Recent spotlights/focus on APAC data protection laws
Lexology
Description
Japan, Taiwan, Korea, and Mainland China are implementing major privacy and AI reforms reshaping regional compliance.
Japan is reviewing its personal data protection law (APPI), with proposals for administrative fines and collective remedies that would significantly raise compliance risks. In parallel, the rapid growth of AI technologies led to the enactment of the AI Promotion Act in May 2025, which established a national governance framework. While addressing the risks posed by AI, the APPI review also contemplates easing certain rules to foster AI-driven innovation.
Taiwan has begun efforts to amend the Personal Data Protection Act (PDPA), emphasizing stricter security requirements, with additional amendments expected in the future. Once established, a new Personal Data Protection Commission will centralize oversight. Additionally, the Draft National Health Insurance Data Management Act aims to facilitate data sharing for research purposes, including AI training, while providing individuals with opt-out rights.
Korea adopted an AI Act (effective next year) with the aim of fostering the development of AI in a legitimate and responsible manner. The development of AI inevitably requires the use of training data and often overseas cloud services. The privacy regulator is shifting from consent-heavy approaches toward broader lawful bases.
Mainland China is rapidly establishing one of the world’s most comprehensive regulatory frameworks for data privacy. With the rapid advancement of artificial intelligence, China has also introduced AI-specific rules, such as mandatory labeling obligations for AI-generated content. Together, this evolving governance regime creates a wide-reaching compliance landscape, imposing obligations on the handling of personal data, cross-border data transfers, algorithmic accountability, and the responsible use of AI outputs
These developments require businesses to reassess compliance strategies across all four jurisdictions.
Key Takeaways
- Enforcement Intensification: All jurisdictions strengthening penalties - Japan considering fines, Taiwan establishing oversight, Korea implementing AI regulations, China enforcing transfers
- AI-Driven Evolution: Japan and Korea's AI Acts create specialized governance frameworks balancing innovation with privacy
- Centralized Authority: Taiwan's new commission reflects regional shift toward specialized data protection authorities
- Cross-Border Complexity: China's PIPL creates complex multinational compliance requirements across the region
- Multi-Layered Governance: All jurisdictions moving toward sophisticated frameworks combining cybersecurity, data security, and privacy
Speakers:
Yukiko Konno, Counsel, Nagashima Ohno & Tsunematsu
Japan
Yukiko Konno is a counsel at Nagashima Ohno & Tsunematsu. Her practice primarily focuses on domestic and global data governance and other emerging areas, including cybersecurity, data privacy/data protection, AI and IoT issues, as well as cross-border general corporate matters across a range of industry sectors.
She is a graduate of Keio University (2005), Chuo Law School (JD, 2008) and Columbia Law School (LLM, 2015). She was seconded to a private trading company (2015–17) and the Trade Policy Bureau of Ministry of Economy, Trade and Industry of Japan (METI) (2019-22).
Junho Lee, Partner, Bae, Kim & Lee LLC
Korea
Attorney Junho Lee is a leading partner in the TMT Practice Group at Bae, Kim & Lee. With more than a decade of international experience in Europe, an LL.M. from Stanford Law School, and secondee roles at Meta Platforms Inc. and Netflix Services Korea, he offers a deep understanding of global business culture. He advises a broad spectrum of multinational clients—including those in the AI, healthcare, e-commerce, travel, and streaming sectors—on data privacy matters, and also serves as an advisor to the Korean government on issues concerning privacy and artificial intelligence.
Ken-Ying Tseng, Partner, Lee and Li
Taiwan
Ken-Ying Tseng specializes in mergers and acquisitions, personal data protection, e-commerce, the laws of the Internet, telecommunications, and technology. Ken-Ying's technology practices cover artificial intelligence, fintech, OTT, e-payment, P2P lending, autonomous vehicles, domain names, e-signature, on-line game, cybersecurity, e-trading, ICP, MOD, cable TV, and satellite TV and any other matters involving digital or digitalization. Ken-Ying also advises clients on corporate governance, general compliance, offshore and onshore listing, employment, and pharmaceutical-related matters.
Ken-Ying acted as a special advisor of the Taiwan government with regard to personal data protection matters. She is a member of the Digital Economy Commission, International Chamber of Commerce (ICC), the managing director of the Taiwan Internet Governance Forum (TWIGF), and a supervisor of the "Taiwan Internet and E-commerce Association" (TiEA).
Raymond Wang, Partner, Shihui Partners
Mainland China
Raymond Wang is a partner and head of the compliance department, with over 20 years of legal practice experience. A graduate of Tsinghua University Law School (2003), he has built a distinguished career specializing in cybersecurity and data protection, advising leading Chinese and international technology companies on complex compliance matters.
Beyond client work, Raymond plays an active role in shaping China’s regulatory environment. He has supported legislative reviews for multiple ministries and local authorities, and contributed to the drafting of national guidelines and standards on data governance. Internationally, he serves on the expert panel for the ICC’s Data Governance Working Group and the B20 Organization Compliance Working Group. Domestically, he sits on the Expert Advisory Committee for Beijing’s “Two Districts” initiative and the Ministry of Industry and Information Technology’s AI Industry Innovation Project.
Raymond is also a respected scholar and author. He co-authored the monograph International Comparative Study on Personal Information Protection and Data Service Framework, has published widely, and is frequently cited by outlets such as Xinhua News Agency and People’s Daily Online. He lectures on data protection at leading universities including Peking University and Tsinghua University.
His professional excellence has been recognized by major legal rankings, including Chambers (Band 1, Data Protection & Privacy), Asian Legal Business (China Top 15 Data Protection Lawyers, 2023–2025), and The Legal 500 (Leading Lawyer, 2021–2025). In 2021, he was named “Alumni of the Year” by Tsinghua University Law School.
