Hogan Lovells - Asia-Pacific Data, Privacy and Cybersecurity Guide 2025 - Flipbook - Page 49
Asia-Pacific Data Privacy and Cybersecurity Guide 2025
Guidance): encourages developers seeking
to use personal information to develop and
train AI models to, amongst other things:
(i) ensure accuracy through using quality
data sets and proper testing; (ii) recognise
privacy risks in web-scraping; (iii) obtain
consent where sensitive information is
scraped online or obtained from third-party
datasets; and (iv) assess the purpose and
legal basis for using existing personal data,
ensuring individuals can withdraw consent
if needed. Guidance on privacy and the
use of commercially available AI products
(Business AI Guidance): advises businesses
to ensure privacy by, amongst other things:
(i) conducting due diligence on AI products;
(ii) transparently informing users about
AI’s personal information usage; and (iii)
adhering to Australian Privacy Principles
(APP) regarding data collection. It also
emphasises the need for explicit consent
for AI training and warns against entering
sensitive data into public AI tools.
We expect Australian regulators will continue
to work closely with its overseas counterparts.
In 2023, the Australian Signals Directorate
jointly released cybersecurity guidance on
Secure-by-Design memory safe roadmaps, in
partnership with the U.S. Cybersecurity and
Infrastructure Security Agency (CISA), National
Security Agency (NSA), Federal Bureau of
Investigation (FBI), Canadian Centre for Cyber
Security (CCCS), New Zealand National Cyber
Security Centre (NCSC-NZ) and Computer
Emergency Response Team New Zealand
(CERT NZ) and United Kingdom’s National
Cyber Security Centre (NCSC-UK). There is
a strong emphasis on requiring technology
providers and software manufacturers to
prioritise design and implementation practices
to minimise customer risk and vulnerabilities
in their products.
49
