Exploring Trends: From “Consent-Centric” Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific

Personal Data Protection Week 2021 September 16, 2021 @ 2:00pm - 4:00pm SGT


PLEASE NOTE: Registration for the Sept 16th event is closed. Visit the REGISTER link to view and register for additional sessions during Personal Data Protection Week. To be placed on a waitlist for the Sept 16th event email [email protected].

In collaboration with Singapore’s Personal Data Protection Commission (PDPC) and the Asian Business Law Institute (Singapore).  

In Asia like elsewhere, obtaining the user’s consent has long been considered the basis of any regulatory and compliance approach to data protection. Today, this approach is called into question, and alternatives exist which hold many promises. This seminar brings together some of the best regional experts who will identify the challenges posed by the extensive use of notice & consent in the Asia Pacific.

They will analyze existing alternatives like “legitimate interests” or similar concepts, and explore the diversity of solutions that policymakers may use to create a sustainable balance between accountability and individual protection in APAC.
Program (Please note: All times are in SGT)
2:00 pm – Introduction
2:05 pm – Opening Remarks
2:15 pm – Panel 1: Switching from a consent-centric approach to privacy accountability: a comparative view of APAC data protection laws
3:00 pm
– Panel 2: Shaping choices in the digital world: how consent can become meaningful again
3:50pm – Concluding Remarks
4:00pm – End of Program


Program (Please note: All times are in SGT)



2:00 pm –
2:05 pm


Dr. Clarisse Girot, FPF Asia Director

2:05 pm –
2:15 pm

Opening Remarks

Yeong Zee Kin, Assistant Chief Executive, IMDA, and Deputy Commissioner, PDPC, Singapore

2:15 pm –
3:00 pm

Panel 1

Switching from a consent-centric approach to privacy accountability: a comparative view of APAC data protection laws

An agreement is forming across jurisdictions that modern data protection laws should shift the onus of data protection from users to organizations, by promoting an accountability-based approach to data protection over a consent-centric, tick-the-box approach to data protection. This can take the form of recognizing the concepts of ‘legitimate interests’ in the law, recognizing the principles of Privacy by Design, and related accountability mechanisms such as Data Protection Impact Assessments. But how do these concepts work in practice? Can they translate into Asian data protection frameworks, what are the obstacles to their adoption, and how can lessons learnt from countries like Singapore, Australia, Japan, or the EU, support this trend?

This panel will be composed of experts from different APAC jurisdictions who will combine their experiences to help identify commonalities and pathways for interoperability between Asian data protection frameworks.


Yeong Zee Kin, Assistant Chief Executive, IMDA, and Deputy Commissioner, PDPC, Singapore

– Prof Peter Leonard, Principal and Director at Data Synergies, Sydney
– Takeshige Sugimoto, Managing Director at S&K Brussels, Tokyo
– Shinto Nugroho, Chief Public Policy and Government Relations at Gojek
– Marcus Bartley-Johns, Asia Regional Director, Government Affairs and Public Policy at Microsoft,

3:00 pm –
3:45 pm

Panel 2

Shaping choices in the digital world: how consent can become meaningful again

‘Consent fatigue’, ‘illusion of control’, ‘privacy apathy’… the flaws of the consent model to adequately
protect privacy and data are well-known, especially in Asia where related requirements are ubiquitous and
conflicting. But is consent really dead? Digital technology can be leveraged to enhance transparency and prevent user manipulation. Can they make consent meaningful again? How could regulators support user
empowerment through design and technology?

This panel will be composed of experts from different regions who will give a varied perspective on the utility of consent, the theme of user manipulation and deceptive design, and the influence of ux/ui design on user empowerment.


Rajesh Sreenivasan, Head, Technology Media and Telecoms Law Practice, Rajah & Tann Singapore LLP

– Anna Johnston, Principal, Salinger Privacy
– Malavika Raghavan, Visiting Faculty, Daksha Fellowship and FPF Senior Fellow for India
– Rob van Eijk, FPF Europe Managing Director                  – Edward Booty, Founder and CEO of reach52

3:50 pm –
4:00 pm

Concluding remarks

Commissioner Raymond Liboro, National Privacy Commissioner of Philippines and co-Chair of the ASEAN Data Protection Forum


Marcus Bartley-Johns

Asia Regional Director, Government Affairs and Public Policy, Microsoft, Singapore

Marcus is Asia Regional Director for Government Affairs and Public Policy for Microsoft. He works with Microsoft’s teams and the company’s stakeholders across the region to advance public policies for trusted, responsible and inclusive digital transformation. This encompasses a wide range of issues at the intersection of technology and society, including the responsible use of artificial intelligence; privacy and data protection; cybersecurity and digital diplomacy; skills and the future of work; and the digital transformation of industries like financial services.   

