the Asia-Pacific region’.

[2] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 24 October 1995,

[3] APEC Secretariat, APEC Privacy Framework, 2005, <>.