Asian Legal Update: Third Quarter 2022 (Jul. - Sep.)

Indonesia Authors: Miriam Andreta, Jeanne Elisabeth Donauw 1. Indonesia’s Personal Data Protection Law Indonesia’s Personal Data Protection Law (PDP Law) marks the introduction of the country’s first comprehensive personal data protection law. The PDP Law applies to legal acts performed by a person both in and outside the Indonesian territory, but for the latter only as far as they affect (a) those in the Indonesian territory, or (b) Indonesian nationals outside the Indonesian territory. Personal data protection under the PDP Law covers both manual and electronic records, particularly focusing on data that may, directly or indirectly, point to an identified or identifiable individual. Controllers have a period of 2 years to comply with the provisions of the PDP Law, including to make the necessary adjustments to their electronic system that allow data subjects to enforce their regulatory rights. One of the key features of the PDP Law is the possibility for corporations to be subject to both administrative sanctions (including fines in the amount of up to 2 (two) percent of a corporation’s annual income) and criminal sanctions (such as, fines, asset confiscation, and revocation of business licenses). Given its potentially far-reaching consequences, it is important for organisations to understand and assess how and to what extent the PDP Law might impact their existing operations and future conduct. 2. Updated Rules on Withdrawal and Destruction of Drugs Indonesia Food and Drug Supervisory Agency (locally known by its abbreviation “BPOM”) issued Regulation No. 14 of 2022 on Withdrawal and Destruction of Drugs That Do Not Meet Standards and/or Requirements for Safety, Efficacy, Quality, and Labelling which is effective as from 4 July 2022. Some notable updates in the 2022 regulation include: (i) Broader scope: the 2022 regulation covers not only drugs that have obtained a marketing authorization but also drugs that are brought into Indonesian territory by way of special access scheme. (ii) Mandatory withdrawal: in addition to the existing reasons for mandatory withdrawal, the 2022 regulation also adds that mandatory withdrawal must be done if the marketing authorization is expired, not extended, or revoked. (iii) Voluntary withdrawal: the 2022 regulation requires a withdrawal plan to be notified to Head of BPOM and that the Head of BPOM must issue a response letter. (iv) More criterion for withdrawing drugs: The 2022 regulation contains more criterion (compared to those set out in the 2019 regulation) pursuant to which a drug must be withdrawn, such as, parenteral drugs that do not meet the required bacterial endotoxin or pyrogen test specifications; (v) Responsibility of the license holders: The 2022 regulation makes it clear that if there is a drug that has not met the required standards, it is the responsibility of the relevant license holder to make sure that the drugs are withdrawn from the market (by distributors, pharmacy, drug stores, etc.). 3. Special Terminals and Terminals for Own Use In light of construction and operation of special terminals and terminals for own use, Director General of Sea Transportation recently issued Decree number: A.402/AL.308/DJPL dated 22 July 2022 to essentially provide technical guidance and further clarification in relation to licensing issues, following the issuance of Regulation of Minister of Transportation Number PM 52 of 2021 with respect to the same subject matter. To obtain a license, there are certain technical requirements that must be met by the applicant, including, that the location of the special terminal or terminal for self-use is less than 30 kilometers from a public port/special terminal/terminal for self-use that temporarily is used to serve the public. 2 Singapore Authors: Melissa Tan and Chin Su Xian 1. Updated COVID-19 Measures and Regulations With the steady decline in the number of average daily infections and daily hospitalised cases, and the nation’s weathering of the Omicron BA.5 subvariant wave without additional domestic or travel restrictions, the Singapore government has announced further easing of safe management measures, to take another step towards living with COVID-19. From 29 August 2022, among other updated measures, food and beverages can be served at all workrelated events, including those with more than 50 attendees, and event organisers need not notify the authorities about the event. There is also no longer a group size limit on social gatherings and safe distancing between individuals or groups is no longer required. Mask-wearing is now optional for all workplaces except for healthcare facilities, residential care homes and public transport. Further, employers are no longer required to buy COVID-19 travel insurance for all (new and existing) work permit, training work permit and S Pass holders (who must be fully vaccinated for the approval and renewal of all work passes) before they enter Singapore. Presently, fully-vaccinated travellers can enter Singapore without having to apply for entry approval, take COVID-19 tests or undergo Stay-Home Notice (SHN). 2. Changes to work pass regulations The Ministry of Manpower (“MOM”) has announced that with effect from 1 September 2023, the fixed monthly salary criteria to apply for a Personalised Employment Pass (“PEP”) for both existing Employment Pass (“EP”) holders and overseas foreign professionals will be raised to S$22,500. Presently, the PEP is for high-earning existing EP holders earning a fixed monthly salary of at least S$12,000 or overseas foreign professionals with a last drawn fixed overseas monthly salary of S$18,000 within six (6) months before application. MOM will further introduce a new Overseas Networks & Expertise Pass (“ONE Pass”), for which top talents across all sectors in business, arts and culture, sports, science and technology, and academia and research, existing EP holders and overseas candidates can apply from 1 January 2023, if they earn a fixed monthly salary of at least S$30,000 within one (1) year before application. Individuals with outstanding achievements in the arts and culture, sports, science and technology, and academia and research, may be eligible to apply even if they do not meet the salary criteria (further details to be released closer to 1 January 2023). Like the PEP, the ONE Pass is a personalized pass tied to the individual and allows for greater employment flexibility, as individuals may concurrently start, operate and work for multiple companies at any one time, without the need to reapply for a new pass if they change jobs. With respect to the S Pass, presently a category of work pass for mid-skilled foreign (all nationalities) employees (e.g. technicians), the fixed monthly salary criteria has been raised to S$3,000 for new applications from 1 September 2022. The salary should reflect work experience, and older, more experienced applicants need higher salaries to qualify. (Note: Such S Pass monthly salary threshold applies for renewals from 1 September 2023, while the previous salary threshold of at least S$2,500 continues to apply for renewals before 1 September 2023). 