Prior to joining Microsoft, Marcus worked in public policy and economic development with the World Bank and the Australian Department of Foreign Affairs and Trade. At the World Bank, he worked with  governments on trade and digital economy policy reform projects in Asia, as well as co-leading the team that produced World Bank flagship reports on the digital economy in Southeast Asia, and on global trade and poverty. He represented the World Bank at the G20, WTO, and OECD. As an Australian diplomat, Marcus had assignments in Geneva at the World Trade Organisation and United Nations, and in Bangkok working on regional economic cooperation in ASEAN.   

Edward Booty

Founder and CEO, reach52

Edward is the founder and CEO of reach52: a healthtech social enterprise building community-driven healthcare service model (and supporting technology platforms) to deliver healthcare services in low- and middle-income countries (currently across the Philippines, India, Cambodia, Indonesia, and Kenya). Their platform builds a network of agents to use their tech to collect data on health needs, run targeted health services, and order/distribute affordable private-sector products – integrating public and private sector. In 2018 reach52 was part of the first “Facebook Accelerator – Singapore”, a unique startup program by Facebook and IMDA Singapore that helps startups to grow and develop better ways of working with data. reach52 was named by Facebook, IMDA, and Rainmaking Innovation as a success story and one of the top 10 data-driven startups in Asia.

Edward has worked extensively in digital healthcare, patient and market access, insurance and health financing, business model innovation, and building multisectoral partnerships, and creating new service delivery approaches across developed health economies in Europe, and now Asian emerging markets. Prior to founding reach52, he worked for the UK National Health Service (NHS) and one of the world’s largest consulting and tech organizations, Capgemini, and is a graduate from the London School of Economics.

Clarisse Girot

Director for Asia Pacific, Future of Privacy Forum

Dr Clarisse Girot serves as the Future of Privacy Forum’s Director for Asia Pacific. Based in  Singapore, Clarisse is responsible for developing and implementing FPF’s strategy in the world’s biggest and most populated region. FPF Asia works with stakeholders in industry, government, academia, and civil society, to advance principled data practices in support of emerging technologies, with the shared concern to be responsive to local needs and interests and to maintain FPF’s neutrality in any discourse.

Prior to joining FPF, Clarisse was Senior Fellow (since January 2017) at the Asian Business Law Institute (ABLI), a neutral legal think tank chaired by Chief Justice Menon of the Supreme Court of Singapore. At ABLI, she was the leader of a project to promote the convergence of data protection laws and regulations and cross-border data flows in Asia, working with a unique network of stakeholders from industry, legal practice, think tanks, regulators, governments, spanning over 15 APAC jurisdictions. Clarisse is an independent expert, often consulted by supranational organizations and bodies such as the Forum of Asia-Pacific Privacy Authorities (APPA), ASEAN, OECD, WEF, World Bank, UNCTAD, UNDP, or the European Commission. In July 2021, ABLI and FPF signed a collaboration agreement to perpetuate this work of regional convergence, for which Clarisse is specifically responsible.

Anna Johnston

Principal, Salinger Privacy

Anna Johnston is the founder and Principal of Salinger Privacy based in Sydney, Australia. Salinger Privacy provides advice on managing privacy risks to clients including tech start-ups, established businesses and government agencies; and offers training and privacy compliance resources to the Australian market and beyond. 

Anna has previously served as Deputy Privacy Commissioner for NSW, Chair of the Australian Privacy Foundation, and an advisor on privacy to the Australian Law Reform Commission.  Anna holds a first class honours degree in Law and a Masters of Public Policy with honours, as well as a Bachelor of Arts.  She loves to write, speak, tweet and blog on all things privacy law and practice.

Prof. Peter Leonard

Principal and Director, Data Synergies, Sydney

Peter Leonard is a data and technology consultant and business lawyer advising data-driven businesses and government agencies. 

