The UK ICO has published its AI and data protection risk toolkit (the “Toolkit“). The Toolkit is designed to provide practical support to organisations using AI systems which may involve the processing of personal data. It builds on the ICO’s earlier guidance on AI and data protection, published in July 2020.

The…
Continue Reading UK: ICO publishes AI and Data Protection risk Toolkit

On 8 March 2022, The Data Protection Act 2018 (Access Modification) (Health) Regulations 2022 (“the 2022 Regulations”) came into force, revoking and replacing the Data Protection (Access Modification) (Health) Regulations 1989 (the “1989 Regulations”). The new 2022 Regulations will have an impact on organisations that process health data (i.e. physical and mental health…
Continue Reading Ireland: Employers can now process Data Subject Access Requests without advice of health service providers

Organisations engaging in cross border transfers of personal data may now rely on the Recommended Model Contractual Clauses (RMCs), recently published by the Privacy Commissioner for Personal Data (PCPD).

The two sets of RMCs are intended for controller to controller transfers, and controller to processor transfers. The RMCs may be used in:

• cross border transfers

…
Continue Reading Hong Kong: Newly published Model Contractual Clauses

What is the European Health Data Space?

On 3 May 2022, the EU Commission published a draft Regulation on the European Health Data Space (“HDS”).  The Regulation is the first sector-specific proposal in the Commission’s “European Strategy for Data”, which aims at creating a ‘single market for data’.  In so doing, the Commission…
Continue Reading The European Health Data Space – 5 Things You Need to Know

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“noyb.eu”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“letter”). The letter coincides with a visit to Washington, D.C. by a delegation…
Continue Reading NOYB open letter on the new EU – US data deal

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

On 12 May 2022, the European Data Protection…
Continue Reading Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Today, through the Queen’s Speech, the UK Government has set out its legislative program for the next Parliamentary term. The speech outlined 38 proposed laws, including the Data Reform Bill.

The introduction of the Data Reform Bill will reform the UK’s current data protection framework, bringing in potentially significant changes to the UK GDPR and…
Continue Reading UK: Data Reform Bill: post-Brexit data reforms

Authors: Carolyn Bigg, Yue Lin Lee, Gwyneth To and Jing Qin Cho

Companies providing cybersecurity services (“CSPs“) in Singapore will now have to obtain a licence for the provision of such services by 11 October 2022.

The licensing framework took effect from 11 April 2022.

The licensing framework is part of the Cybersecurity…
Continue Reading Singapore: Cybersecurity service providers’ mandatory licensing by October 2022