Caslon Analytics elephant logo title for Privacy guide
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
overview

issues

principles

Aust law

EU law

New Zealand

Asia law

N America

agencies

advocacy

reports

primers

other writing

technologies

harbours

statements

media

business

costs

spatial

cctv

bodies

workplace

prisons

politics

telecoms

search

attitudes

harvests

landmarks











related pages icon
related
Profiles:

Human
Rights

section heading icon     Asia and the Pacific

 This page looks at legislation, reports and developments in Asia.

It covers

subsection heading icon     privacy landscapes

Given the disparate nature of economies and cultures in Asia and the Pacific islands it is unsurprising that there's wide range of legislation (or lack of legislation) and practice compared to Europe.

Some states have emphasised commitment to the OECD principles or sought compatibility with the EU Data Protection Directive. Others have identified personal privacy as inconsistent with Asian exceptionalism (eg a 'non-Asian' value or a fundamental impediment to economic growth) or to be disregarded as undermining the proper ordering of society through identification and surveillance of all citizens.

Singapore PM Lee Kuan Yew thus stated in 1986 that

I am often accused of interfering in the private lives of citizens. Yet, if I did not, had I not done that, we wouldn't be here today. And I say without the slightest remorse, that we wouldn't be here, we would not have made economic progress, if we had not intervened on very personal matters - who your neighbor is, how you live, the noise you make, how you spit, or what language you use.

Debate about policy questions, community expectations, industry codes and legislation has primarily concerned data collection/handling by government agencies rather than the private sector.

In particular it has centred on political surveillance and on questions of censorship, reflecting public attitudes about civil society and individual rights, past data collection practices in the private sectors of emerging economies (eg few comprehensive databases about consumption) and the priorities of national governments.

At a regional level there have been a number of statements by bodies such as APEC (Asia-Pacific Economic Cooperation), in particular the 1995 Seoul Declaration and 1998 Singapore Declaration.

The Seoul Declaration on privacy and the Asia Pacific Information Infrastructure (APII) identified the importance of a "free and efficient flow of information" while "ensuring the protection of intellectual property rights, privacy and data security".

The 1998 Singapore Declaration on privacy and E-commerce called for the APEC Telecommunications Working Group (APECTEL) to consider privacy as a key issue "that will affect consumer confidence and ability to use electronic commerce within the APEC region". The bureaucratic shopping list for that consideration was to embrace

  • reviewing and contributing to international approaches for protecting the privacy of personal data
  • identification of the essential elements of a legal and regulatory framework for electronic commerce
  • encouraging all APEC member economies to remove existing and avoid the introduction of new legal, regulatory and other barriers to conducting electronic commerce in the region
  • promoting the use of best practices on electronic commerce, ie the development of self-regulation measures by industry.

Collapse of the dot-com bubble, systemic economic problems in countries such as Malaysia and '11 September syndrome' have militated against enthusiastic implementation by the APEC Ministers.

Perspectives are provided by the papers from the 2000 conference The Rule of Law: Perspectives from the Pacific Rim, papers in Law, Capitalism & Power in Asia (London: Routledge 99) edited by Kanishka Jayasuriya, The Role of Law & Legal Institutions in Asian Economic Development 1960-95 (New York: Oxford Uni Press) by Katharina Pistor & Philip Wellons, and studies highlighted in our discussion of human rights here.

subsection heading icon     APEC Privacy Principles?

In 2003 the 21 APEC nations - ranging from Canada through China to Australia and New Zealand - began formal consultations about development of an Asia-Pacific privacy standard, along with protocols for handling data export restriction issues, potentially the major international privacy development since the EU data protection directive.

Establishment of a regional standard is contentious. Proponents have argued that it would promote the development of effective privacy regimes in APEC nations that currently have little privacy law (and weak enforcement of that law). It has however been criticised as potentially weakening existing regimes, posing potential threats to long term national/regional privacy enhancement through an emphasis on acceptance of

a second-rate standard based on some parts of the 20 year old OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), particularly if this is then used to force down the standards of privacy laws in regional jurisdictions which are already stronger.

In mid-2003 the Asia-Pacific Privacy Charter Initiative was launched under the auspices of the Asia-Pacific Privacy Charter Council (APPCC), a regional expert group that seeks to

develop independent standards for privacy protection in the region, in order to influence the enactment of privacy laws in the region in accordance with those standards, and the adoption of regional privacy agreements in accordance with those standards.

