Authors: Andreas Rüdiger, Philipp Adelberg

 On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR

Authors: Carolyn Bigg, Yue Lin Lee and Daisy Wong

Singapore’s Personal Data Protection Commission (“PDPC”) has issued its first decision on the Legitimate Interests Exception under the PDPA.

While the PDPA remains largely a consent-based regime, the Legitimate Interests Exception is one of the exceptions from consent available under the PDPA.

This RedMart
Continue Reading SINGAPORE: First decision on the Legitimate Interest Exception under the Personal Data Protection Act (PDPA) issued

Authors:  Heidi Waem and Simon Verschaeve

On 21 February 2023, the Litigation Chamber of the Belgian Data Protection Authority ruled on a case relating to the lawfulness of a geolocation tracking system for employee vehicles used by a public authority. The decision not only sets out the conditions for the use of such systems, but
Continue Reading Belgium: Belgian data protection authority clarifies the public interest legal basis in the context of decision on a vehicle tracking system

Authors: Jim Sullivan, John Magee, Rachel De Souza & Christopher Connell

The European Data Protection Board (“EDPB” or the “Board”) on 28 February 2023, released its non-binding opinion on the draft adequacy decision underlying the EU-US Data Privacy Framework (“DPF”). The Board welcomed the “substantial improvements” to
Continue Reading EU/US: EDPB Welcomes Improvements in the EU-US Data Privacy Framework, but Challenges Remain

Author: Sarah Birkett

Cyber Security Strategy discussion paper launched

This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

The discussion paper, which acknowledges that the Australian Government was
Continue Reading Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Authors: Andreas Rüdiger, Philipp Adelberg

The debate on transatlantic data transfers, a possible adequacy decision for the US and the EU-US Data Privacy Framework (“DPF“) is gaining new momentum. On 14 February 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs published its draft motion for a resolution regarding
Continue Reading EU – US adequacy decision: Update

Data protection compensation claims continue to manifest themselves. Understanding a data incident, and how to respond in an appropriate manner, is vital to combatting this growing threat.

Judgments through 2022 continued to be largely favourable to those facing such claims. But the threat still exists.

On Thursday, 2 March 2023, David Cook and Benjamin Fellows
Continue Reading UK: Data Protection Compensation Claims Webinar

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To

Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to:

  • sign the China SCCs with


Continue Reading CHINA: Final China SCCs for CBDT published – What you need to know