GSMA Supports World First in Asia-Pacific for Digital Innovation

• New ‘Regulatory Pilot Space’ to Stimulate Economic Activity from Cross Border Data Flows  

The GSMA recently called on businesses to come forward with details of services and applications that require the transfer of personal data across two or more ASEAN countries as they can fall under the remit of a newly adopted ‘Regulatory Pilot Space’ (RPS). The initiative will promote economic growth in the Asia-Pacific region from digital innovation by giving businesses the certainty that their handling of data across borders is judged secure and compliant with the ASEAN Framework on Personal Data Protection.

In a world-first, the RPS, which is similar to a ‘regulatory sandbox’, provides a safe test environment in which businesses can assess services without harming consumers’ data privacy or facing regulatory sanctions. The goal is to allow data to flow freely between the 10 ASEAN countries. This is a necessary pre-condition for innovative projects to become a reality, from the Internet of Things (IoT) tracking of services across border, and the development of cross border loyalty programmes to applications in the Cloud and 5G.

“This is a clear signal to the rest of the world that ASEAN is open to innovation,” said Emanuela Lecchi, Head of Public Policy, Asia-Pacific GSMA. “Through promoting cross border data flows, the APAC region is set to accelerate economic activity and drive the development of new technologies, platforms, services and infrastructure. This is the culmination of two years of successful collaboration at the ASEAN level, supported by the GSMA”.

“The Regulatory Pilot Space (RPS) will empower businesses to experiment with innovative products and services within a managed environment,” said Christian Wulff Søndergaard, SVP, Head of Group Public and Regulatory Affairs, Telenor Group. “We believe that this initiative will help to build trust with all stakeholders involved, including companies, for governments, and most importantly, for consumers.”

The RPS forms part of recent developments towards an ASEAN Cross-Border Data Flow Mechanism that was given the go-ahead at the 19th ASEAN Telecommunications and Information Technology Ministers (TELMIN) Meeting, held in Vientiane on 24 and 25 October.

In ASEAN, the requirements around the use of personal data vary greatly from country to country. Some countries already provide a range of lawful mechanisms to transfer personal data, but some do not. Other countries impose localisation (or data sovereignty) measures which can have the unintended consequence that even non-personal, non-sensitive anonymised data could be kept in-country – stifling innovation.

The RPS tackles these national differences by ensuring that the common set of data privacy principles that underpin the ASEAN Framework on Digital Data Governance can be applied to individual projects. In this way, the RPS also allows ASEAN member states to evaluate different ways to address security concerns without delaying the deployment of important projects. It gives businesses the option to modify their solutions before bringing them to market if they are deemed unacceptable by a regulator.