The Office of the Privacy Commissioner for Personal Data of Hong Kong summarised enforcement trends and plans to further amend the Personal Data (Privacy) Ordinance. By Kieran Donovan and Jacqueline Van On 9 November 2022, the Office of the Privacy Commissioner for Personal Data of Hong Kong (Commissioner) published its annual report titled “A New … Continue Reading
Amended data privacy legislation enabled Hong Kong courts to convict doxxing offences, though their ability to enforce cessation notices remains unclear. By Kieran Donovan and Jacqueline Van In October 2021, Hong Kong amended its data privacy law, the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), to criminalise “doxxing” (generally defined as publicly providing personally identifiable … Continue Reading
The amendment proposes business-friendly changes regarding data localization and legitimate interests. By Brian Meenagh and Lucy Tucker On November 20, 2022, the Saudi Data and AI Authority (SDAIA) published an amended version of the Kingdom of Saudi Arabia’s (KSA or the Kingdom) Personal Data Protection Law (PDPL) for consultation (the Amended Draft). The Amended Draft … Continue Reading
Businesses will need to take additional steps to ensure compliance as exemptions under the California Consumer Privacy Act expire at the end of 2022. By Robert Blamires, Michael H. Rubin, Robert W. Brown, and Jennifer Howes The California legislature adjourned its 2022 session without extending the exemptions under the California Consumer Privacy Act (CCPA) for … Continue Reading
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK government introduced the Data Protection and Digital Information Bill (the Bill) to Parliament on 18 July 2022, following the publication … Continue Reading
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current UK data protection regime (consisting primarily of the UK … Continue Reading
UK government sets out ambitious proposal for reforming the UK data protection landscape. By Gail E. Crawford, Ian Felstead, Fiona M. Maclean, Irina Vasile, Timothy Neo, and Amy Smyth On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new direction” (the Consultation), setting out … Continue Reading
The Advocate General argues that organisations should provide individuals with information on the specific recipients of their personal data. By Tim Wybitul, James Lloyd, Isabelle Brams, Irina Vasile, and Amy Smyth Advocate General Giovanni Pitruzzella (AG) of the Court of Justice of the European Union (CJEU) recently delivered an opinion (the Opinion) regarding the interpretation … Continue Reading
Under the new rules Chinese NPOs holding more than 1 million individuals’ personal information must apply for a cybersecurity review prior to listing abroad. By Hui Xu, Kieran Donovan, and Bianca Lee On February 15, 2022, the Cybersecurity Review Measures (2021) (CRM 2021, unofficial English text available here) took effect. CRM 2021 was promulgated on … Continue Reading
Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements. By Brian A. Meenagh, Alexander Hendry, and Lucy Tucker The United Arab Emirates (UAE) has issued its first federal data protection law (Federal Decree Law No. 45/2021 on the Protection of Personal Data) (the Data … Continue Reading
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. By Christian F. McDermott, Myria Saarinen, Calum Docherty, Charlotte Guerin, Jiou (Alex) Park, and Amy Smyth The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts … Continue Reading
Following recent setbacks, the FTC seeks a foothold for monetary remedies in the online advertising space. By Jennifer C. Archie, Antony “Tony” Kim, Michael H. Rubin, and Marissa R. Boynton On October 13, 2021, the Federal Trade Commission (FTC) sent a Notice of Penalty Offenses Concerning Endorsements and Testimonials to more than 700 businesses (the … Continue Reading
The Data Security Law will enhance an increasingly comprehensive legal framework for information and data security in the PRC. By Hui Xu and Kieran Donovan On June 10, 2021, the Standing Committee of China’s National People’s Congress passed the Data Security Law (DSL), which will come into effect on September 1, 2021. The primary purpose of … Continue Reading
Online retailers storing credit card data for the sole purpose of facilitating further purchases will likely need to obtain consumer consent. By Christian F. McDermott, Calum Docherty, and Victoria Wan Online shopping has boomed in recent years. In 2020, the European statistics agency Eurostat estimated that 7 out of 10 internet users made online purchases … Continue Reading
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. By Gail Crawford, Fiona Maclean, Danielle van der Merwe, and Amy Smyth On 4 June 2021, the European Commission released its much-anticipated final Implementing Decision containing the new standard contractual clauses … Continue Reading
The new legislation extends both the protections available to consumers, as well as the obligations applicable to e-commerce retailers. By Brian A. Meenagh and Avinash Balendran With its recent implementation of a new consumer protection law, the United Arab Emirates has taken a significant step forward in protecting the rights of consumers. The new legislation … Continue Reading
The Act represents an accelerating trend among US states to attempt to pass comprehensive privacy legislation in the wake of the CCPA. By Jennifer C. Archie, Michael H. Rubin, Marissa R. Boynton, and Alexander L. Stout On March 2, 2021, Virginia Governor Ralph Northam signed comprehensive state privacy legislation titled the Consumer Data Protection Act … Continue Reading
Amendments to the PDPA significantly change Singapore’s data protection landscape, including mandatory data breach notification and criminal offences for mishandling of personal data. By Farhana Sharmeen, Esther Franks, and Gen Huong Tan On 1 February 2021, certain sections of the Personal Data Protection (Amendment) Act 2020 (the Act) took effect, implementing the following changes to … Continue Reading
Slaughter discusses the FTC’s priorities under the new administration, including ed-tech, health apps, and racial equity. By Jennifer Archie, Michael Rubin, Marissa Boynton, and Jimmy Smith On February 10, 2021, in her first major speech as acting chair of the Federal Trade Commission (the Commission, or the FTC), Rebecca Slaughter discussed the Commission’s enforcement priorities under … Continue Reading
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes. By Gail Crawford, Fiona Maclean, and Amy Smyth The end of the Brexit transition period on 31 December 2020 will have several data protection consequences. The impact of one … Continue Reading
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan, and Amy Smyth On 12 November 2020, the European Commission (the Commission) published a draft implementing decision, annexing a draft set of updated standard contractual … Continue Reading
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan and Amy Smyth On 10 November, the European Data Protection Board (EDPB) released its much anticipated draft guidance on … Continue Reading
Swiss companies are advised to take additional measures when transferring personal data from Switzerland to the US. By Gail E. Crawford, Fiona M. Maclean, and Amy Smyth On 8 September 2020, the Swiss data protection authority, Adrian Lobsiger (the Federal Data Protection and Information Commissioner, FDPIC), concluded in his annual review that the Swiss-US Privacy … Continue Reading
Latham lawyers explain who the DIFC’s new law applies to and how it maps against the GDPR. By Brian A. Meenagh, Fiona M. Maclean, Alexander Hendry, and Avinash Balendran The Dubai International Financial Centre (DIFC) recently issued a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020 and … Continue Reading