3. Raising of retirement age and re-employment age and other enhancements With effect from 1 July 2022, pursuant to the Retirement and Re-employment (Prescribed Minimum Retirement Age) Notification 2022 and the Retirement and Re-employment (Prescribed Re-employment Age) Notification 2022, the prescribed minimum retirement age and re-employment age under the Retirement and Re-employment Act 1993 for employees is 63 years of age (raised from 62 years previously) and 68 years of age (raised from 67 years previously) respectively. The retirement and re-employment ages would eventually be raised to 65 years and 70 years respectively by 2030. This is aimed by the Government to support older workers to continue working for longer if they wish to do so as long as they are willing and eligible and to improve their retirement adequacy. Accordingly, employers are not allowed to dismiss any employee based on an employee’s age and must offer re-employment to eligible employees who turn 63, up to the age of 68, to continue their employment in the organisation. Further, among other eligibility criteria, such employees must have completed at least two (2) years of service (lowered from three (3) years prior to 1 July 2022) in the organisation before turning the age of 63 in order to be offered re-employment. According to the Tripartite Guidelines on the Re-Employment of Older Employees, the recommended range of Employment Assistance Payment (EAP), to be provided with effect from 1 July 2022 is (a) 3.5 months of the employee’s salary (subject to a minimum of S$6,250 and a maximum of S$14,750) for employees aged 62 to below 65 and (b) two (2) months of salary (subject to a minimum of S$4,000 and a maximum of S$8,500) for employees who have been re-employed for at least 30 months since age 63. Such EAP should be offered if the organisation is unable to re-employ an employee because no suitable vacancy for the employee can be found. 3 Thailand Authors: Jirapong Sriwat, Apinya Sarntikasem 1. Establishment of Complaint Procedure under the PDPA On 11 July 2022, the Regulation of the Personal Data Protection Committee (the “PDPC”) re: Filing of Complaints, Rejection, Termination, Consideration, and the Period for Consideration of the Complaints B.E. 2565 (2022) (the “Regulation of the PDPC”) was published in the Government Gazette and came into force on 12 July 2022. The Regulation of the PDPC sets out various requirements and procedures for data subjects to file complaints against a data controller or data processor (including employees and service providers of the data controller and the data processor) who is in violation of or is not in compliance with the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) as well as the handling of such complaints by the Expert Committee. In this respect, a data subject may file a complaint containing certain details (such as the details of the non-compliance with the PDPA and the damage suffered thereof) directly to the Office of the PDPC, by postal mail or electronic form. Such complaint would then be passed to the consideration of the Expert Committee which has the authority to either reject the complaint or accept it and request all involved parties to enter into negotiation. In addition, if it is found that the data controller or the data processor violates the provisions of the PDPA, the Expert Committee may also impose penalties on such data controller or data processor. 2. BOI Amends Criteria on Charging Stations for Electric Vehicles (EV) The Notification of the Board of Investment (“BOI”) No. Sor 2/2565 re: Amendment of Electric Charging Station for EV Vehicles Activity (the “Notification of the BOI”) was announced in the Government Gazette on 11 August 2022 and came into force retroactively on 7 April 2022. Among others, the Notification of the BOI removes the previous requirement to obtain ISO 18000 certification and instead adjust the condition to simply require compliance with the laws or regulations relating to standards and safety (such as the laws under the Ministry of Energy, the Metropolitan Electricity Authority, the Provincial Electricity Authority, and the Ministry of Industry, to name a few). The Notification of the BOI also grants a 5-year corporate income tax exemption in the case of at least 40 charging dispensers of which at least 25 percent are DC type (quick charging units), or a 3-year corporate income tax exemption in other cases (e.g. smaller charging stations). Furthermore, projects which have already received investment promotion, or which have applied for promotion in such category are entitled to submit a request to change the project type to be under the new criteria. 3. Criteria on Advertisement by Digital Asset Business Operators As advertising by digital asset business operators were previously left unregulated, the Securities and Exchange Commission (the “SEC”) has introduced two notifications to address the issue in which members of the public may be persuaded to use such service or trade cryptocurrencies without considering the risks involved, namely the Notification of the SEC’s Office No. Sor Thor. 22/2565 re: Criteria on the Details on Advertising and Sales Promotion Undertaken by Digital Asset Business Operators and the Notification of the SEC No. Kor Thor. 19/2565 re: Criteria, Conditions and Procedures on Digital Asset Business Operation (No. 17) (collectively, the “Notifications of the SEC”) which were published in the Government Gazette on 1 September 2022 and came into effect on the same day. Under the Notifications of the SEC, the advertisements of digital asset business operators must not contain exaggerated or distorted information and must include warnings on the investment risks (whereby the format of the warning must be clear and must present a balanced view by containing both positive and negative aspects of the investments), among other requirements. 