Privacy in Asia: Building on the APEC Privacy Principles

22 October 2013 - A Workshop on Security in Bali, Indonesia

Internet Governance Forum 2013

Workshop # 319 Report

Emerging Regulatory Issues in Data Privacy and Security

Organizer Name 

Kshetri Nir

Organizer Entity 

The University of North Carolina--Greensboro

Workshop Theme 

Legal Frameworks and Cyber-crime (Spam, Cyber-security, etc.)

Consise description 


This Workshop aims to bring together leading researchers, policy makers and practitioners to advance an understanding of the drivers, consequences, trends and responses associated with emerging regulatory and policy issues in data privacy and security.The Workshop will highlight recent regulatory and policy developments in data privacy and security in major world economies and their potential effects on businesses, and consumers. These include the European Commission’s cybersecurity strategy and its proposed directive on network and information security (NIS), an executive order (EO) signed by U.S. President Barack Obama (both inFebruary 2013) and China’s long-awaited privacy legislation: the “Decision of the Standing Committee of the National People’s Congress (NPC) to Strengthen the Protection of Internet Data” (“Decision”), which took effect on December 28, 2012. TheWorkshop will also analyze the diffusion of data privacy and security regulations in economies in the developing countries (or the Global South) and compare economies that have followed the U.S. data privacy model and those that have followed the EU model.  Finally, the proposed Workshop will also review how the new technologies such as cloud computing and social media have led to new regulatory and policy responses related to data privacy and security.






Remote Moderator 


Have you organized workshops at previous IGFs?


Workshop format 


Workshop Transcript 


Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions 



Nir Kshetri, University of North Carolina--Greensboro



Prof. Edmon Makarim, University of Indonesia

Prof. Fumio Shimpo, Keio University

Prof. Hong Xue, Beijing Normal University (BNU), Director of BNU Institute of the Internet Policy & Law

Mr. Jeffrey Yan, Director of Technology Policy, Microsoft Asia


Remote panelists

Prof. James Foster, Keio University

Prof. Jun Murai, Dean of our School of Information and Environmental Studies, Keio University (former board member of ICANN) (rearranged his schedule to join the panel remotely but could not get a chance to speak due to serious technical problems that could not be resolved despite IGF staff’s working on the issue for almost two hours).

The session

Nir Kshetri opened the panel introducing the on-site and remote panelists and introduced the list of questions to be addressed, which included:  

1) What is the current framework for protecting privacy online in your country?

2) How do you assess the prospects for greater alignment/harmonization of national privacy regimes across the Asian region?

3) Will the resulting Asian approach to privacy protection differ in some respect from those now being developed in the U.S. and within the EU; what implications does this have for global privacy governance?

4) Who are the key actors in the privacy debate in your country and what are their roles and powers?

5) How have data privacy regulations in your country affected businesses’ utilization of cloud services and big data?


In her presentation Prof. Hong Xue talked about how the 2012 “Decision of the Standing Committee of the National People's Congress toStrengthen the Protection of Internet Data”  and other relevant regulations such as Tort Liability Law, Criminal Law and Other Administrative Regulations have governed data privacy in China. Her presentation also included a detailed discussion of Cross-Border Harmonization issues and how emerging legal regulations on big data and cloud computing are likely to affect data retention and location, data process, data communication as well as key concerns related to network security and state economic security. She also covered multi-stakeholder involvement in the privacy debate in China and noted that the government is the most powerful actor, partly due to the fact that the state accounts for a significant proportion of economic activities.  


Dr. Shimpo in this presentation titled, “The Current Framework and the Future Approach for Protecting Privacy in Japan,” explained the relationship of Japanese framework on data privacy with personal information protection laws in other economies such as the OECD, the EU, the APEC and the U.S. He took a look at the history of personal data protection systems in Japan. His presentation included a detailed discussion of the 2013 report of the Study Group on the Use and Flow of Personal Data. Also covered in his presentation was “Smartphone Privacy Initiative”, which covered the Structure of the Guideline for Handling Smartphone User Information.


Prof. Makarim explained how Indonesian Legal Framework for Privacy can be considered as a Hybrid Paradigm which draws upon the EU framework, the U.S. framework, the OECD framework and the APEC framework on data privacy. His presentation covered in detail a number of specific laws governing data privacy in Indonesia such as Article 26, Law 11/2008 of EIT, and Gov.Reg. 82/2012. Also covered in his presentation is how most privacy in ASEAN countries are affected by various components of local culture such as those related to citizens’ communal, paternalistic, religious and tolerant norms and behaviors.


Mr. Yan provided an overview of changing landscape and the potential of Asian economies to lead the world in enabling trustworthy data governance. He presented the basic components of trustworthy data governance. He highlighted the importance of acceptable uses of data. He also talked about the inadequacy of the OECD frameworks.  In addition, he emphasized the importance of incorporating user attitude- and behavior- related evidence to inform policy and corporate stakeholders.


Prof.  Foster argued that we need more basic research into Internet policy area; this is an urgent task since many Asian governments are moving ahead with creating privacy framework that will prove difficult to undo if significant policy divergence emerge among countries in the region. He also discussed how    Big Data and the Internet of Things are further accelerating this process because they are transforming the connection between the individual consumer and the data. He emphasized on the need to get back to basics and develop a common definition for privacy and give attention to how we can operationalize. He concluded his presentation by noting the need of the discussion of the mechanism by which we manage privacy in the region.


Conclusions drawn from the workshop and further comments 


The question-answer sessions at the end of each speaker’s presentation as well as the end of the panel focused on a wide range of emerging issues that are central to the global economy and Asia in particular. They include  the importance Asian economies' adoption of appropriate regulatory framework to encourage the businesses' utilization of emerging technologies such as Big Data and cloud computing, privacy issues in smart phones in China and other economies, the usefulness of  the APEC framework in the Chinese context (as well as other economies), pros and cons of not having a privacy commission in Japan (such as the FTC in the U.S.), the process of amending privacy laws in Japan, Japan’s initiatives to harmonize with the OECD and other international frameworks, how the meaning of privacy in Asia is likely to be different from that in the West, the differences with the West in the Asian approach to personal privacy and data privacy, etc. It was apparent that the time allocated to the session was too short and we did not have enough time to focus in sufficient details on the questions and comments raised by the participants. 


The audience

About 60 IGF participants attended the workshop. There was an active participation from the audience and many participants appreciated the focused nature of the session and expertise and diversity of the panel members. 




Special challenges faced

Since remote participation was a key feature of the workshop, the technical problems we experienced were frustrating. The member of the team tried to work with the IGF technical staff since a day earlier and also about an hour before the session began. A host of problems made it impossible for the remote panelists to participate for over an hour. Finally, some of the technical problems were resolved and Professor Foster was able to participate at the end of the session. It was disappointing that Professor Murai, who had rearranged his schedule to join the panel remotely, could not have the chance to speak since he needed to leave early due to his other commitments.  




Reported by 

Nir Kshetri

Estimate the overall number of women participants present at the session 

About half of the participants were women

To what extent did the session discuss gender equality and/or women's empowerment? 

It was not seen as related to the session theme and was not raised

Discussion affecting gender equality and women's empowerment 


Workshops Staticals 
Number of FEMALE participantsNumber of MALE participantsNumber of Young participantsNumber of Developing Countries ParticipantsNumber of Developed Countries ParticipantsNumber of LDCs participantsNumber of TOTAL Participants
20 40 10 0 0 0 60