Proposals for APEC Privacy Principles are discussed in Graham Greenleaf's 2003 APEC Privacy Principles Version 2 - Not quite so Lite, and NZ wants OECD full strength paper and Australia's APEC privacy initiative: The pros and cons of 'OECD Lite' paper

subsection heading icon     China and the Hong Kong SAR

The Chinese Constitution - like that of the former USSR - provides limited rights to privacy, notably the declaration that "the freedom of the person of citizens of the People’s Republic of China is inviolable" (Article 37) and that

Freedom and privacy of correspondence of citizens of the People’s Republic of China are protected by law. No organization or individual may, on any ground, infringe on citizens’ freedom of privacy of correspondence, except in cases where to meet the needs of state security or of criminal investigation, public security or prosecutorial organs are permitted to censor correspondence in accordance with procedures prescribed by law (Article 40)

Government agencies have taken a broad view of "the needs of state security" and investigation. There's no general data protection legislation, few enactments that limit interference by government agencies and problematical application of legislation or statements of principle.

As noted by papers in Concepts of Privacy in China (Leiden: EJ Brill 2002) edited by Bonnie McDougall, there's no systematic historical or sociological study of notions of privacy in China. Much academic writing has centred on questions of censorship and political surveillance, for example Developments in Online Privacy Regulations & an Assessment of Privacy Practices in China (PDF) by May Lwin & Luh Lan, Open Networks, Closed Regimes: The Impact of the Internet on Authoritarian Rule (Washington: Carnegie Endowment 2003) by Shanthi Kalathil & Taylor Boas or Lokman Tsui's 2001 MA thesis (PDF) on Internet in China: Big Mama Is Watching You (Internet Control & the Chinese Government).

It's clear however that simplistic accounts about innately negative social attitudes are inadequate. A perspective on the development of a Western-style data protection regime is provided by Randall Peerenboom's China's Long March toward Rule of Law (Cambridge: Cambridge Uni Press 2002), Stanley Lubman's Bird in a Cage: Legal Reform in China after Mao (Stanford: Stanford Uni Press 1999) and Human Rights in Contemporary China (New York: Columbia Uni Press 1986) edited by R Randle Edwards.

Hong Kong was the first part of the region to enact legislation based on the EU Directive, with a Personal Data (Privacy) Ordinance covering the public and public sectors (here) and a Code on Access to Information (here).

The statutory Privacy Commissioner (PCO) is currently engaged in work of particular importance regarding privacy aspects of identity cards and health databases.

There is a discussion of the Hong Kong regime in Hong Kong Data Privacy Law: Territorial Regulation in a Borderless World (Hong Kong: Sweet & Maxwell 2002) by Mark Berthold & Raymond Wacks, Data Privacy Law in Hong Kong - A Professional Guide (Hong Kong: FT Law & Tax Asia Pacific 1997) by the same authors and The Annotated Ordinances of Hong Kong: Personal Data (Privacy Ordinance) (Singapore: Butterworths Asia 1999) by Mark Berthold.

The latter's papers on the HK legislation include Hong Kong's Data Privacy Proposals (in Privacy Law & Policy Reporter, 1994 part 1 here and part 2 here), Hong Kong's Personal Data (Privacy) Ordinance 1995 (in Privacy Law & Policy Reporter, 1995 here) and Regulating surveillance: Hong Kong's proposals (in Privacy Law & Policy Reporter, 1996 part 1 here and part 2 here).

 The Privacy Commissioner's site features information of interest to Australian readers.

The HK Legislative Council's consideration of law and practice is also of interest, in particular the 140 page consultation paper Regulating Surveillance and the Interception of Communications (txt) from 1996.

subsection heading icon     Taiwan

Across the straits the 1994 Taiwanese Constitution articulates a restricted right of privacy, ie that "The people shall have freedom of privacy of correspondence".

That has been extended through legislation such as the 1995 Computer-Processed Personal Data Protection Law concerning the collection and use by government agencies and some private sector bodies of personally identifiable information. The 1995 law requires that "collection or utilization of personal data shall respect the rights and interests of the principal and such personal data shall be handled in accordance with the principles of honesty and credibility so as not to exceed the scope of the specific purpose", with an in principle right of data access, correction and deletion. Data flows to countries without privacy legislation can be prohibited.

subsection heading icon     Singapore

There is no general data protection or privacy law in Singapore, where the government is recurrently criticised for surveillance of political opposition groups and orginary citizens.

Some protection is provided through e-commerce legislation, in particular the the Electronic Transactions Act (ETA), National Computer Board (Amendment) Act and the Computer Misuse (Amendment) Act (CMA). In 1998 the government's National Internet Advisory Committee released an E-Commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce that embraces industry bodies. It limits collection and unauthorised disclosure of personal information; consumers have some rights regarding the restriction of data transfers and data correction/deletion.

subsection heading icon     Malaysia

Malaysia's federal Constitution (like that of Australia) does not specifically recognize a right to privacy and there's been little progress in the development of a comprehensive regime for the protection of personal data collected/handled by the private and public sectors, despite proposals for a Personal Data Protection Act as part of the ambitious National Electronic Commerce Master Plan.

