ASIAN TIMES: DATA & AI (202503)

1. ASEAN Responsible AI Roadmap (2025-2030)

The Association of Southeast Asian Nations released the ASEAN Responsible AI Roadmap (2025-2030) .

The Roadmap is developed to provide actionable steps for ASEAN policymakers and stakeholders to create the ideal conditions for responsible AI to flourish in the region, as well as for AMS to leverage and enable responsible AI in a meaningful, impactful, and sustainable manner by 2030.

The Roadmap provides customized and step-by-step guidance for ASEAN governments to prioritize and operationalize responsible AI in an integrated and interoperable manner.

https://asean.org/book/asean-responsible-ai-roadmap-2025-2030

2. Singapore: PDPC issued three Undertakings

The new Undertakings reveals breaches stemming from various attacks mainly due to cyber-attacks such as ransomeware and phishing, affecting the personal data of over 49,367 individuals.

In response, the affected organisations are to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

  • Encrypt all sensitive data and login credentials
  • Perform periodic vulnerability assessments and penetration testing for all systems, network and target vectors
  • Conduct periodic training for employees on cybersecurity and data protection to raise their awareness on best practices and PDPA obligations. 

https://www.pdpc.gov.sg/news-and-events/announcements/2025/02/new-undertakings-on-27-february-2025

3. China mandates labels for all AI-generated content in fresh push against fraud, fake news

China has released a set of guidelines on labeling internet content that is generated or composed by artificial intelligence (AI) technology, which are set to take effect on Sept. 1.

The guidelines, issued by authorities including the Cyberspace Administration of China (CAC), are aimed at promoting the healthy development of the AI sector and helping internet users spot false information.

https://english.news.cn/20250315/e1015e35a7f149b4b620ec8626d974b2/c.html

4. China Tightened Facial Recognition Regulations

In response to growing public concerns about privacy violations and data security, the Cyberspace Administration of China (CAC) and the Ministry of Public Security (MPS) have jointly introduced the Security Management Measures for the Application of Facial Recognition Technology, aimed at regulating the use of facial recognition technology.

These measures, set to take effect on June 1, 2025, are designed to safeguard personal information rights while ensuring that the technology is applied responsibly and lawfully.

https://www.china-briefing.com/news/china-facial-recognition-regulations-2025

5. KOREA: DeepSeek Temporarily Suspends Its Application Service in Korea

    DeepSeek has temporarily suspended its service in Korea as of February 15, 2025, to enhance compliance with the Personal Information Protection Act (PIPA). The company plans to resume service once necessary improvements are made.

    Although new downloads of the DeepSeek app have been suspended, existing users can continue to access the service. The PIPC urges users to exercise caution and avoid entering personal information into the chatbot until the PIPC’s ex-ante examination is complete. Users who have already downloaded the app or access it via the web are advised to refer to the PIPC’s card news on “How to Use Generative AI While Securing Your Personal Information.”

    https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do

    6. KOREA: The PIPC Wins Lawsuits against Google and Meta

    The Seoul Administrative Court upheld the Personal Information Protection Commission (PIPC)’s sanction against Google LLC (Google) and Meta Platforms, Inc. (Meta) in separate rulings on January 22, 2025.

    The PIPC started launching investigations into Google and Meta’s processing of personal data associated with targeted advertising and imposed KRW 69.2 billion (USD 48 million) on Google and KRW 30.8 billion (USD 21 million) on Meta for collecting the users’ online behavioral data for targeted advertising purposes without obtaining proper consent, along with correction orders, in September 2022.

    https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do

    7. Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment

    The Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out requirements, titled the Guideline on Data Breach Notification (“DBN Guideline”) and the Guideline on Appointment of Data Protection Officer (“DPO Guideline”). With the data breach notification and DPO appointment requirements set to come into force on 1 June 2025, organisations subject to the PDPA, whether data controllers or processors, are recommended to understand and adapt to these guidelines to ensure compliance.

    https://privacymatters.dlapiper.com/2025/03/malaysia-guidelines-issued-on-data-breach-notification-and-data-protection-officer-appointment/

    8. Hong Kong’s PCPD publishes guidelines regarding employees’ use of Gen AI

    With the growing adoption of generative AI (Gen AI) in Hong Kong, the Office of the Privacy Commissioner for Personal Data (PCPD) has published the Checklist on Guidelines for the Use of Generative AI by Employees.

