The first source of the dilemma is the widely-shared desire and demand for better protection of privacy in countries of the Asia Pacific. The Asia-Pacific region is the world's most advanced region in the use of information technology outside of Western Europe, with many countries and regional areas across all parts of the Asia Pacific being regarded as technologically advanced. Better privacy protection is valued both as an important element of protection of human rights in a democratic society, and as necessary to provide confidence in consumers, citizens and businesses for the development of electronic commerce and the electronic delivery of government services.
The second source of the dilemma is the European Union privacy Directive: all member countries of the European Union must restrict the export of personal data to countries that do not provide privacy protection that is up to European standards, at least from October 1998 for those that have not already done so, and the restrictions are much tougher than in previous European laws. Other European countries outside the EU are increasingly follow suit, as the whole of Europe embraces privacy laws. Any non-European countries that wish to have unimpeded flows of personal information from Europe must also restrict their exports of personal information to countries which do not provide adequate privacy protection, and jurisdictions in the Asia-Pacific such as Québec, Hong Kong and Taiwan have already done so, with others likely to follow. The `knock-on' effect of the EU's privacy Directive of 1995 is already restricting the flow of personal information around the world, and this could in the near future start to impede the development of electronic commerce, electronic delivery of government services, and other desirable flows of personal information into and within the region.
The dilemma for each country in the region is how to find the best way to satisfy all of these needs, from the range of options available, including various types of national privacy laws, international agreements on privacy, encouragement of industry self regulation, development of technical `standards' of the ISO type, and encouragement of privacy-enhancing technologies and standards such as encryption and the Platform for Privacy Preferences (P3P). The challenge is to find the best mix of these possible solutions, one that both protects privacy without unduly restricting business and government, and also satisfies the reasonable demands of states in Europe and in the region that personal information on their citizens is not abused when it is exported.