“Important data” is a concept unique to China law. It refers to data relating to specific topics, groups, or regions, or data that reaches a certain level of precision and scale, the tampering, destruction, leakage or illegal acquisition or use of which may directly jeopardize national security, economic operations, social stability, public health or safety.

Continue Reading CHINA: China’s Free Trade Zone Negative Lists – Early Signal of How “Important Data” May Be Defined

For years, China’s cross-border data transfer regime was long on rules but short on consequences. Companies—both foreign and domestic—were given a relatively extended period to understand the requirements, formulate suitable strategies, and implement compliance measures. Recent enforcement actions led by the Cyberspace Administration of China (CAC), the country’s data regulator, suggest that the education phase

Continue Reading CHINA: China’s Data Regulator Means Business – The Education Phase Is Over

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) and Monash IVF Pty Ltd (Monash IVF), finding both entities interfered with individuals’ privacy via the use of website tracking pixels.

In the absence of an express regulatory

Continue Reading Australia: Pixel Perfect – The regulator addresses use of tracking pixels

A proposed common template for personal data breach notifications recently published by the European Data Protection Board (“EDPB“) for consultation has the potential to assist organisations in streamlining personal data breach reporting across the EU while also raising additional complexity and challenges for businesses.

In line with the EDPB’s Helsinki Statement on enhanced

Continue Reading EU: EDPB common template for breach notifications – welcome alignment or further complexity?

The Data (Use and Access) Act 2025 (“DUAA“), introduces a new statutory requirement for all controllers, with no exceptions, to implement a formal process to handle data protection complaints by 19 June 2026.

Key changes

The DUAA received Royal Assent on 19 June 2025 and introduces a number of amendments to the UK’s data

Continue Reading UK: New complaints handling rules under DUAA take effect on 19 June 2026 – are you ready?

The protection of children online, including the safeguarding of their personal data, has emerged as a key regulatory focus in the UK, with the Government facing sustained pressure to address concerns about children’s safety online.[1] Recent developments have added further momentum – in particular, Australia’s recent prohibition on social media use by under-16s has

Continue Reading UK: Protecting Children Online – A Changing Regulatory Landscape

The UK Government’s legislative agenda, set out in the King’s Speech on 13 May 2026, places cybersecurity and digital resilience firmly at the centre of national policy. Against a backdrop of increasing geopolitical instability and rapidly evolving technological risks, the proposed measures continue the shift towards a more interventionist and systemic approach to safeguarding the

Continue Reading UK: The King’s Speech 2026 – Cybersecurity at the Forefront

The SECURE Data Act 2026 and GUARD Financial Data Act were introduced on April 22, 2026. This legislation would impose major data restrictions and requirements across the U.S. economy. The bill would give the U.S. Department of Commerce and the Federal Trade Commission (FTC) expanded powers to oversee data collection and use.

The SECURE Data

Continue Reading U.S.: Comprehensive Federal Privacy Legislation Introduced

On April 7, 2026, the Alabama legislature unanimously passed House Bill 351, the Alabama Personal Data Protection Act. The bill cleared the House 104-0 and the Senate 34-0, making Alabama the 21st state to enact a comprehensive consumer privacy statute. If signed by Governor Kay Ivey, the law will take effect on May 1

Continue Reading U.S.: Alabama Becomes 21st State to Enact Comprehensive Privacy Law

Organisations are increasingly turning to AI-enabled tools throughout the recruitment lifecycle, from CV filtering and suitability scoring to online assessments and behavioural analysis. These tools can offer real advantages, including faster hiring processes and the potential to reduce human bias that inevitably exists in traditional recruitment. However, their use often creates a tension with data

Continue Reading UK: ICO Report on Automated Decision-Making in Recruitment