By Gail Crawford and Ksenia Koroleva

The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of an audiovisual service owner and regulates their activities, including imposing ownership restrictions.

The Notion of Audiovisual Service Owners

According to the Law, an audiovisual service owner is an owner of a website, a page of a website, an information system, and/or software (an Audiovisual Service):

  • Used for collating and providing access to audiovisual content
  • By paid subscription and/or funded by advertising
  • To users located in the territory of Russia
  • With more than 100,000 users a day (on average)

The following are not regarded an Audiovisual Service:

  • Information resources registered as online media in accordance with the Federal Law No. 2124-1 of December 27, 1991, on Mass Media (e.g., online media, TV-channels, TV/radio/video programs, etc.)
  • Search engines
  • Information resources which focus on hosting user-generated content under the criteria to be set by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications (Roscomnadzor) (e.g., YouTube, RuTube, Vimeo).

By Jennifer Archie, Gail Crawford, Serrin Turner, Hui Xu & Lex Kuo

The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have far-reaching implications for parties that utilize the internet and handle network data and personal information in the PRC.

What this means for China’s internet users

Both individuals and entities which access internet in the PRC will be subject to enhanced security requirements and new regulation relating to the use and transfer of personal data. Network operators, equipment suppliers, security solution providers and other market participants will need to comply with the sweeping new security requirements and national standards, which will come into effect on June 1, 2017.

By Chei-Liang Sin, Luke Grubb & Sally Murphy

The Personal Data Protection Commission (the Commission) was established in January 2013 to implement and enforce The Personal Data Protection Act 2012 (PDPA). The PDPA fully came into force on 2 July 2014. So far, the Commission has mainly used its investigation and enforcement powers to take action against organisations not adhering to the Do Not Call provisions of the PDPA. However, the Commission is also in the process of investigating

The Straits Times reported on 14 August that Singapore’s Personal Data Protection Commission (the “Commission”) is investigating a complaint from a user that Xiaomi has breached the Personal Data Protection Act 2012 (“PDPA”). This is believed to be the first investigation under the main PDPA rules unrelated to the Do Not Call registry which came into force on 2 July 2014. This investigation will be followed with interest as it may set the tone for how

Guest Blogger Jillian Chia from Skrine, Kuala Lumpur, Malaysia & Gail Crawford

With the Malaysian Personal Data Protection Act 2013 (“PDPA”) having come into force on 15 November 2013, Jillian Chia, Senior Associate at Skrine, provides an overview of the salient provisions in the Regulations and Orders.

She notes that that there is a grace period for compliance with the PDPA. where a data user has collected personal data before 15th November 2013. However, this appears

By Simon Berry and Carmen Guo

In recent weeks, many Hong Kong businesses have circulated emails to contacts in their customer databases, offering recipients the ability to “opt out” of future direct marketing. This is in response to the introduction of a new Part VI A (effective as of 1 April 2013) into Hong Kong’s Personal Data (Privacy) Ordinance (the “PDPO”). Under this Part VI A, companies are obliged to meet certain new requirements in respect of their use of

By Li Jie Han

On December 28, 2012, the Standing Committee of the National People’s Congress (“NPC”) of the People’s Republic of China adopted the Decision on Strengthening the Protection of Online Information (“Decision”). The Decision contains twelve (12) clauses, which are applicable to entities in both the public and private sectors in respect of the collection and processing of electronic personal information on the Internet.

The Decision sets forth a number of provisions specifically governing the activities of Internet

By Simon Berry and Daisy Shen

The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) came into operation on 1 October 2012, with the exception of those provisions relating to direct marketing and legal assistance which will take effect on a further date to be announced.

The Amendment Ordinance introduces various amendments to the Personal Data (Privacy) Ordinance, which was enacted in 1995 (Ordinance), and tightens the regulatory framework to improve the protection of personal data

The Office of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) recently announced the results of compliance checks on the collection of “cookies” by local banks in response to earlier media reports and a survey by the Hong Kong Monetary Authority (HKMA).

According to media reports from September 2010, some local banks in Hong Kong required their customers to accept cookies for use of Internet banking services without informing customers of the type of data to

By Simon Berry and Daisy Shen

Questions often arise about the scope of a data user’s obligations to respond to data subject access requests.  Hong Kong’s Privacy Commissioner for Personal Data offers some guidance in a recently issued Guidance Note (Guidance on Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users).

The Guidance Note addresses, among other matters/questions:

  • What constitutes a data access request (a “DAR”);
  • Steps for complying with a