While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of China sensitive personal information, which is increasingly important in light of new cross-border data transfer
Continue Reading China: Important new guidance on defining sensitive personal information
This is Part 2 in a series of articles on the European Health Data Space (“EHDS“). Part 1, which provides a general overview of the EHDS, is available here.
Alongside the better-known provisions of the EHDS dealing with secondary use of health data, the draft Regulation also sets out specific technical requirements
Continue Reading Requirements of EHR systems under the European Health Data SpaceAuthor: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To
With 2023 having come to an end, the fast-paced changes to the China data protection regime throughout the year are continuing well into Q1 2024.
As well as a near finalisation of the different routes to legitimise cross-border data transfers, the Cyberspace
Continue Reading CHINA: data protection regulations – a lookback at 2023 developments
UK Extension
Following the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) (for further information see here), the UK Government has announced that from 12 October 2023, organisations in the UK can transfer personal data to US organisations certified to the “UK Extension to the EU-US Data Privacy Framework”
Continue Reading UK: EU-UK Data Privacy Framework Extension
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawAuthors: Andreas Rüdiger, Philipp Adelberg
On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR
Authors: Denise Lebeau-Marianna, Tess Muckensturm and Divya Shanmugathas
Since our last post, the French Supervisory Authority (the “CNIL”) has published a Q&A and a post on June 7, 2022 regarding Google Analytics, where it highlights the key points of its formal notices and gives some practical advice to website operators.
