Privacy Roundtable Part II

The Asia-Pacific region, as with the rest of the world, is experiencing a rapid evolution of the digital economy, driven by technological innovation, novel business models, and changing interactions between citizens and the Internet-enabled economy, among other factors. As data-intensive technologies and services become more integrated into the daily lives of individual citizens and increasingly foundational to economic growth and competitiveness, economies throughout the Asia-Pacific region are developing or updating personal data protection laws and rules.

While this is a welcome development, it is important that individual economies are aware of, and strive to ensure interoperability with, emerging international norms and practices around core aspects of personal data protection. The emergence of fragmented policies on core issues of data protection not only makes it harder to provide services, especially for under-resourced small- and medium-sized enterprises (SMEs) trying to expand beyond their domestic markets, but ultimately can undermine personal data protection and consumer privacy.

Following the privacy roundtable that was organized by ABAC USA, BSA, and Microsoft on December 17, 2020, (2020 Event Link: https://app.glueup.com/event/apec-privacy-roundtable-29824/) there has been keen interest to revitalize discussions that can support regulatory coherence in APEC. NCAPEC and BSA are pleased to host the upcoming Roundtable to delve into two topics of increasing importance to industry and regulators regarding privacy coherence. They are:

Expanding Legal Bases for Processing Personal Information. While individual consent remains an important basis for processing personal data, data protection frameworks that over-rely on consent can frustrate both individuals and businesses. Internationally, governments recognize a range of other legal bases for processing personal data, beyond consent, such as legitimate interests of the business operators. Data protection frameworks that recognize a broad set of legal bases for processing can maintain effective protections for consumer privacy while supporting responsible data processing. The panel will discuss emerging international approaches to additional legal grounds for processing personal data and how those grounds can protect individuals' personal data while supporting improved digital services in APEC.

Data Breach Notification (DBN). The timely reporting of data breaches is important not only for risk mitigation and data security, but for continued trust and adoption of digital technology. However, as economies adopt laws and regulations that govern data breach notification, they may inadvertently adopt diverging regulations that can prevent businesses from responding swiftly to regional security incidents. This panel will discuss how economies may further the privacy and security of personal data by supporting interoperable approaches to data breach notification. For example, international consensus is emerging that recognizes the thresholds for DBN should take into consideration factors such as risk of harm and giving due time for analysis or mitigation to ensure that any damage due to data breaches can be effectively contained. Given that many data controllers are processing data from individuals from multiple economies, regulatory coherence for DBN can facilitate international cooperation in response to major personal data breaches, with the goal of improving security outcomes.

DATE: 23 November 9:00 - 11:30 A.M. Singapore / 22 November 8:00 - 10:30 P.M. USA Eastern Time.