Q: Should Asia adopt a GDPR-style data privacy law?
Dmitri Hubbard, head of risk management, Hong Kong Law
Despite its recent zeitgeist, privacy is an ancient
concept. Civitas Romana saw ancient Roman citizens as
coming before the state, and separate from the state.
Now global reality has fundamentally changed. We live with
mobile phones, the internet, analytics, and an information
explosion. Thus in May 2018 the EU's General Data Protection
Regulation (GDPR) came into force to commit to the protection
of the individual against the arbitrary use of state or
corporate power. The GDPR has come in answer to the question:
if data is the new oil, then are internet and data businesses
the new oil companies? Regulation dictates the polluter must
pay to enjoy the benefit.
Meanwhile, in Asia-Pacific, data privacy laws have
incrementally developed over time, haphazardly, like a
patchwork quilt. Some jurisdictions started relatively