Yogyakarta, April 27th 2020—Center for Digital Society or CfDS Fisipol UGM held a second session of Digitalk#39 with the theme of “Data Privacy Concepts and Regulation” that lasted from 27th April to 30th April 2020. The first recorded video, which is Talk 4 with the title of “Protecting Personal Data and Privacy in Southeast Asia: Going Somewhere or Nowhere” had been posted on Monday afternoon on 5 pm at CfDS’s Youtube channel. The video that lasted for 25 minutes and 18 seconds was filled by a speaker from Thailand with the name of Sutawan Chanprasert, a founder of DigitalReach, a human rights company based in Southeast Asia.
Talk 4 started with a briefing about the legal landscape of personal data protection in Southeast Asia. In this case, the GDPR (General Data Protection Regulation) is meant to warn Southeast Asia countries to pay more attention to personal data protection. In Southeast Asia, there are already three countries that adopts GDPR; Malaysia, Singapore, and Philippine. The adoption of GDPR makes these three countries pay more attention to the laws in their own country. Some even show the intention or is currently in the process of reassessing laws so that it is in line with GDPR. Other than that, Thailand and Indonesia published their own version of personal data protection laws on 2019.
“GDPR is a bank for general data protection laws in Southeast Asia countries that already have their own laws regarding personal data protection. It is aimed to push countries to reassess the existing laws in their countries and to persuade those that doesn’t have laws regarding this topic to apply the laws. It was adopted on 2018,” Sutawan explained.
A strong law regarding personal data privacy is paramount for every nation. This is because it can help protect citizen’s private data from data exploitation through incidents such as cyber crime, misuse of personal data, and surveillance. The same goes for companies. Without data protection laws, the chance of the exploitation of personal data increases because there is no law about how a stakeholder should use personal data. Currently, there are no Southeast Asia countries that have personal data protection laws and mechanism on par with the European Union. According to Organisation for Economic Co-operation and Development (OACD), nation’s hindrance from private data protection with the excuse of national security should be as minimal as possible and all laws should be transparent to the public.
“Changing the law to fix these issues can be challenging. However, reformation of a set of laws is needed to create a strong data protection,” Sutawan said.
Next, the speaker gave a case study of when Southeast Asia was exploited by a foreign non-state actor through the Cambridge Analytica incident. On 2016, Philippine had an election that led to the victory of Rodrigo Duterte. It was documented that companies have a role in making Duterte win. Because of the weak regulation, the nation became a playing ground for companies to test their strategy and get away easily. Some leaked documents from a former staff of company also shows that Najib Razak, the ex-Prime Minister of Malaysia, might win the 2018 election if the scandal had not been made public beforehand. “Big technology can still reap and exploit data,” he argued.
There are several countries in Southeast Asia that plans to have the 5G technology. Those countries already have new wireless technology that will create a significant impact. It will allow smart projects all over the country with the aim of creating economic progress while disregarding its impact on privacy. Smart cities will be activated with Internet of Things, Digital IDs, and the collection of bio metric data.
The idea of data colonization emerge when a foreign entity seems to reap data for their own gain. In this case, there are two blocs – Chinese and the West – that uses Southeast Asia as their battleground. China agrees to provide technology infrastructure such as 5G to Southeast Asian countries such as Thailand, Cambodia, Malaysia, and Philippines. “The exploitation of data by non-state actors especially by big technology companies have to be paid attention to by the government. The use of technology and controversial innovation such as face recognition and digital ID’s effect to human rights have to be paid attention to by authorities,” he added.