Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The DraftContinue Reading Indonesia: prepare now for the new Personal Data Protection Law
Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.
Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering…Continue Reading We’re now seamlessly global. Here’s what to expect.
Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger
The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.
This judgment comes in the context of…Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approach
Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza
Start preparing now to comply with India’s new data protection law. While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be…Continue Reading India: New Digital Personal Data Protection Act, Start Planning Now.
Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).
The Draft Measures…Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activities
To add to the compliance burden, new mandatory, periodic and detailed data protection compliance audits have now been proposed in China, with measures beyond the usual governance/compliance audit compliance steps expected under other data protection frameworks, and a duty to report the audit results to the China data authorities.
On 3 August 2023, the Cyberspace…Continue Reading CHINA: new mandatory data protection compliance audits proposed
Authors: Carolyn Bigg and Amanda Ge
Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and…Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insights
Authors: Carolyn Bigg, Amanda Ge and Venus Cheung
On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.
The Draft…Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industry
On 18 July 2023, Singapore’s Personal Data Protection Commission (“PDPC”) issued for public consultation a set of proposed guidelines for the use of personal data in AI recommendation and decision systems (“Proposed Guidelines”). The public consultation is open until 31 August…Continue Reading SINGAPORE: Proposed Guidelines on Use of Personal Data in AI Systems
CJEU’s landmark decision in Meta vs Bundeskartellamt allows GDPR scrutiny through antitrust regulators and imposes strict limitations on the personalised use of consumers’ personal data by social media platforms
By Verena Grentzenberg, Philipp Schmechel, Dr. Jonas Kranz
On 4 July 2023, the European Court of Justice (“CJEU”) delivered its judgment in Meta vs…Continue Reading EU: CJEU’s landmark decision in Meta vs Bundeskartellamt
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-US Data Privacy Framework (DPF). The DPF replaces the Privacy Shield Framework (Privacy Shield) which was invalidated by the Schrems II decision of…Continue Reading European Commission adopts new adequacy decision for EU-US data flows