The Australian Government has today published a draft Bill outlining the next steps in Australia’s Privacy Act Review process. 

The changes to be implemented by the Privacy and Other Legislation Amendment Bill 2024 include the introduction of:

  • A statutory tort for serious invasions of privacy, which has previously been referred to as filling an “
Continue Reading Australia: Long awaited Australian privacy reform comes to fruition

Summary

In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative action under Article 80(2) GDPR.

Facts of the case

Meta Platforms Ireland Limited (“

Continue Reading Europe/Germany:  Right to bring collective action for violations of information obligations under GDPR

On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal data to leak to call center gangs without implementing adequate security measures as required by

Continue Reading THAILAND: First PDPA Enforcement in Thailand: A Landmark Case

While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of China sensitive personal information, which is increasingly important in light of new cross-border data transfer

Continue Reading China: Important new guidance on defining sensitive personal information

On 1 July 2024, Australia’s spam regulator, the Australian Communications and Media Authority (AMCA), released a Statement of Expectations setting out its requirements for customer consent in the context of direct marketing.

The ACMA has consistently demonstrated a clear intolerance for breaches of the spam requirements, penalising business with over AUD 15 million

Continue Reading Australia’s e-marketing expectations: When customers don’t give a spam

The Federal Trade Commission (FTC) reiterated its long-held view that hashing or pseudonymizing identifiers does not render data anonymous, in a post to its Technology Blog on July 24, 2024.

In the rather strongly worded post, while acknowledging that hashing and pseudonymizing data has the benefit of obscuring the underlying personal data, the FTC

Continue Reading FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable Data

In the UK, there is currently heightened regulatory scrutiny and increased public interest in children’s data protection and online harm, with a raft of new guidance and regulation from both the ICO and Ofcom, the chief regulator of the Online Safety Act, in relation to children’s safety online. 

Since the introduction of the ICO’s Children’s

Continue Reading UK: ICO and Ofcom approach to regulation of online services

The next steps in Australia’s long bubbling reform of the privacy regime has been announced, with draft legislation expected to be tabled by August 2024. The reform is being presented as part of the Federal Government’s efforts to improve online safety, particularly for women, but it’s not clear how broad its remit will be at

Continue Reading Australia: Privacy Act Updates Expected in August 2024

On April 4, 2024, Kentucky Governor Andy Beshear signed House Bill 15, an act related to Kentucky consumer data privacy (“KCDPA”). Kentucky now joins the expanding list of states with comprehensive state privacy legislation, with the KCDPA set to take effect January 1, 2026.

Scope

The KCDPA applies to entities conducting business in Kentucky

Continue Reading US: Kentucky Legislature Passes Comprehensive State Privacy Law