Any privacy professionals, current or aspiring ones, looking for a complete authority on Asian privacy laws? Look no further: Asian Data Privacy Laws: Trade and Human Rights Perspectives by Graham Greenleaf provides explanations for what you need to understand about Asian privacy laws plus everything you never knew you wanted to know. Lest I get too far in this review before you bemoan how quickly such an authority may become outdated, Greenleaf provides periodic updates online.

An authority of this nature is quite massive for an author to undertake and nearly equally as daunting to absorb as a reader. Greenleaf does an exceptional job in presenting the material in a manner that can be grasped relatively easily. Although, for those uninitiated in data privacy, the information may be overwhelming.

Greenleaf presents the information in three main sections, detailed helpfully in a thorough table of contents along with reference material provided upfront, e.g., tables of both cases and legislation. The figures and tables that Greenleaf sprinkles throughout the book, albeit not too frequently, are excellent. When I first picked up the book, I perused the table of contents and noticed the list of figures and tables. I admit, I went to those before I read anything else.

Part I presents the environment in which data privacy laws exist in Asia. Greenleaf first discusses the context and history, followed by the international standards that affect Asian privacy laws. This is not easy reading. This book, written by a law professor, brought back memories of law school and complex law tomes. The saving grace is that it is really good knowledge. If you have already been involved in the Asian privacy regime, then this book provides the holistic frame of reference that you may have been missing. If you have not had the pleasure of working with privacy in Asia, then you will still find at least the first part to be educational and intellectually riveting, especially when you reach the last part of the first section where Greenleaf explains the standards by which to assess a country’s data protection laws.

The middle and largest section is the encyclopedic portion of the book. Greenleaf categorizes, discusses, critiques and explores the laws and rationale of 28 Asian nations, plus a little on North Korea. Logically, there is more information on some, like Hong Kong and Malaysia, than there is on others, such as Cambodia and Sri Lanka. This is the section to liberally use highlighters and notes-markers.

Last, Part III gets into the true substance of understanding Asian privacy laws. Greenleaf first engages in quite an interesting round of comparisons: sources or protection, scope, principles, liabilities and international dimensions. He then assesses privacy law enforcement in Asia. This is quite the compelling read given that most privacy professionals must, by necessity, take a risk-based approach to prioritization. Finally, Greenleaf offers his analysis of Asia’s future prospects and concludes with cautious optimism about the future of privacy in Asia. He writes,

"In Asia, data privacy laws, or in some cases their enforcement, have not yet caught up with surveillance technologies and practices, but they are necessary, even though (as everywhere) they need to be supplemented with other modes of regulation. There are grounds for optimism, but not overconfidence, that in future they will restore a better balance between the human right of privacy and other interests."

Even for privacy professionals, this is not a book to keep on the nightstand for light reading. It is, however, one that should be in their readily accessible library. I recommend that anyone working in global privacy should have this book, and read it in its entirety—just perhaps slowly and in digestible bites to savor the knowledge and organically fuse it into one’s current knowledge of global privacy laws.