Authors: Ross McKean, Henry Pelling

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit).
The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal
Continue Reading UK: ICO issue fine of £4.4m to Interserve for security failings

Author: Carolyn Bigg, Yue Lin Lee

Indonesia’s long-awaited Personal Data Protection Law (“PDPL”) finally came into force on 17 October 2022, helpfully consolidating and clarifying the personal data protection framework in Indonesia.

Whilst there is a two-year transition period, businesses with Indonesian operations or which process the personal data of Indonesian citizens should now make
Continue Reading INDONESIA: Personal Data Protection Law PDPL Now in Force

A recent decision by the Irish Data Protection Commission (“DPC“) imposing a record €405 million fine provides clarification on the lawfulness of processing children’s personal data in accordance with the legal bases of ‘performance of contract’ and ‘legitimate interest’.

On 2 September 2022, the DPC imposed a record €405 million GDPR fine on
Continue Reading Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

Long-awaited executive order strives to enhance and revive the invalidated Privacy Shield Framework

Author: Jim Sullivan

On 7 October 2022, President Biden issued an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the EO), aimed at addressing the widespread legal uncertainty that has prevailed with respect to transatlantic data transfers since the 

Continue Reading President Biden orders surveillance reforms two years after Schrems II

Authors: Coran Darling, James Clark

In its proposed AI Regulation (“AI Act”), the EU recognises AI as one of the most important technologies of the 21st century. It is often forgotten, however, that AI is not one specific type of technology. Instead, it is an umbrella term for a range of

Continue Reading EUROPE: Data protection regulators publish myth-busting guidance on machine learning

Authors: Carolyn Bigg, Yue Lin Lee

The provision setting out significantly higher financial penalties for Singapore’s Personal Data Protection Act 2012 (“PDPA”) is now in force.

There is now an increased risk for organisations contravening the PDPA in Singapore.

This means that in relation to any intentional or negligent contravention of:

  1. the data


Continue Reading SINGAPORE: Increased financial penalties under the PDPA now in effect

Under the Data Security Law, organisations are required to classify the data they process according to their level of significance. Albeit a draft, the recent Draft Standard on Information Security Technology Network Data Classification and Grading Requirements (“Draft”) highlights the principles and methods for different industries, fields, localities, departments, and data processors to
Continue Reading CHINA: Clarifications of data classification and grading requirements

Introduction

The Singapore Court of Appeal has recently clarified that ‘emotional distress’ is an actionable loss and damage under the existing right of private action of Personal Data Protection Act 2012 (“PDPA“).

Decision

Section 32 (now section 48O) of the Personal Data Protection Act 2012 (“PDPA”) provides individuals who have suffered
Continue Reading SINGAPORE: Right of private action under the Personal Data Protection Act 2012 – scope explained

Authors: Eliza Saunders, Sarah Birkett, James Clark, Senal Premarathna

Introduction

The benefits of using genetic information for research purposes are clear, especially as the technology underpinning medical research continues to advance at such a rapid pace. Outside of research and clinical development, the number of organisations which use blood and saliva samples
Continue Reading Genetic information – global privacy considerations – an Australian and UK perspective

Following the first automobile industry-specific data and cyber compliance rules, published late last year (see our alert here), regulators have issued guidelines on the licensing of surveying and mapping activities and use of mapping data within connected vehicles, through the new Regulations on Promoting the Development of Intelligent and Connected Vehicles and Maintaining the
Continue Reading CHINA: connected vehicle and automobile industry – new licences now required to enable/continue (i) surveying and mapping activities, (ii) overseas transfer of mapping data