Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)

Asia Pacific sessions

In brief

The data privacy landscape in Asia Pacific has undergone major changes in recent years. The region has seen a wave of new privacy laws, regulations and amendments, which bring with them a new set of regulatory and legislative requirements. Our first session provided a roundup of the developments in the region, and how these new requirements are set to impact multinational businesses.


Session 1: Spotlight on privacy developments in Asia Pacific


China's PIPL came into effect on 1 November 2021. Together with the Data Security Law (DSL) which came into effect on 1 September 2021 and the Cybersecurity Law (CSL) which took effect on 1 June 2017, they form a three-pillar data protection and cybersecurity system in China. The PIPL is the first comprehensive personal data protection law in China and adopts certain concepts under the GDPR. It applies to personal information processing activities conducted within China, cross-border transfers of personal information outside of China and certain cross-border processing activities concerning data subjects in China. The DSL applies to all types of data and data processing activities carried out within the territory of China, with a focus on "important data" and state core data. The CSL has introduced the concept of "Critical Information Infrastructure" and sets out the general rules on cyber data and information security.


Companies should watch out for Vietnam's four key pieces of upcoming legislation that touch on data protection and cybersecurity issues, namely the Draft Decree detailing the Law on Cybersecurity ("Draft Cybersecurity Decree"), the Draft Decree on Personal Data Protection ("Draft PDPD"), the Draft Decree on Penalties for Administrative Violations in Cybersecurity ("Draft PAVCD"), and the Draft Law on Consumer Protection ("Draft LPCR").

The Draft Cybersecurity Decree was circulated to the Government Members for approval in May 2019 but the approval is yet to be granted (as of March 2022). The revised Draft PDPD (which has been kept confidential) is expected to be promulgated by May 2022, with further amendments to be applied by 2024. The public consultation on the Draft PAVCD ended last November but it seems that the Ministry of Public Security has not submitted the Draft PAVCD to the Government yet. The public consultation on the Draft LPCR closed in March 2022 and will require traders to comply with the regulations on personal information protection.

Hong Kong

The amended Personal Data (Privacy) Ordinance which criminalises "doxxing" took effect on 8 October 2021. "Doxxing" refers to gathering personal data of a specific targeted person and/or related persons (such as family members) through various means, e.g., public registers and discussion platforms, and disclosing such personal data on the Internet, social media or other open platforms (such as public places).


Australia is in the process of reforming the Privacy Act. There is also draft legislation for the creation of a binding online privacy code which would apply to social media services, data brokers, and certain large online platforms operating in Australia. Further, there are developments in Critical Infrastructure and Cyber Security Laws which seek to expand existing protections to more industries, with mandatory reporting requirements when the critical infrastructure is subject to a cyber-attack. The Online Safety Act came into effect in January 2022 and targets inappropriate material and cyberbullying, allowing the eSafety Commissioner to identify offending accounts in order to enforce the Act.

Access the session recording and other materials here.

Speakers: Jo-Fan Yu, Manh Hung Tran, Toby Patten, Zhenyu "Jay" Ruan and Dominic Edmondson

Related webinars

Global sessions

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 2 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World: Data Privacy Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World - Data Privacy Global Update - Session 2 (Webinar)

Europe sessions

Europe: Deciphering Data Webinar Series - Managing Workforce Data (Webinar)

Europe: Deciphering Data Webinar Series - When Data Goes Wrong - Enforcement and Litigation Trends Across Europe (Webinar)

Europe: Deciphering Data Webinar Series - Cookies and Online Advertising - Recent Trends in Europe (Webinar)

Europe: Deciphering Data Webinar Series - International Data Transfers - What’s Next? (Webinar)

Asia Pacific sessions

Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)

Contact Information
Toby Patten
Partner at BakerMcKenzie
Read my Bio
Jo-Fan Yu
Partner at BakerMcKenzie
Read my Bio
Dominic Edmondson
Special Counsel at BakerMcKenzie
Hong Kong
Read my Bio

Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.