The Asia-Pacific, or APAC region, comprising of countries such as Australia, China, India, Japan, Singapore, Indonesia, and Vietnam, has the largest number of internet users in the world, at around 2.1 billion. The region also accounts for 64% of the global e-commerce sales.
For a variety of cultural, political, and economic reasons, the APAC region has also been at the vanguard of digitisation, digital innovation, and digital governance. This is demonstrated in the endorsement of the “Osaka Track” – an overarching framework promoting cross border data flow with increased protections – by a majority of APAC members, with the notable exceptions of India and Indonesia.
The creation of a global standard for free flow of data to foster innovation, with safeguards for privacy, security, and intellectual property, is an admirable endeavour. However, it is bound to face various hurdles. Any agreement on the final text will require consensus on how to frame these protections, especially considering different countries have different privacy and data protection laws, e-commerce regulations, and data localisation requirements.
In a series of blog posts, we will be exploring how different APAC countries such as Australia, Indonesia, Japan, Singapore, and others deal with such data governance issues. We will focus on their rules governing cross-border data flows and e-commerce, grounds of data processing, obligations on data controllers and processors, offences, penalties and enforcement, individual rights, and the exemptions/exceptions given to law enforcement agencies on privacy issues. Our multi-part series will not cover the South Asia countries. We have dealt with the data protection frameworks of Sri Lanka, Bangladesh, and Nepal (here and here); and have extensively covered issues of privacy, data localisation, e-commerce for India (here, here, and here respectively). We are also continuing our series on South Asia – keep an eye out on our blog!
In this introductory post, we have set out some of the applicable data governance frameworks in the APAC region (II), followed by an explanation of the Osaka Declaration (III) and the reasons why India and Indonesia (along with South Africa) refused to sign on it (IV). Part V concludes.
II. Data governance and privacy frameworks in the APAC region
Countries in the APAC region have a rich tradition of entering into agreements on digital governance and privacy, although their implementation may vary at the national level.
One of the earliest initiatives was the establishment of the Asia Pacific Telecommunity (APT) in 1979 on the joint initiatives of the United Nations Economic and Social Commission for Asia and the Pacific (UNESCAP) and the International Telecommunication Union (ITU). APT was set up as an inter-governmental organisation, focused on the APAC region’s telecommunication and ICT sectors. It has 38 members, some of which include Australia, China, Japan, India, Indonesia, Singapore, Thailand and Viet Nam. The members meet every five years and last met in Singapore in 2019 with the aim of increasing regional cooperation around five issues over the next five years. These issues were digital transformation, digital innovation and creativity, digital community, digital trust, and digital capacity building and partnerships. 
Privacy too, has been a cornerstone of the APAC region through the Asia Pacific Economic Cooperation (APEC) Privacy Framework. APEC members include Japan, Singapore, China, Thailand, Viet Nam, Australia, and the U.S. among others. The APEC Privacy Framework is a set of information privacy principles and implementation guidelines that reaffirms the value of individual privacy and the importance of information flow, while promoting e-commerce throughout the APAC region. It has been modelled on the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data and consists of nine information privacy principles – preventing harm, notice, collection limitation, use of personal information, choice, integrity of personal information, security safeguards, access and correction, and accountability. This is accompanied by separate guidelines on measures to implement the Framework domestically and internationally.
The implementation of the APEC Privacy Framework takes place through the APEC Cross Border Privacy Rules System (CBPR), which is a “government-backed data privacy certification” that companies can join to show their compliance with internationally-recognized data privacy protections. The CPBR is similar to the US-EU Privacy Shield. Japan, for instance, has recognised the CPBR system to allow data transfers across borders in accordance with domestic law.
E-Commerce regulation has also separately been included in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), comprising of Japan, Viet Nam, Singapore, Malaysia, Brunei, Canada, Mexico, Australia, New Zealand, Peru, and Chile (after the US withdrew). The CPTPP text contains a separate chapter on e-commerce regulation and cross border data flow, along with other areas of global trade.  For instance, Article 14.13 of the original Trans-Pacific Partnership (TPP) Agreement expressly stipulated that no country could require a covered person to use or locate its computing facility, including its servers, in that country’s territory as a condition for doing business there.
