ASEAN governance on data privacy : challenges to regional protection of data privacy and personal data in cyberspace

Abstract

This independent study explores how the cornerstone norms of the Association of Southeast Asian Nations (ASEAN), mostly referred as the ASEAN way, play significant role in forming the regional governance on data privacy and involves the answer that it poses challenges to the region in protecting their citizen’s personal data in cyberspace. This study investigates and compares the existing regimes regarding to data privacy in cyberspace at international, regional and domestic levels. To estimate the efficacy of ASEAN governance on data privacy and personal data protection, the analysis of study is based on the associations’ normative structure. Particularly, it searches what are the challenges to regional governance and how to overcome them. The findings of this study reveal that ASEAN norms, which emphasize on non-interference of internal affairs, non-binding legalism and consultative approaches for dispute settlement, poses challenges toward the efficient and functional governance on data privacy. It is true that international community try to promote privacy safeguard in order to establish good environment of digital economy while there is yet single accepted regime of this issue area in cyberspace. ASEAN also adopted basic principles from the international frameworks but localized in a way that suits with their norms.

First of all, ASEAN Framework on Personal Data Protection is the least common condition that everyone agrees with. In other word, the framework provides flexibility for states to adopt or not to adopt and it carves out any obligation related to sovereignty and national security. At a result, the privacy safeguards rely on domestic governance of each ASEAN member. Furthermore, there is a huge gap in technological and economic capacities among ASEAN members so that they have different motives to produce privacy safeguard. Their heterogeneity impacts the harmonization of the association’s privacy safeguard which is transnational and non-traditional issue that requires more integrated response. With respect to the fact that privacy rights are inseparable from the value of human rights, ASEAN normative structure reserves state’s sovereignty and prevents the stemming of human rights violations conducted by states themselves. Despite the official documents portraying the acceptance of universal values of human rights, ASEAN simply localizes those concepts in accordance with their norms. At a result, the existing mechanisms are impractical and non-functional. In line with the infringement of human rights, authoritarian states in ASEAN likely adopt new regulations including Personal Data Protect Acts for state surveillance, abuse of people’s privacy and deprivation of freedom of speech on the Internet. Also, both regional and domestic governance barely allows the participation of non-state actors, contrary to its promotion as a people-centric community. To overcome the challenges, the reformation of ASEAN norms is inevitable if the association would like to create functional cooperation to deal with transnational issue such as infringement of privacy rights in cyberspace.