Over the last decade, the EU has launched an unprecedented constellation of laws: GDPR, the AI Act, the Data Act, NIS2, the Cyber Resilience Act, DORA, DSA, DMA, eIDAS 2.0 and more. Together – under the ‘Digital Decade’ banner – they aim to form a powerful framework to protect fundamental rights, promote trustworthy technology and

Continue Reading EU: Digital Autofocus – Will Europe’s Digital Omnibus bring clarity to Regulation? 

The Dutch Data Protection Authority (“AP“) has imposed a fine of €2.7 million on Experian Nederland B.V. (“Experian“) for breaches the General Data Protection Regulation (“GDPR“).

This fine comes after Experian filed an objection against the AP’s initial decision and imposition of a fine in December 2023 (the value of

Continue Reading Dutch DPA fines Experian €2.7m for breaches of the GDPR

On 28 October 2025, China passed amendments to the Cybersecurity Law, marking the first update since its enactment in 2016. These amendments reflect China’s heightened focus on cybersecurity and AI governance and are scheduled to take effect on 1 January 2026.

Key Updates

The amendments primarily focus on the law’s enforcement provisions. Key updates include:

Continue Reading CHINA: Amendments to Cybersecurity Law Effective 1 January 2026

The Threat

Malware usage by adversaries has reportedly declined. Partly due to sophisticated detection methods commonly deployed by medium to large organisations.

Conversely, insider threats (cybersecurity risks originating from within an organisation) are increasing, posing complex and costly challenges for businesses. CrowdStrike’s 2025 Global Threat Report indicates that insider threat operations accounted for 40% of

Continue Reading Insider Threat: Client Considerations and Justifications

Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act. 

ACL was held to

Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident

Visible cyber fallout is everywhere. Impact to business operations (and therefore revenue) including halted production lines, emptied supermarket shelves, online payment unavailability, and patient backlogs have all brought cyber into the media and the boardroom at an alarming rate in the last year. Last week, the NCSC’s Annual Review 2025[1] showed impact climbing fast

Continue Reading UK: It’s time to act – the UK National Cyber Security Centre’s wake-up call for business leaders

Three years after its investigation commenced, the Office of the Australian Information Commissioner (OAIC) has found that retail giant Kmart Australia Limited (Kmart) breached the Privacy Act 1988 (Cth) (Privacy Act) through its use of facial recognition technology (FRT) in 28 retail stores between June 2020 and

Continue Reading Australia: Facial Recognition Technology Continues to Breach Australian Privacy Act

The Cyberspace Administration of China (“CAC“) has recently published the Administrative Measures for Network Security Incident Reporting (“Measures“), which provide further guidance on when and how to report network security incidents under existing laws such as the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. The Measures

Continue Reading CHINA: new stricter and 4-hour data breach reporting requirements for certain incidents

What is data scraping?

Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods.

Some businesses scrape data for internal purposes, such as generating leads, or to create products and services available for public use, such as price

Continue Reading Australia: Scraping the barrel – when data scraping breaches the Privacy Act