4. PDPA Guidelines on Consent and Notification On 7 September 2022, the PDPC published two separate guidelines, namely the Guidelines on Obtaining Consent from the Data Subject Pursuant to the PDPA (the “Guidelines on Obtaining Consent”) and the Guidelines on Notification of Purpose and Details Upon the Collection of Personal Data from the Data Subject Pursuant to the PDPA (the “Guidelines on Notification”), for data controllers to comply with in notifying the data subject of certain information and in obtaining the data subject’s consent. Under the Guidelines on Obtaining Consent, the data controller must obtain the consent of the data subject (which can be in any form in the absence of a prescribed compulsory standard form by an industry specific law but provided that such consent is freely given) before or at the time of collecting personal data, whereby the data subjects must be well informed of the purpose and details of the processing of personal data (through a privacy notice), among other specific requirements. In relation to the privacy notice, the Guidelines on Notification, among others, prescribe that the privacy notice may be given to the data subject in a wide array of forms, such as in writing, verbally, through SMS, email, or QR code format. 4 Vietnam Authors: Vu Le Bang (Partner) and Nguyen Thi Thanh Huong (Counsel) 1. Decree 53/2022/ND-CP Detailing a Number of Articles of the Law on Cybersecurity (“Decree 53”) This long-awaited regulation guiding some articles of the Law on Cybersecurity was issued on 15 August 2022 and came into effect from 1 October 2022. Among other matters, Decree 53 notably provides: (i) legal grounds and procedures for Vietnamese authorities to apply takedown measures against violating acts in cyberspace (e.g., removal of illegal information, collection of illegal data for investigation, and temporary or permanent suspension of information system operation or revocation of domain name); and (ii) detailed guidance on requirements on data storage and establishment of a branch/representative office in Vietnam applicable to domestic and foreign enterprises (e.g. conditions that trigger the application of those requirements and regulatory period for data storage upon request of competent authority which is no less than 24 months). 2. Drafts For Amendment of the Land Law (“Draft Land Law”), Law on Real Estate Business (“Draft LOREB”) and Law on Housing (“Draft LOH”) Recently, the Draft Land Law, Draft LOREB and Draft LOH have been introduced as a part of law and ordinance building program of 2023 with the following notable contents: (i) Draft Land Law: under this draft, provisions on land price range announced by the Government every 05 years, which could be adjusted if the common market land price is increased/decreased by 20% compared with those in the range, is abolished. Alternatively, only the local People’s Committees will determine and announce the land price tables. Cases where the State shall lease land and collect a lump-sum payment of rent are narrowed down to include projects using land for investment in agricultural production, forestry, aquaculture or salt production and those using land in industrial zones, industrial complexes, export processing zones and high-tech zones only; leasing land in other cases will be subject to annual rent payment. Further, the draft expressly allows foreign invested enterprises using land leased from the State with annual rent payment to mortgage or transfer the lease right under a lease contract which is silent in the current Land Law. Lastly, the draft proposes to prohibit land acquisition via the forms of land use right transfer or lease or land use right capital contribution to develop housing projects. (ii) Draft LOREB: this draft newly supplements condotel, resort villa and officetel into the concepts of existing construction works and construction works to be formed in the future which are available for trading and concurrently provides legal ground for registration of ownership of such kinds of construction work in a land use right certificate. Moreover, this draft makes it clear that conditions and procedures for transfer of real estate projects shall follow the LOREB instead of the Law on Investment. The draft also introduces a new set of regulations on transfer of land use rights for lands having technical infrastructure which is under debate with concern to the feasibility and suitability. (iii) Draft LOH: a significant point of the draft is the proposal on two options for the ownership terms of apartments, including (a) limited ownership term based on the usage term of the apartment building in accordance with the Law on Construction, and (b) ownership term associated with stable and long term land use rights as prescribed in the Law on Land. Moreover, the draft provides additions and amendments on, amongst others, renovating and rebuilding apartment buildings, social housing policy, management and use of apartment buildings, and sale and purchase of housing. 3. Draft Decision on the Portal for Search and Consultation on Regulations in relation to Business Activities A draft Prime Minister’s decision on a portal for search and consultation on regulations in relation to business activities (the “Portal”) has been proposed and published for public comment since July 2022. The Portal is intended to display all business-related regulations and provide an interaction platform between the State agencies and public audience in an official, comprehensive and centralized manner. The scope of regulations to be published include all regulations issued by State agencies and authorized persons legally binding on organizations and individuals who participate in business activities. Under the proposal, information about effective regulations published on the Portal will have legal validity and enforceability, while responses and comments given by ministries, agencies and other competent authorities are deemed as their official opinion.