Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To

It’s now the time to focus on the steps that data controllers need to take to legitimize overseas processing of China personal information via the CAC certification route.

Background: While most PRC data controllers should have already identified whether to follow the
Continue Reading CHINA: CBDT routes now all clear – Draft guidelines for CAC Certification route published

On 15th March 2023, the UK Information Commissioner’s Office (“ICO”) issued updated Guidance on Artificial Intelligence and Data Protection. The updated Guidance follows ‘requests from UK industry to clarify requirements for fairness in AI” and aims to support the UK government’s vision of a “pro-innovation approach to AI
Continue Reading UK: ICO issues updated Guidance on Artificial Intelligence and Data Protection

Authors: Denise Lebeau-Marianna, Divya Shanmugathas and Lucie Dubecq-Princeteau

On 15 March 2023, the French Supervisory Authority (the “CNIL”) unveiled in a post its four key priorities regarding its upcoming investigations for 2023 targeting specific sectors (I), to which it added another topic related to DPO in line with the coordinated enforcement framework of

Continue Reading France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

Authors: Andreas Rüdiger, Philipp Adelberg

 On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR

Authors: Carolyn Bigg, Yue Lin Lee and Daisy Wong

Singapore’s Personal Data Protection Commission (“PDPC”) has issued its first decision on the Legitimate Interests Exception under the PDPA.

While the PDPA remains largely a consent-based regime, the Legitimate Interests Exception is one of the exceptions from consent available under the PDPA.

This RedMart
Continue Reading SINGAPORE: First decision on the Legitimate Interest Exception under the Personal Data Protection Act (PDPA) issued

Authors:  Heidi Waem and Simon Verschaeve

On 21 February 2023, the Litigation Chamber of the Belgian Data Protection Authority ruled on a case relating to the lawfulness of a geolocation tracking system for employee vehicles used by a public authority. The decision not only sets out the conditions for the use of such systems, but
Continue Reading Belgium: Belgian data protection authority clarifies the public interest legal basis in the context of decision on a vehicle tracking system

Authors: Jim Sullivan, John Magee, Rachel De Souza & Christopher Connell

The European Data Protection Board (“EDPB” or the “Board”) on 28 February 2023, released its non-binding opinion on the draft adequacy decision underlying the EU-US Data Privacy Framework (“DPF”). The Board welcomed the “substantial improvements” to
Continue Reading EU/US: EDPB Welcomes Improvements in the EU-US Data Privacy Framework, but Challenges Remain

Author: Sarah Birkett

Cyber Security Strategy discussion paper launched

This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

The discussion paper, which acknowledges that the Australian Government was
Continue Reading Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more