Discussion Highlights from the Second Japan Privacy Symposium: Data Protection Agencies Worldwide Share Their 2025 Goals, Ranging from AI Regulation to Cross-Regulatory Cooperation
The Second Japan Privacy Symposium, held in Tokyo on November 15, 2024, brought together data protection authorities from the Asia-Pacific region to discuss common priorities and strategies for adapting to the rapidly evolving digital landscape.
The event, which was an official side-event of the 62nd Asia-Pacific Privacy Authorities (APPA) Forum (APPA 62), featured discussions on international collaboration, AI governance, and the evolving landscape of data protection laws.
One of the main focuses was the need for Asia-Pacific countries to update their data protection laws to align with global standards like the GDPR. For instance, Malaysia shared its progress on amendments to its Personal Data Protection Act (PDPA), focusing on key updates like mandatory data breach notifications, the appointment of data protection officers (DPOs), data portability rights, and tighter cross-border data transfer rules.
Another priority was the introduction of stronger governance measures such as mandatory breach notification and DPO roles. Commissioner Nazri of Malaysia's PDPD highlighted the issuance of 19 new documents in tranches throughout 2025.
Enhancing cross-border data transfer regimes was also a significant topic. Thailand's PDPC, for example, has prioritized cross-border data transfers, having adopted ASEAN Model Contractual Clauses (MCCs) and EU Standard Contractual Clauses (SCCs) in their subordinate laws.
Addressing AI-related privacy and ethics concerns was another key point of discussion. AI remains a top concern for regulators worldwide, and the CPPA in California is deeply engaged in rule-making, focusing on cybersecurity, data protection impact assessments, and automated decision-making technologies and AI.
The importance of international cooperation was emphasized by Commissioner Dufresne, who discussed the OPC's efforts to collaborate with domestic and international partners, including other regulators in fields such as competition, copyright, broadcasting, telecommunications, cybersecurity, and national security.
The symposium also featured a panel moderated by Gabriela Zanfir-Fortuna, Vice-President for Global Privacy at FPF, on the regulatory strategies of APAC and global DPAs. The panel discussed common priorities among APAC's major DPAs, including cybersecurity, cross-border data transfers, and AI governance.
Commissioner Shuhei Oshima from the PPC delivered the opening keynote at the Symposium, and FPF was invited to participate in speaking opportunities during the closed and public sessions of APPA 62.
In conclusion, the Second Japan Privacy Symposium demonstrated a coordinated effort among Asia-Pacific authorities to adapt to evolving digital ecosystems and enforce responsible data practices. The event underscored the importance of increasing regional cooperation and regulatory activity in data protection and AI governance.
[1] These priorities illustrate a coordinated effort among Asia-Pacific authorities to adapt to evolving digital ecosystems and enforce responsible data practices as showcased at the symposium.
[2] Malaysia shared its progress on amending its Personal Data Protection Act (PDPA), emphasizing key updates like mandatory data breach notifications, appointing data protection officers (DPOs), implementing data portability rights, and tightening cross-border data transfer rules.
[3] Enhancing cross-border data transfer regimes was a significant topic, with Thailand's PDPC prioritizing such transfers by adopting ASEAN Model Contractual Clauses (MCCs) and EU Standard Contractual Clauses (SCCs) in their subordinate laws.
[4] Commissioner Nazri of Malaysia's PDPD highlighted the issuance of 19 new documents in tranches throughout 2025 aimed at strengthening compliance with data protection policies.
[5] Addressing AI-related privacy and ethics concerns was another key focus, with AI remaining a concern for regulators worldwide and emphasis on cyberssecurity, data protection impact assessments, and automated decision-making technologies and AI.
[6] The event emphasized the need for international collaboration, as shown by the OPC's efforts to collaborate with domestic and international partners in various fields, such as competition, copyright, broadcasting, telecommunications, cybersecurity, and national security.
[7] The symposium also featured discussions on AI governance, which remains a top concern for regulators worldwide, with the CPPA in California deeply engaged in rule-making related to cyberssecurity, data protection impact assessments, and automated decision-making technologies and AI.
[8] The importance of regional cooperation in data protection and AI governance was underlined by the symposium, demonstrating a coordinated effort among Asia-Pacific countries to update their laws to align with global standards like GDPR.
[9] The Second Japan Privacy Symposium hosted a panel moderated by Gabriela Zanfir-Fortuna on the regulatory strategies of APAC and global DPAs, highlighting common priorities among APAC’s major DPAs in areas such as cybersecurity, cross-border data transfers, and AI governance.
[10] panel discussed dialogue on the role of technology, data-and-cloud-computing, artificial-intelligence, education-and-self-development, policy-and-legislation, politics, and general-news in shaping the future of data protection and AI governance.
