Malaysia has issued a public consultation paper Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017, including a draft initial “whitelist” of jurisdictions deemed adequate for overseas data transfers. The consultation closes on 4 May 2017.
The draft whitelist, if passed, will be the first of its kind in the region, and may serve as the blueprint of similar whitelists for neighbouring jurisdictions whose laws anticipate a whitelist (although the test for adequacy varies between the data protection laws across Asia). While the draft whitelist reflects the jurisdictions in the EU adequacy list, it is by contrast notably longer and contains a much more diverse range of jurisdictions, including some with very new data protection regimes.
The proposed whitelist in the draft is as follows:
- European Economic Area (EEA) member countries
- United Kingdom
- The United States of America
- New Zealand
- Faeroe Islands
- Isle of Man
- Hong Kong
- The Philippines
- Dubai International Financial Centre (DIFC)