III. Osaka Declaration
At the G20 Summit in Osaka in 2019, a group of 24 countries including Australia, China, the EU, Japan, Singapore, Thailand, Viet Nam, U.S.A., and U.K. signed the “Osaka Declaration of Digital Economy” expressly recognising data as an “important source of economic growth”. The Osaka Declaration focuses on “promoting national and international policy discussions” to harness the “full potential of data and digital economy” so as to foster innovation and “maximise the benefits of digitalization and emerging technologies.”
These countries formally declared the launch of the “Osaka Track”, to demonstrate their commitment to promoting international policy discussions on international rule making on trade related aspects of e-commerce at the WTO. They also resolved to increase their efforts to engage with “relevant international fora” for that purpose. Apart from this, the countries confirmed their commitment to reach a “high standard agreement” that included the participation of “as many WTO members as possible”, with efforts to make substantial progress at the 12th WTO Ministerial Conference in June 2020. Interestingly, the proposed rules on digital trade in Osaka are reportedly based on the CPATPP.
While launching the Osaka Track, the Japanese Prime Minister Shinzo Abe once again underscored the importance of “Data Free Flow with Trust” (DFFT)), a concept that calls for a set of international rules that will facilitate e-commerce as well as free cross-border movement of data, and remove restrictions on data storage in foreign servers.
IV. India and Indonesia: Understanding their reservations to the Osaka Declaration
India, Indonesia, and South Africa boycotted/abstained the Osaka Track, and did not sign the Osaka Declaration on Digital Economy.
India and Indonesia’s opposition to the Osaka Declaration was predicated on the view that the Osaka Track overtly undermined the “multilateral” principles of consensus-based decision making in international trade negotiations; and that it denied “policy space” for the growth of the digital economy in developing countries. India, reportedly, did not agree with Japan’s approach of promoting digital governance, digital trade/data flow discussions on a plurilateral basis, outside the remit of the World Trade Organisation (WTO) and its 1998 Work Programme on digital economy and e-commerce. The Indian approach has been that data (as part of national wealth) is one form of trade, and important for development; and hence, any digital economy negotiations have to happen within the WTO framework (which adopts a consensus-based approach).
In addition to the above reasons, Indonesia’s abstention from the G20 Osaka Declaration was also a result of its concerns about “possible digital data exploitation” by countries with more advanced digital technologies; and the under-emphasis given to data privacy. Incidentally, Indonesian law imposes strict data localisation requirements in the context of e-commerce. At the same time, Indonesia joined the G20 Osaka Leaders’ commitment to data privacy through the DFFT initiative headed by Japanese Prime Minister Abe, which recognised that free flow of data “raises certain challenges”.
Although countries did not sign the Osaka Declaration, India and South Africa succeeded in introducing some compromise language in the G20 Osaka Leaders’ Declaration under the “Innovation: Digitization, Data Free Flow with Trust” section. This included re-affirming the importance of the 1998 WTO Work Programme on e-commerce; recognising the “critical role” played by effective data use to facilitate “economic growth, development, and social well being”; and the need to achieve an inclusive and sustainable society through digitalisation and emerging technology
The rise of digital data is a reality of our times
and is accompanied by significant challenges around ensuring data protection
and privacy, while also recognising the economic value of data. For the Osaka
Track to succeed (even without the involvement of India, Indonesia, and South
Africa), all the APAC countries will have to agree to a common framework. This
will depend on the data governance rules applicable in those countries, such as
the rules governing the collection, processing, and sharing of data as well as
the data storage/localisation and e-commerce rules. Over the next few posts, we
plan to explore these data governance frameworks of different APAC countries in
detail, starting with Australia.
Authored by Ikigai Law Team.