    The Guidelines aim to assist organisations in developing internal policies or guidelines on the use of Gen AI by employees at work, while complying with the requirements of the Personal Data (Privacy) Ordinance (PDPO).

    https://www.humanresourcesonline.net/hong-kong-s-pcpd-publishes-guidelines-regarding-employees-use-of-gen-ai

    ASIAN TIMES: DATA & AI (202405)

    Asia Pacific, including Japan, has led dealmaking activities in the global data centre market this year, with M&A value totalling $840.47 million, more than half of the global amount, LSEG data showed.

    Continue reading

    Building Trust in AI: The Certification Approach

    “AI represents the future, and trust is the bridge that will take us there.”

    — K.L.

    Trustworthy AI

    Upon the unveiling of ENVIDA’s Q1 2024 financial report, the leading luminary in the AI-chip manufacturing and service sector, the public has enthusiastically lauded the company’s exceptional performance. This accomplishment serves to reinforce the current and projected robust growth of the AI ecosystem.

    Concurrently, the global landscape of AI is witnessing a dynamic evolution in terms of regulation and policy. The EU’s AI ACT has established a nuanced legal architecture, and an array of frameworks, guidelines, statutes, and regulations are emerging across various jurisdictions. These developments are poised to undergo continuous transformation, exerting a profound and enduring influence on industries, communities, and societal structures.

    As AI progresses on its trajectory of expansion and advancement, professionals from legal, social, and ethical spheres are demonstrating a heightened interest in critical issues. These include ensuring safety, upholding ethical standards, enforcing accountability, guaranteeing trustworthiness, and protecting privacy, among others.

    Google’s CEO Sundar Pichai offered seven objectives for AI applications that became core beliefs for the entire company.

    • Be socially beneficial.
    • Avoid creating or reinforcing unfair bias
    • Be built and tested for safety
    • Be accountable to people
    • Incorporate privacy design principles
    • Uphold high standards for scientific excellence
    • Be made available for uses that accord with these principles

    Building trust in the AI era

    The chasm between theoretical principles and tangible application is a pivotal subject that demands attention. To address this, Alan Winfield of the University of Bristol and Marina Jirotka from Oxford University propose a comprehensive, four-layer governance framework for AI systems, which could effectively narrow this divide.

    This governance framework encompasses the following elements:

    (1) reliable systems based on sound software engineering practice;

    (2) safety culture through proven business management strategies;

    (3) trustworthy certification by independent oversight, and

    (4) regulation by government agencies.

    Central to the concept of independent oversight is the reinforcement of legal, moral, and ethical tenets that underpin human or organizational accountability and liability for their products and services. Nonetheless, the notion of responsibility is inherently intricate, with subtleties and complexities that are especially pronounced in the face of rapid technological progression and the concurrent evolution of regulatory frameworks.

    To navigate these complexities, it is imperative to adopt a dynamic governance approach that not only reflects the current technological landscape but also anticipates future developments. This involves continuous dialogue among technologists, ethicists, legal experts, and policymakers to ensure that AI systems are governed responsibly and ethically, aligning with societal values and expectations.

    From privacy trust to AI trust

    Certifications, as outlined in Articles 42 and 43 of the General Data Protection Regulation (GDPR), have been acknowledged and incorporated as integral components of compliance mechanisms.

    Certain marks and seals have garnered official recognition from European supervisory authorities, exemplified by the likes of EuroPrise and Europrivacy.

    Beyond these, entities such as Trustarc are proactively delivering independent assurance and compliance verification services, which are pivotal in substantiating an organization’s adherence to regulatory standards.

    The question arises whether the successful establishment of privacy trust can be analogously applied to the realm of AI trust. The affirmative response is warranted, given that the majority of AI operations are fundamentally predicated on data.

    While we don’t need to reinvent the wheel, it is crucial to leverage the accumulated experience and successful outcomes from the domain of data protection and privacy governance.

    By building upon the established frameworks and practices, we can effectively extend these principles to AI governance, ensuring that AI systems are developed and deployed with a strong foundation of trust, compliance, and ethical considerations.

    In April, Trustarc announced the first client to be certified under the newly launched TRUSTe Responsible AI Certification. “This certification marks an important step for the industry towards greater accountability and trust in the technologies shaping our future.” Noël Luke, Chief Assurance Officer at TrustArc said.

