2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.
In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and
Continue Reading CJEU Insight
Summary
A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope
Continue Reading Clearview AI -v- Information Commissioner
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawAuthors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger
The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.
This judgment comes in the context of
Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approachAuthors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To.
Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).
The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data
Continue Reading VIETNAM: First Personal Data Protection Decree passed – What you need to know
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To
China’s amended Anti-Espionage Law will take effect from 1 July 2023. However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks?
The new law broadens the scope of espionage activities,
Continue Reading CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond
Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer
In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data
Authors: Eleni Alexiou, Katharina Pauls
On 30 March 2023, the European Court of Justice (ECJ) ruled on the requirements for national legal bases regarding employee data protection in the context of a referral procedure. Based on its ruling, the German provision that gave rise to the referral procedure (Sec. 23 (1) sentence 1 of
Continue Reading Germany: ECJ ruling on employee data protection
Authors: James Clark, Coran Darling, Andrew Dyson, Gareth Stokes, Imran Syed & Rachel de Souza
In November 2021, the UK Government (“Government”) issued the National Artificial Intelligence (AI) Strategy, with the ambition of making the UK a global AI superpower over the next decade. The strategy promised a
Continue Reading A Pro-Innovation Approach: UK Government publishes white paper on the future of governance and regulation of artificial intelligence
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To
It’s now the time to focus on the steps that data controllers need to take to legitimize overseas processing of China personal information via the CAC certification route.
Background: While most PRC data controllers should have already identified whether to follow the
Continue Reading CHINA: CBDT routes now all clear – Draft guidelines for CAC Certification route published