 Statista, Number of internet users in selected countries in the Asia-Pacific region as of January 2019, by country, available at
 Rakuten Advertising, Report: The 2019 state of e-commerce , Asia Pacific, available at, https://rakutenadvertising.com/en-uk/resources/ecommerce-in-apac-2019/
 Fredrik Erixon, European Centre for International Political Economy, Embracing Innovation and Economic Development: A Policy Perspective for the Asia-Pacific Region, available at https://ecipe.org/wp-content/uploads/2017/05/ECIPE_FErixon_AsiaDigital_XPRINT.pdf
 Cullen International, Regional and Sub-Regional Approaches to the Digital Economy: Lessons from Asia Pacific and Latin America (2019), available at < https://www.cullen-international.com/studies/2019/Regional-and-Sub-Regional-Approaches-to-the-Digital-Economy–Lessons-from-Asia-Pacific-and-Latin-America.html>See also Alex Wall, GDPR matchup: The APEC Privacy Framework and Cross-Border Privacy Rules, available at https://iapp.org/news/a/gdpr-matchup-the-apec-privacy-framework-and-cross-border-privacy-rules/.
 Eileen Yu, APAC nations pledge digital cooperation, but acknowledge some implementation challenging, available at https://www.zdnet.com/article/apac-nations-pledge-digital-cooperation-but-acknowledge-some-implementation-challenging/
 APEC Privacy Framework (2015), available at https://www.apec.org/About-Us/About-APEC/Fact-Sheets/What-is-the-Cross-Border-Privacy-Rules-System
 Wall, supra note 5.
 Council for Foreign Relations, What Is the Trans-Pacific Partnership (TPP)?, available at https://www.cfr.org/backgrounder/what-trans-pacific-partnership-tpp
 Consolidated TPP Text – Chapter 14 – Electronic Commerce, available at https://www.international.gc.ca/trade-commerce/trade-agreements-accords-commerciaux/agr-acc/tpp-ptp/text-texte/14.aspx?lang=eng&_ga=2.144175089.536252413.1585133191-1800027158.1585133191
 The full list of countries includes Argentina, Australia, Brazil, Canada, China, the European Union, France, Germany, Italy, Japan, Mexico, Republic of Korea, Russian Federation, Saudi Arabia, Turkey, United Kingdom, United States, Spain, Chile, Netherlands, Senegal, Singapore, Thailand, and Vietnam.
 Osaka Declaration on Digital Economy, available at https://www.meti.go.jp/press/2019/06/20190628001/20190628001_01.pdf
 D. Ravi Kanth, India boycotts ‘Osaka Track’ at G20 summit, available at,
 Satoshi Sugiyama, Abe heralds launch of ‘Osaka Track’ framework for free cross-border data flow at G20, available at https://www.japantimes.co.jp/news/2019/06/28/national/abe-heralds-launch-osaka-track-framework-free-cross-border-data-flow-g20/#.XnrzDdMzY_U
 Ravi Kanth, supra note 17.
 Trishla Jalan, India boycotts Osaka Track, says global talks on digital economy should be held within WTO, available at https://www.medianama.com/2019/07/223-india-boycotts-osaka-track/
 Ministry of External Affairs, Transcript of Media Briefing by Foreign Secretary after BRICS Leaders’ Informal meeting in Osaka, available at https://www.mea.gov.in/media-briefings.htm?dtl/31516/Transcript_of_Media_Briefing_by_Foreign_Secretary_after_BRICS_Leaders_Informal_meeting_in_Osaka
 Agnes Anya, Indonesia’s G20 abstention result of data protection concerns, available at https://www.thejakartapost.com/news/2019/07/04/indonesias-g20-abstention-result-of-data-protection-concerns.html
 Arindrajit Basu, The Retreat of the Data Localization Brigade: India, Indonesia and Vietnam, available at https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/
 G20 Ministerial Statement on Trade and Digital Economy, available at http://www.g20.utoronto.ca/2019/2019-Ministerial_Statement_on_Trade_and_Digital_Economy.pdf
 Ravi Kanth, supra note 17.
 G20 Osaka Leaders’ Declaration, available at https://www.mofa.go.jp/policy/economy/g20_summit/osaka19/en/documents/final_g20_osaka_leaders_declaration.html