By Tiffany Li*
As of publication date, University of New South Wales Law Professor Graham Greenleaf’s Asian Data Privacy Laws: Trade and Human Rights Perspectives is the only comprehensive book available that examines and aggregates the privacy laws of countries across Asia. This is important because on an international level, Asian privacy law is relatively underdeveloped when compared with the privacy law of other regions including the Americas and Europe. With the rise of Asia as an economic and technological powerhouse, Asian privacy laws are becoming increasingly crucial to any serious study of international privacy law. Understanding the current status of privacy laws in Asia is also essential for any U.S. or international entity that seeks to influence or adapt to the future direction of privacy law both in Asia and, by extension, the world.
In this landmark treatise, Greenleaf begins with an overview of the international field of privacy law as it currently stands, situating Asian data privacy law within the context of (a) the larger history of Asian privacy protection and (b) the wide range of privacy regimes in other regions of the world. The book then continues with proposed methodological standards for comparing privacy laws across Asia, before delving into the laws of each nation, with dedicated chapters for Hong Kong, South Korea, Taiwan, China, Japan, Macau, Singapore, Malaysia and other ASEAN nations, as well as India and other SAARC nations.
Though the intricacies of each Asian nation’s particular collection of privacy regulations and case law are fascinating to read, Greenleaf’s treatise has greater impact when taking into account the prominent role that Asian privacy laws will have in the future geopolitical economy. While Greenleaf’s treatise on Asian data privacy laws obviously does not focus on the U.S., the treatise is a welcome addition to the foundational reference materials for any U.S. privacy scholar, given the growing importance of Asian and international privacy laws on the future of the U.S. private sector.
From a U.S. perspective, this book, and Asian privacy law in general, may perhaps be most enlightening because of the impact of developing Asian privacy laws on the livelihood of U.S. corporations. In terms of privacy law, the U.S. favors a sectorial approach, with no omnibus national privacy law. Instead, privacy law in the U.S. is ruled by different laws and regulations for each sector—HIPAA for health data privacy, ECPA for e-mail privacy, RFPA and other related laws for consumer financial information privacy, and so on.
In contrast, most other nations and regions with well-developed privacy laws generally have centralized omnibus laws that apply to all sectors of industry—the most well-known and most influential of these laws being the E.U. Data Protection Directive. On a global scale, the U.S. sectorial approach to privacy law has been heavily debated, criticized as American exceptionalism by some (including Greenleaf), but defended as uniquely adapted to U.S. needs by others.
As Asian countries develop stronger privacy regimes, it is likely that, as Greenleaf proposes, the E.U. Directive and other omnibus privacy regulations will have heavy influence over the direction of Asian privacy laws. In the same vein, Greenleaf argues that U.S. privacy laws will have less influence on the future development of Asian privacy laws. Greenleaf explains:
“Although the influence of US companies and its government will remain extremely important, the USA is in an increasingly isolated position in not having a national data privacy law covering its private sector, and this puts it in an increasingly defensive position when attempting to influence global data privacy standards.”
While it is overly simplistic to state that the U.S. has an ingrained national tendency toward business-friendly laws, it is not too extreme to suggest that American corporations (particularly in the information technology sector) have a strongly vested interest in ensuring that the U.S. maintains some degree of influence on the future trajectory of privacy laws in Asia and the world at large. As such, an understanding of Asian data privacy laws is essential for the U.S. tech sector, and comprehensive treatises like Greenleaf’s should not be overlooked by the American legal community.
Throughout the treatise, Greenleaf includes much more thoughtful analysis on a variety of topics regarding the past, present, and future of Asian data privacy laws. The book’s greatest strength is its comprehensiveness, though the book excels more in breadth than depth (understandably, given the size of the topic and the fact that this is, after all, a general treatise addressing laws from all of Asia). In particular, more attention could have been paid to discussions of the cultural and sociopolitical environments of each nation and the manner in which privacy laws will or should best develop accordingly. Additionally, though Greenleaf offers compelling arguments for rejecting the weight much modern privacy scholarship has given to the influence of the APEC principles, his analysis (when delivered in brief) is perhaps too readily dismissive.
Greenleaf concludes the treatise with “cautious optimism” for the future of Asian data privacy laws. He emphasizes that though Asian data privacy laws are still in their relative infancy, he believes that “there are grounds for optimism, but not overconfidence, that in future they will restore a better balance between the human right of privacy and other interests.” It is impossible to divine exactly how Asian privacy law will develop, but with this treatise, Greenleaf has created a laudable resource for privacy scholars in the U.S. and abroad.
*Tiffany C. Li is a Privacy Fellow at the Wikimedia Foundation. (Opinions expressed in this article are those of the author and do not necessarily reflect those of the Wikimedia Foundation or any other entity.) Tiffany is also a Certified Information Privacy Professional (CIPP/US, CIPP/E) and a 2014 graduate of Georgetown Law. Follow her on Twitter at .