Multi-lateral Recognition of PKI Certification Authorities in the Asian Region: Transborder Data Flow and Information Privacy Issues

Abstract

This article examines the feasibility of multi-lateral recognition of PKI certification authorities in the Asia region. It begins with a review of PKI technologies and the role of certification authorities. In the following sections, the notion of legal harmonisation of PKI certification authorities and issues in transborder data flow are explored by way of comparative analysis of Hong Kong, the PRC and Singapore. This examination compares and contrasts the legal recognition of PKI certification authorities in the relevant legislation as well as legislation relating to privacy, that is, the protection of personal data. It is argued throughout that any notion of multilateral legal recognition of PKI certification authorities should only be considered where a certain threshold has been met to harmonise the legal principles of PKI legislation, and where there is sufficient protection of personal data (privacy).published_or_final_versio