PI hosts workshop in Bangkok on Privacy in Asia

Privacy International

28/05/2009

Background & Objectives

Privacy International ran a three-day workshop in Bangkok from May 22 to May 24 with partners from Bangladesh, Hong Kong, India, Nepal, Pakistan, the Philippines, and Thailand.

This workshop constitutes the preparatory stage of a larger proposed project on researching and advancing privacy protections in developing countries in Asia. It builds on our work over the past year in doing a review of the policy and political landscapes in the region, which included doing work in India, Malaysia, Pakistan, the Philippines, and Thailand. We brought our key partners and other specialists and experts in the region to our workshop in Bangkok.

The primary objective of our future work is to research the state of privacy laws and safeguards in a number of Asian developing countries, and consequently identify and engage with civil society, and key regional institutions and policy actors to create a richer privacy policy debate. To reach this objective, we held the workshop in order to build the capacities of our partners in the region. We presented on the dynamics of a variety of privacy issues; shared ideas on strategies and offered guidance on building strategic partnerships in different cultural and political contexts; and just shared ideas and experiences from around the world.

Workshop Design

The first part of the workshop consisted of capacity building sessions on privacy issues. While PI staff members ran some of these sessions, we also invited world-leading experts from the London School of Economics and Political Science and the American Civil Liberties Union. Some of the topics discussed included the importance of privacy and transparency as enablers of democratic processes, the value of legal protections for citizen privacy and security, identity management systems, as well as the risks associated with communications surveillance and DNA databases. Policy experts further offered comprehensive reviews of the state of international best practices and regulatory regimes, as well as an update on the APEC Privacy initiative.

The above capacity building exercises were followed by country specific presentations delivered by our partners from the region highlighting a variety of challenges for privacy protection in their countries. Partners spoke about their perception of privacy and the challenges that stem from cultural differences, as well as the legal and political systems. There was a strong interest in privacy across variety of issues such as mobile telephony, ID cards, consumer protections, media privacy and constitutional safeguards. However, some of the challenges that emerged across the region included: little awareness of privacy rights, a lack of coherent approach to ensuring that privacy is an integral part of the policy making process, and the lack of comprehensive national privacy laws.

One country specific development that was highlighted was the pending Data Privacy Law in the Philippines, originally modeled after the European Data Protection Directive. However, the policy environment in the Philippines is considered somewhat problematic as commercial interests primarily drive it. Due to the positioning of the Philippines as an outsourcing hub, the latter has a strong focus on data protection, rather than privacy. Other looming issues in the Philippines include: communications surveillance plans to require intercept-capability and communications data access; provisions for data retention embedded in their Cybercrime Bill; the introduction of a national ID system; and mandatory mobile SIM registration.

Similarly, Pakistan finds itself at a critical turn in its privacy protection history as it has recently introduced Electronic Transaction Ordnance and also has a draft Data Protection Act in the making. Blanket communications data retention is an emerging major privacy concern there, as well as the other components of its ‘Cybercrime ordinance’. Anti-terror proposals in Pakistan are certainly stretching the definition of ‘terrorism’ while expanding government powers, granting national law enforcement agencies direct access to citizen data stored in databases. We identified some opportunities as well, however, such as offering capacity building to the judiciary as they are in need of an understanding of the issues around data protection in the digital world.

Despite the fact that Hong Kong is one of the few countries in Asia with a Data Protection law in place (Personal Data Privacy Ordinance, enacted in 1995) and a Privacy Commission Officer, it is still struggling with the regulation of covert surveillance by the government. Other privacy related challenges it faces are privacy invasion by the media and stalking.

Thailand has no comprehensive privacy law in place. A data protection law is however currently being drafted in an attempt to accommodate the European Data Protection adequacy requirement and enable trans-border data flows to Thailand. And the Thai constitution has a specific statement calling for privacy protections, but this has not been enforced to date. Thai society has generally low privacy awareness relating to ICTs, often overtaken by a desire for increased efficiency. This has become problematic in particular in relation to proposals for mandatory smart ID cards. If citizens’ privacy is to be adequately protected, such an initiative needs to be accompanied by both public awareness campaigns and robust legislation.

Further Work

These presentations and exercises will now form the basis of further capacity building at the national level of partner countries. This workshop has not only equipped us with a better understanding of the state of law but also helped us identify some of the more pressing privacy challenges in the region. Having laid the theoretical and practical foundations, we hope to begin active engagement with policy actors and civil society representatives in each country to promote privacy issues and initiate a truly constructive and informative debate in the region.

As this is no easy task, in order to achieve it, much more work will be required, including the launch of public awareness campaigns, the development of national and global knowledge sharing initiatives and educational tools, as well as further topical research, and last but not least, the design of a methodology for the adequate evaluation and assessment of the progress made.

<< Back

Email us at privacyint@privacy.org.
Call on +44 (0)208.123.7933.
Privacy Policy - About PI - Support PI