    ASIAN TIMES: DATA & AI (202403)

    The guidance provides clarity for the use of personal data to train and develop AI systems, information to be provided to consumers for obtaining lawful consent, information for third-party developers employing AI models and best practices for complying with the Personal Data Protection Act. 

    Continue reading

    ASIAN TIMES: DATA & AI (202404)

    1. Tesla’s self-driving bid for China faces rivals racing ahead

    On a whirlwind trip to Beijing starting Sunday, Musk came to discuss the potential rollout of its FSD driver-assistance system and the possibility of securing government approvals for overseas transfers of data from Tesla , opens new tab vehicles in China, according to a source with knowledge of the trip.

    If Tesla succeeds in bringing its “Full Self-Driving” system to China, the world’s largest car market, the U.S. electric-car pioneer will be shifting into the fast lane of the global race toward autonomous vehicles.

    https://www.reuters.com/business/autos-transportation/teslas-self-driving-bid-china-faces-rivals-racing-ahead-2024-04-30/

    2. EU-Japan: the Council approves a protocol to facilitate free flow of data

    The protocol will provide greater legal certainty, ensuring that data flows between the EU and Japan will not be hampered by unjustified data localisation measures, and also ensuring the benefit from the free flow of data according to the EU and Japan’s rules on data protection and the digital economy.

    The protocol will enable companies to handle data efficiently without cumbersome administrative or storage requirements and provide them with a predictable legal framework.

    https://www.consilium.europa.eu/en/press/press-releases/2024/04/29/eu-japan-the-council-approves-a-protocol-to-facilitate-free-flow-of-data/

    3. Global CBPR Forum Announces the Establishment of the Global CBPR and Global PRP Systems and Welcomes New Global CAPE Participants

    Celebrating the second anniversary of its establishment, the Global CBPR Forum (Forum) announces the establishment of the Global CBPR and Global PRP Systems with the appointment of Accountability Agents and the publication of the System documents.  The publication of these documents sets the stage for Accountability Agents to start issuing Global CBPR and Global PRP certifications to interested organizations this summer.

    On May 15-17, the Forum will also be welcoming government officials, regulators, and other privacy experts from around the world to its fifth multilateral, multistakeholder workshop in Tokyo, Japan. 

    https://www.globalcbpr.org/global-cbpr-forum-announces-the-establishment-of-the-global-cbpr-and-global-prp-systems-and-welcomes-new-global-cape-participants/

    4. Tesla’s self-driving bid for China faces rivals racing ahead

    Singapore’s Cyber Security Agency released its response to feedback it received during public meetings to address updating the Cybersecurity (Amendment) Bill. The guidance answers questions about the amendment including concerns it would increase the cost of compliance efforts for businesses. The CSA aims to update the bill to ensure it remains relevant to the digital landscape.

    https://www.csa.gov.sg/legislation/consultations/public-consultation-on-the-cybersecurity-(amendment)-bill

    5. EU-Japan: the Council approves a protocol to facilitate free flow of data

    The Personal Information Protection Committee approved the “Notice Amendment on Personal Information Impact Assessment”, which reflects the contents of the Personal Information Protection Act revised last year.

    Through the revision of this notice, 3 evaluation fields and 7 detailed fields, including ‘pseudonymous information processing’, ‘portable image information processing equipment’, and ‘automated decision’, were newly established, and the number of evaluation fields increased from 25 to 28, and detailed The field was expanded from 55 to 62.

    https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=10083

    6. Global CBPR Forum Announces the Establishment of the Global CBPR and Global PRP Systems and Welcomes New Global CAPE Participants

    Japan’s data protection authority, the Personal Information Protection Commission, released its triennial review of the Act on the Protection of Personal Information. The report details potential provisions to the APPI, including a surcharge system and possible criminal penalties in an effort to increase compliance.

    https://www.ppc.go.jp/files/pdf/240322_shiryou-1.pdf

    7. Singapore’s Cyber Security Agency released notes on the Cybersecurity (Amendment) Bill discussion

    Microsoft will invest US$1.7 billion in Indonesia to empower the Southeast Asian country with cloud services and artificial intelligence, including by building data centres, visiting chief executive Satya Nadella said on Tuesday (Apr 30).

    https://www.channelnewsasia.com/business/microsoft-invest-us17-billion-cloud-ai-indonesia-ceo-says-4302411