On January 16, 2023, the New Jersey Governor signed into law Senate Bill 332 (the “Act”) making New Jersey the 14th state to adopt a comprehensive state privacy law. The Act will take effect on January 15th, 2025, and requires the Division of Consumer Affairs to issue rules and regulations to effectuate
Continue Reading US: New Jersey Enacts Comprehensive State Privacy Law
Europe: EDPB coordinated enforcement action identifies areas of improvement to promote the role and recognition of DPOs
Background
March 2023 saw the launch of the European Data Protection Board’s (EDPB’s) second coordinated enforcement action (CEF 2023), which focused on the designation and position of Data Protection Officers (DPOs). Data Protection Authorities (DPAs) across the EEA have launched coordinated investigations into this topic. In particular
Continue Reading Europe: EDPB coordinated enforcement action identifies areas of improvement to promote the role and recognition of DPOs
CJEU Insight
2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.
In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and
Continue Reading CJEU InsightUS: Open Banking Regulation Arrives in the US
In 2010, Congress included a provision in the Consumer Financial Protection Act (CFPA) requiring that the Consumer Financial Protection Bureau (CFPB or Bureau) promulgate rules effectuating what is commonly referred to as “Open Banking.” Specifically, the rules would require any entity that engages in offering or providing a consumer financial product or service to make
Continue Reading US: Open Banking Regulation Arrives in the USGermany: New legislative procedure for an Employee Data Protection Act
After several failed attempts in recent decades to summarize and codify the data protection provisions relating to employees and other workers in a single Employee Data Protection Act, the current government is once again attempting to do so.
Current legal situation in Germany
Currently, employee data protection in Germany is largely determined by case law.
Continue Reading Germany: New legislative procedure for an Employee Data Protection ActCHINA: data protection regulations – a lookback at 2023 developments
Author: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To
With 2023 having come to an end, the fast-paced changes to the China data protection regime throughout the year are continuing well into Q1 2024.
As well as a near finalisation of the different routes to legitimise cross-border data transfers, the Cyberspace
Continue Reading CHINA: data protection regulations – a lookback at 2023 developments
Imminent Changes to Singapore’s Cybersecurity Act: New Obligations on Service Providers
Since the enactment of Singapore’s Cybersecurity Act (Act) in August 2018, the digital battlefield has transformed dramatically. The nation’s move towards digitalisation has not only spurred the growth of Singapore’s digital economy but also brought new cyber threats and challenges to the fore.
Given this, the Cyber Security Agency of Singapore (CSA
Continue Reading Imminent Changes to Singapore’s Cybersecurity Act: New Obligations on Service ProvidersEU: Significant new CJEU decision on automated decision-making
Authors: James Clark and Verena Grentzenberg
The Court of Justice of the European Union (CJEU) has delivered an important judgment on the scope and interpretation of the ‘automated decision-making’ framework under the GDPR. It is a decision that could have significant implications for service providers who use algorithms to produce automated scores, profiles
Continue Reading EU: Significant new CJEU decision on automated decision-makingEU: EU formally adopts ‘Data Act’
On 27 November 2023, the Council formally adopted the final version of the regulation on harmonised rules on fair access to and use of data (“Data Act”), after the European Parliament had adopted the Data Act earlier this month.
Drafted with the objective of fostering innovation and facilitating the sharing of data between
Continue Reading EU: EU formally adopts ‘Data Act’
EU: New EDPB guidelines on the scope of the ‘cookie rule’
The European Data Protection Board has published new guidelines (14 November 2023) on the scope of Article 5(3) of the e-Privacy Directive – i.e., the so-called ‘cookie rule’.
These guidelines apply a maximalist interpretation to the cookie rule, meaning that a wide variety of technologies other than traditional cookies are, in the opinion of the
Continue Reading EU: New EDPB guidelines on the scope of the ‘cookie rule’