Data Governance and the Digital Economy in Asia

Paul CHEUNG is a Professor (Practice) at the Lee Kuan Yew School of Public Policy, National University of Singapore. LIU Jingting is a research fellow at the Asia Competitiveness Institute, Lee Kuan Yew School of Public Policy, National University of Singapore. Ulrike SENGSTSCHMID is a research analyst at the Asia Competitiveness Institute.

List of Figures

List of Tables

List of Boxes

List of Contributors

Acknowledgements

List of Acronyms and Abbreviations

Chapter 1 Introduction

Paul Cheung, Liu Jingting, Ulrike Sengstschmid

References

Chapter 2 Emerging Divergence: Distinct Data Regulatory Models Around the World

Jesslene Lee

2.1 Introduction

2.2 Rule-Making through Trade Agreements

2.2.1 Diffusion of Trade Rules

2.2.2 Global Data Governance: Are Distinct Regulatory Regimes Emerging?

2.3 Data Rules in Trade Agreements

2.3.1 Data Protection

2.3.2 Cross-Border Data Flows

2.4 Assessing the Emergence of Distinct Regulatory Regimes

2.4.1 Who are the Rule-Makers?

2.4.2 Diverging Priorities on Salient Issues

2.5 Where does ASEAN Stand?

2.6 Conclusion

References

Appendix

Chapter 3 Digital Personal Data Protection Act, 2023: Charting the Future of India’s Data Regulation

Nidhi Gupta, Ammu George

3.1 Introduction

3.2 Analysis of the Provisions of India’s Digital Personal Data Protection Act, 2023

3.2.1 Scope of the Act is Ambiguous when Defining “Person”

3.2.2 Extensive Rights Provided to Data Principals

3.2.3 Obligations Mandated from Data Fiduciaries

3.2.4 Establishment of the Data Protection Board of India

3.3. Implications of the DPDP Act for Digital Businesses

3.3.1 Pro-Business Provisions of the DPDP Act

3.3.2 Provisions of the DPDP Act Negatively Impacting Businesses

3.4. Conclusion

References

Chapter 4 China’s Cross-Border Data Flow Policies and Implications for Investments

Liu Jingting, Ulrike Sengstschmid, Ge Yixuan

4.1 Introduction

4.2 Overview of China’s Data Protection Legal Framework

4.2.1 Mechanisms for Transferring Data Out of China

4.2.2 Users’ Rights

4.3 Comparing the PIPL and GDPR

4.3.1 Similarities

4.3.2. Differences

4.3.3 Comparing Cross-Border Data Transfer Mechanisms

4.4 Implications

4.4.1 Increasing Operating Costs

4.4.2 Increasing Market Concentration

4.4.3 Competitiveness and Innovation

4.4.4 Regulatory Restrictions and Investments

4.4.5 How Firms are Adjusting to the Regulations

4.5 Looking Ahead: China and the Global Policy Environment

4.6 Conclusion

References

Chapter 5 Improving the Digital Connectivity Between South Korea and ASEAN Through Data

Ji Eun Song, Ulrike Sengstschmid, Ni Xu, Ge Yixuan, Liu Jingting

5.1 Introduction

5.2 Data Regulation in South Korea

5.2.1 Overview of South Korea’s Data Regulation: Comparison with Rest of the World

5.2.2 Personal Information Protection Act (PIPA)

5.3. Cross-border data flows between South Korea and the Rest of the World: Challenges

5.4. Cross-Border Data Transfer Mechanisms of South Korea

5.4.1. Major Global Data Governance Frameworks

5.4.2. Free Trade Agreements

5.4.3 Certification

5.4.4 Adequacy Decision

5.5 Cross-border Data Transfer Between Korea and ASEAN

5.5.1 A Comparison Between Korea and Singapore

5.6. Policy Outlook: Greater Engagement

5.7. Conclusion

References

Chapter 6 Vietnam – Striking a Balance Between National Security and External Pressures

Banh Thi Hang, Phan Thi Hong Hanh

6.1. Introduction

6.2. Fundamental Data Regulations in Vietnam

6.2.1. Taxonomy of Data Regulations

6.2.2. Overview of Data Governance in Vietnam

6.3. Comparing Data Regulations in Vietnam's Domestic Regulations and Multilateral Agreements

6.3.2 Comparison in Key Areas of Data Regulations

6.3.3 Conformity Analysis

6.4. A Comparison with Other Countries

6.4.1 Data Localisation

6.4.2 Cross-Border Data Flow

6.4.3 Privacy and Data Protection

6.5. Conclusion

References

Appendices

Appendix 6.1. Developments of Data Localisation Requirement in the EU

Appendix 6.2. Cross-Border Data Transfer Regulations in the US

Chapter 7 Facilitating Data Flows Across ASEAN: Challenges and Policy Directions

Liu Jingting, Ulrike Sengstschmid, Ge Yixuan

7.1 Introduction

7.2 Literature Review

7.2.1 Far-Reaching Impacts of Cross-Border Data Flow Regulations

7.2.2 Challenges for ASEAN Businesses Posed by Data Regulations

7.2.3 External Influences on Data Regulation

7.3 ASEAN’s Diverse Personal Data Protection Landscape

7.3.1 The Open, Conditional, and Control Model of Data Governance

7.4 Remaining Obstacles for Businesses in Cross-Border Data Flows

7.4.1 ASEAN Model Contractual Clauses: Modifications & Legal Status

7.4.2 Interoperability Roadblocks: Incompatibility in National Legislations

7.4.3 Data Compliance Disparity: Unique Challenges for SMEs

7.5 Vietnam’s New Personal Data Protection Decree

7.6 Future Policy Directions

7.6.1 Growing External Influence

7.6.2 Policy Roadmap

7.7 Conclusion

References

Chapter 8 Further Steps for ASEAN’s Digital Integration: DEFA

Liu Jingting, Ulrike Sengstschmid

8.1 Key Takeaways

8.1.1 Policy Fragmentation Carries over into the Digital Governance Space

8.1.2. ASEAN’s Asian Trading Partners Lean Towards the Conditional Model

8.1.3. Intra-ASEAN Fragmentation Challenges Digital Integration

8.1.4. Ambiguity Abounds in Regional Mechanisms

8.2. DEFA: ASEAN’s Opportunity to Write Own Rules and Upgrade Digital Integration

8.3. Limitations: Working in an Evolving Policy Space

References