The Cyberspace Administration of China (CAC) released an important Q&A on cross-border data transfer requirements and policies in early April, providing clarification on a number of issues of concern to companies in China. Key points include:
Data other than important data and personal data can flow freely across borders. The Q&A emphasizes that, in principle
Continue Reading China: CAC publishes official Q&As for cross-border data transfer regulation
This article was originally posted to our Market Edge blog.
By Era Anagnosti, Brent Bernell, Daniel Caprio, Steven Phillips, Andrew Serwin, and John Gevertz
On February 18, 2025, President Donald J. Trump signed an Executive Order (EO), entitled, “Restoring Democracy and Accountability in Government,” which asserts greater authority over
Continue Reading US: Executive Order on federal agencies
Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI“). While the proposed new law, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the“proposed legislation”), is still at an early stage
Continue Reading Hong Kong: A Practical Guide to the Proposed Critical Infrastructure Cybersecurity Legislation
On 18th July, the European Supervisory Authorities (“ESAs“) published the final versions of the second batch of their draft regulatory technical standards (RTS) and implementing technical standards (ITS), developed under the Digital Operational Resilience Act (DORA), as well as two sets of Guidelines.
Summary of draft
Continue Reading EU: European Supervisory Authorities issue second batch of technical standards under DORAThe UK has made several consequential amendments to its primary electronic surveillance law, the Investigatory Powers Act (“IPA”). These changes have the potential to impact the development of certain privacy-enhancing services by technology companies, whilst also widening the scope of the government’s access to certain electronic datasets. There is also the possibility of
Continue Reading UK: Changes to UK surveillance and communications law: the Investigatory Powers (Amendment) Act 2024.On 7 March 2024, the Court of Justice of the European Union (CJEU) issued its judgment in the Endemol Shine case (C-740/22), holding that the concept of ‘processing’ under the GDPR includes the oral disclosure of personal data.
In its judgment, the CJEU not only provided clarity on the definition of “processing”
Continue Reading EU: CJEU confirms oral disclosures are considered ‘processing’ under the GDPR
In the evolving legal landscape of data protection, several decisions by data protection regulators and courts across the EU and UK underscore the importance of proactive GDPR compliance from a contractual perspective. These issues are being scrutinised more closely in corporate due diligence transactions and by regulators in the event of a data breach or
Continue Reading EU and UK: The importance of data processing agreements
In good news, on 22 March 2024, the Cyberspace Administration of China (“CAC”) finalised long-awaited guidelines setting out exemptions to some of the more challenging cross-border data transfer (“CBDT”) compliance requirements (“Guidelines”). As well the exemptions, there are updated filing templates for those still falling outside the exemptions; and
Continue Reading CHINA: Cross Border Data Transfer Requirements – exemptions now availableOverview
On February 21, 2024, the California Attorney General (CA AG) announced that it had reached a settlement with DoorDash over allegations that the company failed to comply with “sale” requirements under the California Consumer Privacy Act (CCPA) and disclosure requirements under the California Online Privacy Protection Act (CalOPPA). The settlement requires DoorDash to pay
Continue Reading California Attorney General Settles with DoorDash over Alleged Sale of Personal Information
