Law: There is no general personal data protection law applicable across the Asia-Pacific.
Regulator: There is no general personal data protection regulator applicable across the Asia-Pacific.
Summary: There are multiple groups of jurisdictions that are formally established within the Asia-Pacific region. Of these, the two most influential in relation to personal data protection are the Asia-Pacific Economic Cooperation ('APEC') and the Association of Southeast Asian Nations ('ASEAN'). Both of these groups have issued several frameworks and pieces of guidance to instruct governments and guide uniform approaches to personal data protection. While most of these are non-binding, some have more significant effects. The Asia-Pacific Economic Cooperation Cross-Border Privacy Rules ('APEC CBPR') system, for instance, is a data transfer mechanism that enables the free flow of personal data among participating economies where certain requirements are met. In addition, bespoke agreements are regularly made between jurisdictions to enable data sharing or align data protection practices. Although there is notable disparity among approaches to data protection within the Asia-Pacific region, these groups and agreements are seeking to establish essential standards and promote harmonisation.