General Data Protection Regulation

Subscribe to General Data Protection Regulation via RSS

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To

China’s amended Anti-Espionage Law will take effect from 1 July 2023. However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks?

The new law broadens the scope of espionage activities,
Continue Reading CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer

In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Authors: Eleni Alexiou, Katharina Pauls

On 30 March 2023, the European Court of Justice (ECJ) ruled on the requirements for national legal bases regarding employee data protection in the context of a referral procedure. Based on its ruling, the German provision that gave rise to the referral procedure (Sec. 23 (1) sentence 1 of
Continue Reading Germany: ECJ ruling on employee data protection

Authors: James Clark, Coran Darling, Andrew Dyson, Gareth Stokes, Imran Syed & Rachel de Souza

In November 2021, the UK Government (“Government”) issued the National Artificial Intelligence (AI) Strategy, with the ambition of making the UK a global AI superpower over the next decade. The strategy promised a
Continue Reading A Pro-Innovation Approach: UK Government publishes white paper on the future of governance and regulation of artificial intelligence

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To

It’s now the time to focus on the steps that data controllers need to take to legitimize overseas processing of China personal information via the CAC certification route.

Background: While most PRC data controllers should have already identified whether to follow the
Continue Reading CHINA: CBDT routes now all clear – Draft guidelines for CAC Certification route published

Authors: Denise Lebeau-Marianna, Divya Shanmugathas and Lucie Dubecq-Princeteau

On 15 March 2023, the French Supervisory Authority (the “CNIL”) unveiled in a post its four key priorities regarding its upcoming investigations for 2023 targeting specific sectors (I), to which it added another topic related to DPO in line with the coordinated enforcement framework of

Continue Reading France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

Authors: Andreas Rüdiger, Philipp Adelberg

 On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR

Authors: Carolyn Bigg, Yue Lin Lee and Daisy Wong

Singapore’s Personal Data Protection Commission (“PDPC”) has issued its first decision on the Legitimate Interests Exception under the PDPA.

While the PDPA remains largely a consent-based regime, the Legitimate Interests Exception is one of the exceptions from consent available under the PDPA.

This RedMart
Continue Reading SINGAPORE: First decision on the Legitimate Interest Exception under the Personal Data Protection Act (PDPA) issued

Authors: Andreas Rüdiger, Philipp Adelberg

The debate on transatlantic data transfers, a possible adequacy decision for the US and the EU-US Data Privacy Framework (“DPF“) is gaining new momentum. On 14 February 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs published its draft motion for a resolution regarding
Continue Reading EU – US adequacy decision: Update

Authors: Sarah Birkett, Nicholas Boyle

The Australian Attorney-General has published the (long-awaited) results of the Privacy Act review.

The report recommends a number of changes to the Australian privacy framework, including various changes to Australia’s core privacy legislation, the Privacy Act 1988 (Cth).

The report does not represent official Government policy and there is
Continue Reading Australia Privacy Act review – a blueprint for change?