Hogan Lovells - Asia-Pacific Data, Privacy and Cybersecurity Guide 2025 - Flipbook - Page 9
Asia-Pacific Data Privacy and Cybersecurity Guide 2025
jurisdictions, and then finally adjusting the
remainder to achieve compliance in most
(if not all) jurisdictions, recognising that
there may be a need for “topping up” in
APAC jurisdictions that have exceptional
requirements in particular areas.
To provide an example, direct marketing
regulation, in APAC remains a patchwork, with
technical requirements that are specific to each
jurisdiction, whether under the data protection
law itself or under anti-spam laws, internet
regulation or consumer protection laws. The
result on this front is that some jurisdictions
require discrete or unbundled opt-in or opt-out
consents, sometimes with exemptions,
sometimes without, some jurisdictions with
“do not call” registers and some jurisdictions
with specific formalities that must be adhered
to in direct marketing communications, such as
incorporating “ADV” or some equivalent form
of indicator in message headings.
What to watch for in 2025
We expect data protection and cybersecurity
regulatory development to continue at a rapid
pace during 2025.
Key points to watch for:
· China’s economic challenges seem to have
led to a relaxation of cross-border transfer
regulation, but as the security agenda
continues to move forward in the world’s
second largest economy, watch for further
clarification in the regulation of “important
data” and in the handling of “work secrets”.
· As artificial intelligence continues
to dominate discussions of digital
transformation globally, data protection
authorities have been pushed to the fore
as presumptive leaders in formulating
official policy. As the considerations for AI
regulation touch on many issues beyond data
protection,watch for movements by industry
9
regulators and the start of an important
regulatory dialogue in this space.
· The implementation of India’s Digital
Personal Data Protection Act will bring the
world’s most populous nation into the fold of
comprehensive data protection regulation,
an important new contributor to the policy
debate in APAC.