Perhaps unsurprisingly, given statements by Prime Minister Mahathir, government spokespeople generally characterize privacy safeguards as a cost of doing business rather than a public good and as an impediment to the proper policing of society. In practice provisions in the Communications & Multimedia Act 1998 restricting telecommunications interception appear to be ignored or overridden by the Internal Security Act and the Computer Crime Act of 1997. The 1998 exposure draft of the Personal Data Protection Bill was replaced by a weaker Bill in 2001, which did not proceed. A view is provided in the 2007 E-Data Privacy and the Personal Data Protection Bill of Malaysia (PDF) by Sarabdeen Jawahitha, Mohamed Ishak & Mohamed Mazahir.

An overview of developments in Malaysia is provided by Privacy and Data Protection: A Comparative Analysis with Special Reference to the Malaysian Proposed Law (London: Sweet & Maxwell) by Abu Bakar Munir & Mohammad Yasin.

subsection heading icon     Korea

South Korea's Constitution provides explicit protection of privacy, notably Article 17 "The privacy of no citizen may be infringed", Article 16 "All citizens are free from intrusion into their place of residence" and Article 18 "The privacy of correspondence of no citizen shall be infringed". The Republic has adopted the OECD Guidelines.

That's been reflected in legislation such as the 1994 Act on the Protection of Personal Information Managed by Public Agencies, 1995 Act Relating to Use and Protection of Credit Information, 1996 Act on Disclosure of Information by Public Agencies and 1999 Basic Act on Electronic Commerce, which underpins a government Cyber Privacy Center and guidelines to give effect to requirements that

electronic traders shall not use, nor provide to any third party, the personal information collected through electronic commerce beyond the alleged purpose for collection thereof without prior consent of the person of such information or except as specifically provided in any other law.

Data holders have a duty of security. Individuals have rights of access, data correction and deletion.

In practice implementation of the legislation has been uneven, with poor practice by government agencies and private sector bodies. A 1989 Supreme Court ruling identified a constitutional right to data protection "as an aspect of the right of freedom of expression ... specific implementing legislation to define the contours of the right was not a prerequisite to its enforcement". Extracting personal information from government (and more so from business) has been difficult and there's evidence of large-scale surveillance by a variety of agencies.

subsection heading icon     Japan

Prior to May 2003, Japan did not have a comprehensive national privacy/data protection regime.

The 1946 Constitution enshrines "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed". The 1988 Act for the Protection of Computer Processed Personal Data Held by Administrative Organs and 1990 Protection of Computer Processed Personal Data Act (based on the OECD Guidelines) provide partial regulation of some national government agencies.

Provincial/municipal government agencies are in theory covered by local privacy protection regulations. Low uptake of data processing by government agencies means that much information is not held/generated in digital formats and thus falls outside the legislation.

The national government has emphasised self-regulation by the private sector, especially regarding privacy aspects of electronic commerce, with a series of aspirational guidelines from the Ministry of International Trade & Industry (MITI) and other agencies. A suite of legislation passed in May 2003 established some general restrictions on the use and sharing of personal data, also giving individuals the right to obtain information collected by some private sector bodies.

subsection heading icon     Thailand

Thailand's 1997 Constitution seeks to protect a "person's family rights, dignity, reputation or the right of privacy", indicating that "the assertion or circulation of a statement or picture in any manner whatsoever to the public, which violates or affects a person’s family rights, dignity, reputation or the right of privacy, shall not be made except for the case which is beneficial to the public" and that "Persons have the freedom to communication with one another by lawful means".

Legislation and administrative directions under the Constitution have primarily concerned data handled by government agencies, rather than the private sector, for example the 1997 Official Information Act establishing a code of practice for personal information systems maintained by agencies.

subsection heading icon     India

India's 1950 Constitution does not provide express recognition of a right to privacy but successive Supreme Court rulings have identified an implicit right under Article 21 of the Constitution (ie the broad "No person shall be deprived of his life or personal liberty except according to procedure established by law") and that access to government information is an essential part of the fundamental right to freedom of speech and expression.

There is currently no general national data protection law; protection is provided on an uneven basis through sectoral enactments such as the 1993 Public Financial Institutions Act and licensing of ISPs under national telecommunications legislation. Legislation and practice at the state level varies considerably. In 2004 for example consumer groups noted that mobile phone companies will contact a subscriber's most frequently called numbers to complain if that subscriber misses a payment.

subsection heading icon     other parts of Asia and the Pacific

Among the Mekong delta states, Micronesia and most of Polynesia data protection is either not on the government agenda or is something used by agencies to protect themselves from intrusions by citizens.



icon for link to next page    next page   (US and Canada)


this site
the web

Google

 

version of November 2007
© Bruce Arnold
caslon.com.au | caslon analytics