Peter is principal of Data Synergies and a Professor of Practice at UNSW Business School (Information Systems and Technology Management, and Management and Governance). Peter chairs the NSW Law Society’s Privacy and Data Committee. He also serves on the NSW Government’s  AI Advisory Committee, tasked “to guide and provide strategic oversight for the use of AI in government”, and the NSW Information and Privacy Advisory Committee, tasked “to provide the government with information, advice, assistance and training to deliver world-leading information and privacy management practices”.

Commissioner Raymond Liboro

National Privacy Commissioner of Philippines and co-Chair of the ASEAN Data Protection Forum , ASEAN Data Protection Forum

Privacy Commissioner Raymund Liboro is a seasoned ICT convergence and communications and public administration professional. He served as the former assistant secretary of the Department of Science and Technology for Climate Change Adaptation and Disaster Risk Reduction and was concurrently the OIC director of the Science and Technology Information Institute, the country’s leading Science and Technology Institute.

Having been appointed as the country’s first Privacy Commissioner in 2016, he fast tracked data protection policy development in the country with the issuance of the Data Privacy Act’s Implementing Rules and significant policy circulars within the first year of NPC’s establishment – effectively working for the country’s data privacy and protection rules to be part with global data protection regulations. 

In 2018, he put the country on the world stage by earning the Philippines a voting seat on the exclusive 5-member executive committee of the International Conference of Data  Protection  and  Privacy  Commissioner  or  the  ICDPPC.  The  ICDPPC  later renamed  the  Global  Privacy  Assembly  is  the  worldwide  body  on  data  privacy composed  of  134  member-jurisdictions.  The  Philippines’  earned  the  distinction  of becoming the first Asian country to be elected to the prestigious body. In 2019, he chaired the first ASEAN Data Protection and Privacy Forum and became the host-chair of the Asia Pacific Privacy Authorities Forum or the APPA. 

In  April  2020,  this  year,  Commissioner  Liboro  was  chosen  to  lead,  and  Chair  the Global  Privacy  Assembly’s  COVID-19  Taskforce  intended  to  create  a  venue  for collaboration  among  jurisdictions  and  organizations  and  address  the  emerging privacy issues posed by the spread of the COVID-19 virus worldwide. This year, he continues his work as Chair of the new Working Group. 

Recently,  Privacy  Commissioner  Liboro  attended  the  Harvard  Kennedy  School Executive Education Program for Digital Transformation.

Shinto Nugroho

Chief Public Policy and Government Relations, Gojek

Shinto joined Gojek in 2018 as its Chief of Public Policy and Government Relations. In her current role, she leads all of Gojek’s work related to policy and engagement with government stakeholders. A seasoned industry expert, Shinto has over 15 years of experience as a lawyer and public policy specialist. Prior to Gojek, she worked at Google Indonesia, focusing on public policy issues. Before joining Google, she was the Special Assistant of the Trade Minister of Indonesia, and also worked for the International Finance Corporation and the World Bank in the earlier years of her career.

Shinto obtained her Bachelor of Law and Bachelor of Arts degrees from the University of Indonesia, and her Masters degrees from Columbia Law School and the London School of Economics and Political Science. She was chosen as one of the female leaders to represent Indonesia in the New Asia Summit in New Delhi in 2013 and was named as one of Asia 21’s Young Leaders in 2012.

Malavika Raghavan

Senior Fellow for India, Future of Privacy Forum

Malavika Raghavan is a lawyer working on interdisciplinary research in India, focusing on the impacts of digitization on the lives of lower-income individuals. Her work since 2016 has focused on the regulation and use of personal data in service delivery by the Indian State and private sector actors, often enabled by expansive State-supported technical and regulatory architectures. Malavika founded and led the Future of Finance Initiative for Dvara Research (an Indian think tank) in partnership with the Gates Foundation from 2016 until 2020, anchoring its research agenda and policy advocacy on emerging issues at the intersection of technology, finance, and inclusion.

Malavika’s previous experience includes several years with the global law firm Allen & Overy LLP in London (during which time she was seconded to the Financial Markets Law Committee established by the Bank of England) as well as stints with social impact investors Acumen and Big Society Capital. She was a 2018 fellow of the Chevening Financial Services Fellowship at King’s College London, and a 2016 fellow of the On Purpose social enterprise leadership program. Malavika holds an MPhil in Public Policy from the University of Cambridge and a B.A., LL.B.(Hons) degree from the National Academy of Legal Studies and Research (NALSAR), Hyderabad.

