Discussion Highlights from Japan's Second Privacy Symposium: Data Protection Officials from Around the World Share Their 2025 Goals, Delving into AI Integration and Cross-Regulation Cooperation

Discussion Highlights from Japan's Second Privacy Symposium: Data Protection Officials from Around the World Share Their 2025 Goals, Delving into AI Integration and Cross-Regulation Cooperation

The Second Japan Privacy Symposium, an official side-event of the 62nd Asia-Pacific Privacy Authorities (APPA) Forum (APPA 62), brought together leading data protection authorities (DPAs) from around the world to discuss pressing issues in privacy and data governance. The event, hosted by the Personal Information Protection Commission of Japan (PPC) in Tokyo on November 15, 2024, highlighted the need for continued dialogue, cooperation, and information-sharing among global DPAs.

Commissioner Shuhei Oshima from the PPC delivered the opening keynote, setting the stage for insightful discussions on international collaboration, artificial intelligence (AI) governance, and the evolving landscape of data protection laws.

One of the central themes of the Symposium was the common priorities for APAC's major DPAs in 2024 and beyond. These priorities focus on enhancing cybersecurity resilience, broadening regulatory oversight, and advancing data governance frameworks to address evolving technological and geopolitical challenges.

Expanding regulatory scopes is a key priority, with countries like Singapore amending their cybersecurity laws to cover not only critical infrastructure but also digital service providers and foundational digital infrastructure. This ensures stronger accountability and special designations for sensitive entities.

Strengthening operational resilience and cross-sector collaboration is another significant focus, as illustrated by Australia's amendments to its Security of Critical Infrastructure Act. These changes clarify data storage system regulations and broaden government powers to respond to cyber incidents, reflecting a trend toward integrated, risk-based governance.

Responding to increasingly sophisticated and geopolitically charged cyber threats is also a top concern for APAC DPAs. The region faces elevated espionage-motivated cyberattacks requiring proactive and coordinated defenses.

Bridging the digital divide and modernizing legacy infrastructure is another crucial aspect of APAC's policy agenda. Public sector cybersecurity initiatives emphasize elevating digital infrastructure standards, ensuring equitable digital access, and overcoming legacy technology hurdles that inhibit data sharing and scaling up secure services.

Integrating privacy with emerging technologies like AI is another ongoing legislative development across APAC. Rules on AI as well as data protection are being developed to balance innovation with privacy and accountability.

Enhancing transparency, data handling practices, and consent mechanisms is another priority, reflecting global trends. Regulators are emphasizing robust data protection to maintain consumer trust amid rising privacy-related litigation and risks.

Thailand's Personal Data Protection Commission (PDPC) is prioritizing cross-border data transfers, having issued subordinate laws related to this area and adopted ASEAN Model Contractual Clauses (MCCs) and EU Standard Contractual Clauses (SCCs) in their subordinate laws.

Malaysia's Personal Data Protection Act (PDPA) has been amended to require the appointment of a Data Protection Officer, implement a mandatory data breach notification system, introduce responsibilities for data processors, provide data portability rights, revise conditions for cross-border data transfers, and increase penalties for non-compliance. Commissioner Nazri of Malaysia's PDPA is planning to issue 19 new documents in tranches throughout 2025.

California's CPPA is deeply engaged in rule-making, especially in areas such as cybersecurity, data protection impact assessments, and automated decision-making technologies and AI. Director Soltani of California's CPPA is working on setting up a one-stop shop by January 2026 for Californians to request the deletion of their data from all companies.

Commissioner Dufresne emphasized the importance of international cooperation in addressing privacy challenges during the panel discussion. AI remains a top concern for regulators worldwide, with ensuring the protection of privacy in the context of emerging and changing technology being a key priority.

The PDPC of Thailand is promoting ASEAN MCCs with the Thai Chamber of Commerce. The Second Japan Privacy Symposium underscored the importance of these regional discussions in shaping the future of data protection and privacy regulations in APAC and beyond.

[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4]

1. The Second Japan Privacy Symposium underscored the need for continual dialogue and cooperation among global data protection authorities (DPAs) in the context of pressing privacy and data governance issues.
2. Commissioner Shuhei Oshima from the PPC emphasized the importance of international collaboration, artificial intelligence (AI) governance, and the evolving landscape of data protection laws during the Symposium.
3. In 2024 and beyond, APAC DPAs prioritize enhancing cybersecurity resilience, broadening regulatory oversight, and advancing data governance frameworks to address evolving technological and geopolitical challenges.
4. Countries like Singapore are amending their cybersecurity laws to cover not only critical infrastructure but also digital service providers and foundational digital infrastructure, ensuring stronger accountability and special designations for sensitive entities.
5. Strengthening operational resilience and cross-sector collaboration is another significant focus, as demonstrated by Australia's amendments to its Security of Critical Infrastructure Act.
6. Proactive and coordinated defenses are required to respond to increasingly sophisticated and geopolitically charged cyber threats facing APAC DPAs.
7. Public sector cybersecurity initiatives in the APAC region prioritize elevating digital infrastructure standards, ensuring equitable digital access, and overcoming legacy technology hurdles that inhibit data sharing and scaling up secure services.
8. Integrating privacy with emerging technologies like AI is an ongoing legislative development across APAC, with rules on AI as well as data protection being developed to balance innovation with privacy and accountability.
9. Commissioner Dufresne highlighted the significance of international cooperation in addressing privacy challenges, with AI remaining a top concern for regulators worldwide, particularly ensuring the protection of privacy in the context of emerging and changing technology.

Read also: