data privacy

Subscribe to data privacy via RSS

At the Legislative Council Panel on Constitutional Affairs held on 19 February 2024, the Privacy Commissioner (“Commissioner“) reported that the Office of the Privacy Commissioner for Personal Data was working with the Government to review the Personal Data (Privacy) Ordinance (“PDPO“) to strengthen personal data protection in Hong Kong. At the

Continue Reading Hong Kong: Updates to the Personal Data (Privacy) Ordinance put on hold

Déjà vu in the world of UK data law: the Labour government has proposed reforms to data protection and e-privacy laws through the new Data (Use and Access) Bill (“DUAB“). The DUAB follows the previous government’s unsuccessful attempts to reform these laws post-Brexit, which led to the abandonment of the Data Protection

Continue Reading UK: Data (Use and Access) Bill: newcomer or a familiar face?

It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data protection compliance programmes as soon as possible to reflect these developments.

Vietnam

Vietnam issued its first draft of a

Continue Reading VIETNAM, MALAYSIA AND INDONESIA: what you need to know about the new SE Asia data protection laws

Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is formulated under the existing data protection framework pillars of the Cyber Security Law, the Data Security Law and the Personal Information Protection Law

Continue Reading CHINA: Enhanced and clarified data compliance obligations on handlers of “network data”, covering personal information and important data, and operators of online platforms from 1 January 2025

October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions, all issued by the CJEU on one day – 4 October 2024. 

This article provides an overview

Continue Reading EU: CJEU Insight 

Introduction

In its judgement of 04 October 2024 (C-21/23), the European Court of Justice (“ECJ”, “Court”) ruled, that the provisions of Chapter VIII of the GDPR, do not preclude national rules which grant undertakings the right to rely, on the basis of the prohibition of acts of unfair competition

Continue Reading EU: ECJ rules that competitors are entitled to bring an injunction claim based on an infringement of the GDPR.

Introduction

The subject of “legitimate interests” and in particular whether they can be “purely commercial” has been a topic of front and center stage debate in the Netherlands for some time. The Dutch data protection authority (AP) has historically interpreted the concept of legitimate interest narrowly, taking the position that organisations

Continue Reading EU: CJEU Confirms that Legitimate Interests can cover purely commercial interests

The EU Data Act is one of the cornerstones of the EU’s Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU’s data economy. Most of the provisions of the Data Act will become applicable as of 12 September 2025. To assist stakeholders in the

Continue Reading EU: Data Act Frequently Asked Questions answered by the EU Commission