This session, discussing the latest developments in data protection within the Asia Pacific countries, will provide a critical assessment of the actual legislation outcomes. However, looking at the range of predispositions towards privacy issues, even these current results are interestingly questionable. How will the users adapt to the new received views of privacy? Will they accept the proactive role required of them? And how will states and corporations interpret their new obligations?
The immediate future of privacy regulation in the Pacific Rim could provide a natural observation field to examine opportunities and limits of globalization.
Whereas the concept of privacy is well accepted in the West, it is a new concept to many Asia Pacific countries that needs to be promoted at the same time as it is being protected. Today, those countries that are oriented toward a model of control are more likely to adopt new surveillance technologies. Jim Tam reports wide violations of privacy through surveillance of messages and interception of communication between citizens. The government of Singapore watched 200,000 computer users during the pre-test of a scan for a virus, while in China companies and individuals are normally "requested" (read: required) to disclose personal information.
In this regard Stephen Lau, Privacy Commissioner for Personal Data in Hong Kong, gave an account of the increasing significance of privacy as a basic right in China. A 1999 "Community Opinion" survey asked respondents in Hong Kong to rank the importance of social policy issues. The results showed that the population claims privacy as a significant and fundamental right. The increasing of importance of privacy in conjunction with growing Internet connectivity in the region leads to important economic and social consequences that need to be promptly addressed. Given these recent developments, which regulatory model should be adopted and how people will react and implement privacy regulation?
The session stimulated reflections on the existing models and compared the different modus operandi between countries. Some countries as Singapore and Malaysia that have little or no Internet regulation argue that privacy would be protected by sector laws. Other countries such as Japan, Korea, Thailand, and Australia have laws that cover the public sector but not the private sector, and thus are only partially regulated. Still others like China have some laws for e-mail privacy, but little else. Senator Kate Lundy provided a detailed picture of the current bill in Australia and its next probable developments. The current bill, based on a co-regulatory model, seeks to extend privacy regulation into the private sector. Despite promises it is still pending in Parliament after having been withdrawn in 1997 by the then liberal government.
Since then, after a change in government, privacy legislation has not yet been properly addressed. The bill itself presents some deficiencies. Based on a co-regulatory model aiming to conform to requirements of the EU Data Protection Directive, it should guarantee regulation and control by The Privacy Commissioner. Nevertheless it seems that in the last few years its funding and potential impact have been progressively limited. The underlined picture shows that in Australia as well there is a need to improve and develop actual legislation. There is the need to build an environment that is genuinely co-regulatory where all the part involved could actively participate in shaping the new assumptions of privacy protection and privacy rights.
Beside legislative efforts, other realities show the need to educate the population at the right of privacy. As effectively pointed out by Professor Jim Lin from the National Central University, Taiwan, privacy is a fundamental issue for the development of democracy. The low level of public awareness and concern about privacy was recently demonstrated when the government in Taiwan presented the project of an ID smart card, which was to contain all the possible personal information including financial personal data. Surprisingly, the population agreed with the idea without showing any particular concern. The proposal was scrapped after interventions from the relatively small "privacy community" in Taiwan but it underscores the fact that privacy is sometimes not seen as a fundamental right.
In Professor Lin's view, despite the existence of an adequate legislative framework, there is the need to promote cultural changes with regard to privacy awareness. This view came out again in the discussion with the general consensus that under any implementation model the attitude of the parties involved is crucial to its success. The cultural heterogeneity between countries would then require tailored interventions, which can take adequate account of the different perception and attitudes toward privacy.
In a region undergoing rapid political and social change, it is tempting to question whether increasing the importance of privacy is a matter of increasing democracy first or whether privacy awareness would be part of a dynamic evolutionary process towards more democracy. Moreover, even when democracy is the status quo, privacy protection depends on the active participation of all the parties involved with particular reference to the private sector. Finally, from the audience some more question marks emerged: under which conditions and circumstances will the private sector be more likely to support a data privacy regulation? Which model of regulation would be the best? And, given the ideological supremacy of the co-regulation pattern, which measures are required to make it work? For these questions there are no easy answers. Nevertheless, as was evident from the session, while a world of global information flows and trade does not require a global approach to implementing privacy, it does require agreement that privacy is important.