Rajesh Sreenivasan

Head, Technology Media and Telecoms Law Practice, Rajah & Tann Singapore LLP

Rajesh Sreenivasan heads the TMT Practice at Rajah & Tann and has been advising clients on legal, regulatory and policy matters relating to technology, cybersecurity, data protection, telecommunications, electronic commerce, cloud computing, digital forensics and digital media for over twenty years. As a legal tech industry thought leader, Rajesh is also the Co-Founder and Director of Rajah & Tann Technologies Pte Ltd and Rajah & Tann Cybersecurity Pte Ltd.

His clients include financial institutions, state governments, multinational corporations in the telecoms, computer hardware and software sectors, government linked companies and statutory boards. On the regional front, Rajesh has been engaged by the ASEAN Secretariat to facilitate a pan-ASEAN forum on legislative and regulatory reforms to collectively address convergence of IT, telecoms and broadcasting across all 10 member countries, and by the Commonwealth Secretariat to co-lead an e-government capacity building exercise involving all member Caribbean nations.

Takeshige Sugimoto

Managing Director, S&K Brussels LPC, Tokyo

Mr. Sugimoto specializes in US, EU and Japanese data protection regulations, and his main areas of practice are: the EU General Data Protection Regulation (GDPR), EU e-Privacy Rules, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), US federal data privacy law, Japan’s Act on the Protection of Personal Information, global data protection compliance and EU competition law.  He is qualified to practice law in Japan and New York, and is a member of the Brussels Bar Association (B-List).

His recent representations include his firm’s successful representation of a couple of Japanese companies in having secured approvals of both EU Controller Binding Corporate Rules (Controller BCRs) and EU Processor Binding Corporate Rules (Processor BCRs) from European data protection authorities such as Spanish Data Protection Authority (Agencia Española de Protección de Datos (AEPD)) and the Supervisory Authority of North Rhine-Westphalia (Germany) (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen) following European Data Protection Board’s Opinions on each of the draft decisions of such European data protection authorities. He also serves as a Director of the Japan DPO Association.

Yeong Zee Kin

Assistant Chief Executive (Data Innovation and Protection Group) and Deputy Commissioner, Infocomm Media Development Authority of Singapore (IMDA) and Personal Data Protection Commission (PDPC)

As Assistant Chief Executive (Data Innovation and Protection Group), Zee Kin oversees IMDA’s AI and Data Industry development strategy with the key responsibility in developing forward-thinking governance on AI and data in Singapore. He also spearheaded the development of Singapore’s Model AI Governance Framework, which won the UNITU WSIS Prize in 2019. He is currently a member of the OECD Network of Experts on AI (ONE AI), and was a member of the AI Group of Experts at the OECD (AIGO) which developed the OECD Principles on AI.

In his capacity as Deputy Commissioner of PDPC, Zee Kin oversees the development, administration and enforcement of the Personal Data Protection Act (2012). His key responsibilities include managing the formulation and implementation of policies relating to the protection of personal data, as well as the issuing of enforcement directions for organisational actions. As a well-regarded expert on data privacy issues, he has spearheaded various public and sector-specific activities to raise awareness and compliance in data protection, and is currently participating as an expert in the Global Partnership on AI (GPAI)’s Data Governance Working Group, which addresses data protection issues at the intersection of AI development and deployment.

Rob van Eijk

Managing Director for Europe, Future of Privacy Forum

Dr. Rob van Eijk serves as the Future of Privacy Forum’s Managing Director for Europe. In this role, van Eijk implements FPF’s agenda in Europe, overseeing its day-to-day operations, and manages relationships with stakeholders in the industry, government, academia, and civil society.

Prior to serving in this position, van Eijk worked at the Dutch Data Protection Authority (DPA) as Senior Supervision Officer and Technologist for nearly 10 years. He represented the Dutch DPA in international meetings such as the Technology Expertgroup of the European Data Protection Board (EDPB) and as a technical expert in court. He also represented the European Data Protection Authorities, assembled as the Article 29 Working Party, in the multi-stakeholder negotiations of the World Wide Web Consortium on Do Not Track.

Van Eijk is a technologist with an M.Sc. from the Leiden Institute of Advanced Computer Science, Leiden University, and a Ph.D. from Leiden Law School, Leiden University, focusing on online advertising (real-time bidding).