Digital Transformation Shaping Data Governance
Policy in the Asia-Pacific


The Challenge

Privacy and data protection are two of the fastest-evolving policy issues underpinning the global digital economy. But they’re not monolithic – cultural context matters. While the EU’s General Data Protection Regulation (GDPR) has dominated the headlines in recent years, other parts of the world are working to put their own stamp on these issues, ensuring trust in the flow of information while respecting their own cultures, traditions, and economic development goals. Nowhere is this more true than in Asia, where the two premier economic policymaking forums – the Asia-Pacific Economic Cooperation (APEC) forum, and the Association of Southeast Asian Nations (ASEAN) – have worked to develop their own mechanisms to enable regional and global data flows. But how can these organizations ensure that Asian-Pacific perspectives on privacy are heard on the global stage?

Why CMI?

C&M International provided a unique value proposition that was uniquely suited to this project  over thirty years’ experience working in the Asia-Pacific, including within APEC and ASEAN, combined with substantive know-how related to privacy and data protection issues, data flows, and related matters. We partnered with senior attorneys in Crowell & Moring’s Privacy & Cybersecurity practice group to leverage additional technical expertise. Our collective team combines technical experience with an up-to-date understanding of how regulatory frameworks for data are being developed around the world, along with the creative advocacy approaches to engage with policymakers.


What We Did

C&M International has worked for years as an advocate, technical advisor, and trusted partner on data governance matters to companies and organizations throughout Asia.

  • To promote awareness and understanding of the APEC CBPRs, we created a practical guide that delivers a concise primer  suited for policymakers and non-privacy professionals, alike  on how the system works and its benefits.
  • We debuted this guide by convening policy discussions, such as a session entitled “Asia-Pacific Perspectives on Privacy” at the Global Privacy Assembly (formerly the International Conference of Data Protection & Privacy Commissioners) in Brussels, Belgium, and also featured it in other international data protection events.
  • In ASEAN, we helped lead a multi-year, technical process with data protection authorities and digital economy officials to create, secure ministerial endorsement of, and draft an implementation roadmap for a cross-border data transfer mechanism, as part of the ASEAN Digital Data Governance Framework.