UK Extension
Following the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) (for further information see here), the UK Government has announced that from 12 October 2023, organisations in the UK can transfer personal data to US organisations certified to the “UK Extension to the EU-US Data Privacy Framework”
Continue Reading UK: EU-UK Data Privacy Framework Extension
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawDear subscriber,
Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.
Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering
Continue Reading We’re now seamlessly global. Here’s what to expect.Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger
The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.
This judgment comes in the context of
Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approachAuthors: Carolyn Bigg, Gwyneth To and Rachel De Souza
Start preparing now to comply with India’s new data protection law. While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be
Continue Reading India: New Digital Personal Data Protection Act, Start Planning Now.Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).
The Draft Measures
Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activitiesTo add to the compliance burden, new mandatory, periodic and detailed data protection compliance audits have now been proposed in China, with measures beyond the usual governance/compliance audit compliance steps expected under other data protection frameworks, and a duty to report the audit results to the China data authorities.
On 3 August 2023, the Cyberspace
Continue Reading CHINA: new mandatory data protection compliance audits proposedAuthors: Carolyn Bigg and Amanda Ge
Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and
Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insightsAuthors: Carolyn Bigg, Amanda Ge and Venus Cheung
On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.
The Draft
Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industryAuthors: Carolyn Bigg, Lauren Hurcombe and Yue Lin Lee.
On 18 July 2023, Singapore’s Personal Data Protection Commission (“PDPC”) issued for public consultation a set of proposed guidelines for the use of personal data in AI recommendation and decision systems (“Proposed Guidelines”). The public consultation is open until 31 August
Continue Reading SINGAPORE: Proposed Guidelines on Use of Personal Data in AI SystemsCJEU’s landmark decision in Meta vs Bundeskartellamt allows GDPR scrutiny through antitrust regulators and imposes strict limitations on the personalised use of consumers’ personal data by social media platforms
By Verena Grentzenberg, Philipp Schmechel, Dr. Jonas Kranz
On 4 July 2023, the European Court of Justice (“CJEU”) delivered its judgment in Meta vs
Continue Reading EU: CJEU’s landmark decision in Meta vs Bundeskartellamt
