APRIL 26 — Personal data now transcends national borders, resulting in a substantial shift in how we perceive and manage such information. The concept of personal data flow is now rapidly evolving and prompting us to understand its implications and how technology empowers us.

Cross-border data transfer emerges as an important characteristic in contemporary data processing . The increasing demand for efficiency and speed in business necessitates the requirement of multiple locations for processing and storing data.

In 2021, The World Bank estimated by 2022 the growth in global data traffic is projected to ‘increase by about 50 per cent from 2020 levels’, equivalent to 150,000 Gigabytes (GB) per second. Personal data are expected to represent a noteworthy share of cross-border data transfer .

Trust has become increasingly pertinent in cross-border data transfer discourse. Japanese Government has recently sought to operationalise Data Free Flow with Trust (DFFT), a concept that seeks to promote trust in cross-border data transfer as its core principle. DFFT seeks to promote free data flows to foster economic growth while safeguarding individual privacy, national security, and Intellectual Property (IP) through trusted regulations .

Advertisement

The foundation principle of every cross-border data flow mechanism is trust. Trust is especially pertinent as countries confront numerous barriers in cross-border data flows, primarily due to differing regulatory demands and interpretations. But what constitutes trust requires clarification, and that clarity is bound to different interpretations and implementations in different countries .

Data protection change in Malaysia

The upcoming revision of Malaysia’s data protection regime under the Personal Data Protection Act 2010 (PDPA 2010) is designed to effect changes and improvements, driven to enhance and accelerate trust domestically and internationally. This is also to move Malaysia towards global standards and recognition.

Advertisement

One of the proposed amendments is to eliminate the Whitelist policy in cross-border data transfer and to fortify the adequacy requirement. Adequacy provision as stated in Section 129 of PDPA 2010 ensures a safeguard in cross-border data transfer to place that in force any law which is substantially similar to this Act, or that serves the same purposes as this Act, or that place ensures an adequate level of protection in relation to the processing of personal data which is at least equivalent.

As a result of the continuous effort to put Malaysia on a global data transfer safe map, Personal Data Protection Commissioner Malaysia (PDP) has been accepted to be a member of the Asia Pacific Economic Cooperation (Apec) Cross-border Privacy Enforcement Arrangement (CPEA) in August 2023, alongside Singapore and the Philippines. Currently, PDP is actively preparing to participate in the Apec Cross Border Privacy Rules (CBPR), a government-backed data privacy certification that companies can voluntarily join to demonstrate compliance with international standards of data privacy.

The upcoming revision of Malaysia’s data protection regime under the Personal Data Protection Act 2010 (PDPA 2010) is designed to effect changes and improvements, driven to enhance and accelerate trust domestically and internationally. This is also to move Malaysia towards global standards and recognition. — iStock pic

Recently, PDP has also strengthened cooperation with Personal Information Protection Commission Japan (PPC Japan) and Personal Information Protection Commission of Korea (PIPC Korea) in developing collaboration in the field of personal data protection policies and privacy enhancement technology exchange. Simultaneously, PDP is developing guidelines on cross-border data transfer mechanisms to facilitate businesses in ensuring that cross-border data transfer occurs in a secure and guided manner. Consequently, this will significantly create a more conducive environment for cross-border data flow.

The amendment of PDPA 2010 and participation in the global cross-border data flow platforms such as DFFT and CBPR indicate PDP’s determination to enhance trust at domestic and international. Alas, earning trust is essential, whether on a global or domestic scale.

* References:

1. World Economic Forum, link here.

2. The World Bank, link here.

3. Centre for Strategic and International Studies (CSIS), link here.

4. Japan Digital Agency, link here.

* This is the personal opinion of the writer or publication and does not necessarily represent the views of Malay Mail.