On the 11th of July, we held an FYI session on data privacy; just over a year after Europe’s GDPR took force, has the industry been significantly impacted? More importantly, our event also considered how privacy has been received in Asia and how the region has prepared itself for new regulations with a far more global reach.
Here are the three key takeaways for “FYI: Data Privacy – Gathering storm or passing shadow?”
NOT MUCH HAS REALLY CHANGED POST GDPR – YET
- So far, European authorities had been timid in fining companies for privacy breaches – until the UK’s privacy watchdog fined British Airways 183 million pounds (over 310m SGD) in early July.
- Due to the complicated nature of the EU legal system, there’s still legal uncertainty about what valid consent means, where each company’s responsibility ends, and how much transparency is the right amount. It could take years before the GDPR’s requirements are properly clear and applied by the privacy authorities.
THERE IS NO ONE-SIZE-FITS-ALL FOR ASIA
- Asia finds itself in a scattered position when it comes to privacy as there are many different political dynamics between Asian countries. In India, for example, a draft privacy bill has been ready for a while, but with recent elections there is uncertainty on how it will move forward.
- There are also data localisation measures which prevent data about citizens of some countries, like Indonesia, being transferred out of the country – this data has to be processed locally.
- While it seems obvious to us based in the region, there are 13 different markets in Southeast Asia with different privacy standards, laws, and regulators. This makes it hard, if not impossible, to apply a one-size-fits-all approach.
- This market reality means that for businesses active in Southeast Asia, the best approach is probably to focus on what privacy means to the business and adapting to local markets.
BROWSERS ARE STARTING TO IMPLEMENT PRIVACY BY DESIGN
- More and more of the world’s popular web browsers are offering privacy protections when it comes to third party cookies, meaning that third-party cookies are blocked by default or can be switched off by the user’s choice.
- User-level controls in browsers are a noticeable first step in providing more control for users over how their data gets shared across the internet. As users become more aware about their privacy, this is an important step in the right direction.