![\"Grab](\"https:\/\/assets.grab.com\/wp-content\/uploads\/sites\/4\/2023\/02\/01120430\/5.jpg\")
<\/p>\n<\/p>\n
Southeast Asia is on its path to becoming a <\/span>$1 trillion digital economy<\/span><\/a> by 2030 and data is its lifeblood. Naturally, this has led to concerns about how the vast amounts of\u00a0 data being collected are protected from misuse. That begs the questions – what can individuals, companies, and governments do to develop a trustworthy data protection ecosystem?\u00a0<\/span><\/p>\n To unpack these pressing questions, the Grab Public Affairs team invited regional experts from local businesses, think tanks, and regulators to our podcast, <\/span>Grab Conversations on Air<\/span><\/a>, to discuss the state of data protection in the region, focusing on cross-border data flows and data governance \/ privacy.<\/span><\/p>\n You can listen to the four episodes here \u2013 <\/span>The Basics<\/span><\/a>; <\/span>Thailand\u2019s Regulatory Perspective<\/span><\/a>; <\/span>Singapore\u2019s Regulatory Perspective<\/span><\/a>; <\/span>Small and Medium Businesses\u2019 Large Challenges<\/span><\/a> and find the transcripts on our <\/span>blog<\/span><\/a>.<\/span><\/p>\n For a summary of the conversations, read on.<\/span><\/p>\n <\/p>\n Data privacy and data protection are often referred to as synonymous concepts. However as Josh Lee, MD APAC of the Future of Privacy Forum clarifies in <\/span>Episode 1<\/span><\/a>, data protection needs to address the personal interests of users\/consumers as well as the economic interests of companies to ensure that both privacy and innovation are protected.<\/span><\/p>\n Southeast Asian governments have also come to recognise the importance of balancing these two sides.<\/span> Singapore<\/span><\/a>,\u00a0 <\/span>Malaysia<\/span><\/a>, and <\/span>the Philippines<\/span><\/a> enacted comprehensive Personal Data Protection Acts (PDPA) in the early 2010s, while <\/span>Thailand<\/span><\/a> and <\/span>Indonesia<\/span><\/a> enacted theirs in 2019 and 2022, respectively. While striving to protect their citizens\u2019 personal data, these countries left space for their digital economy to grow. The region\u2019s digital economy is expected to <\/span>grow by 20% <\/span><\/a>year-on-year despite the pandemic.\u00a0<\/span><\/p>\n Cross-border data flows partially have contributed to this growth by allowing businesses in the region to access new markets and customers, increasing efficiency, and improving service delivery.<\/span> They also improve delivery of services to citizens.\u00a0<\/span><\/p>\n \u201cThe free flow of data across borders, like blood in somebody\u2019s system, is essential to making this digital economy and the benefits of it possible.\u201d<\/span><\/i><\/p>\n Josh Lee, Managing Director Asia-Pacific of the Future of Privacy Forum<\/b><\/p><\/blockquote>\n <\/p>\n In Episodes <\/span>2<\/span><\/a> & <\/span>3<\/span><\/a>, we study Thailand and Singapore\u2019s approaches to examine how they\u2019ve struck a balance between data protection and data innovation. Singapore enacted its PDPA in 2013 in an effort to safeguard the growing digital economy at the time. In parallel, Singapore positioned itself as a regional hub for data storage, analytics, and governance. According to Francis Zhang, Policy Lead at Singapore Personal Data Protection Commission (PDPC), Singapore is keen on being a data-driven economy and supports cross-border data flows.\u00a0<\/span><\/p>\n \u201cSingapore PDPC focuses not just on data protection but also data innovation. We want businesses to use data, including transferred data, in a safe and legitimate way but also allow them to innovate.\u201d<\/span><\/i><\/p>\n Francis Zhang, Policy Lead at Singapore PDPC<\/b><\/p><\/blockquote>\n Thailand has taken a similar approach. Dr. Prapanpong Khumon, Adviser to the Secretary-General of the Thailand PDPC, highlighted that Thailand recognised the importance of being able to mobilise data across borders to foster innovation for economic growth. Data mobilisation aligns with the country\u2019s plan to shift the economy from being labour-intensive to data-driven.\u00a0<\/span><\/p>\n \u201cThailand’s economy is made up of a large proportion of small and medium enterprises. Based on research and recent findings, the economic contribution of those enterprises is expected to grow to trillions and lead to economic growth of the Thai economy if SMEs can go fully digital by being able to mobilise data across borders.\u201c<\/span><\/i><\/p>\n Dr. Prapanpong Khumon, Adviser to the Secretary-General of the Thailand PDPC\u00a0<\/b><\/p><\/blockquote>\n <\/p>\n With each country in Southeast Asia enacting their own data protection laws, both \u2013 enforcement authorities and industry \u2013 face challenges. Regulators need to address challenges posed by (1) extra-territoriality of laws, i.e., the legal ability of other governments to exercise authority beyond their national boundaries, and (2) by forum shopping, i.e., organisations exploiting differences in data protection laws to select a country or territory or jurisdiction with a weaker data protection law while still having a presence in other jurisdictions. Industry players, particularly SMEs, suffer from lack of awareness about regulation, language barriers, unclear implementation guidance, and disparate standards and scope of laws across different countries.\u00a0<\/span><\/p>\n Since the maturity of PDP laws varies across countries in the region, there have been concerted efforts to harmonise regulatory requirements across the region. Regional solutions include:<\/span><\/p>\n Additionally, to maintain the privacy and security of data during international transfers, organisations can also use Privacy enhancing technologies (PETs). PETs safeguard personal data using technologies such as differential privacy, homomorphic encryption, federated learning, and multi-party computing, among others.\u00a0 Singapore launched a <\/span>PET Sandbox<\/span><\/a> in 2022 to help businesses experiment with PETs, match them with qualified PET solution providers, and provide regulatory support.<\/span><\/p>\n <\/p>\nWhat Data Protection and Free Data Flows Mean in Southeast Asia<\/b><\/h1>\n
Data Protection in Singapore and Thailand<\/b><\/h1>\n
Region-wide Efforts for Harmonisation of Cross-border Data Flows<\/b><\/h1>\n
\n
Practical Challenges for Businesses<\/b><\/h1>\n