If your organisation must follow the CAC assessment route to continue your cross-border flows of personal information or important data, we now know the full extent of the self-assessment, application and supporting documents to be filed with the CAC for approval. It remains a significant task, so action must be taken as soon as possible

Continue Reading CHINA: major developments on CAC assessment for cross-border data transfers – the task is now clear, but the urgency remains

Google LLC has agreed to pay AUD 60 million to Australia’s competition regulator, the Australian Competition and Consumer Commission (ACCC), after it was held that Google breached the Australian Consumer Law (ACL) regarding its collection of location data.

In October 2019, the ACCC commenced proceedings alleging that Google had engaged in
Continue Reading Australia: Google agrees to pay AUD 60 million for misleading consumers regarding the collection of location data

Mobile apps pervade all aspects of life in Mainland China, and in turn remain a high enforcement priority for data privacy regulators in China. For the past couple of years, operators of mobile apps in China have had to comply with over thirty additional, specific privacy compliance obligations (i.e. over and above those applicable to
Continue Reading CHINA: mobile apps remain a high privacy risk, and face stringent requirements

As part of its data strategy, the European Commission has presented a number of legislative instruments, including the Digital Markets Act (DMA), the Digital Services Act (DSA), the Data Governance Act (DGA) and the Data Act.

Our article analysing these four new instruments in more detail – in particular, who these legal instruments apply to


Continue Reading EU: Who’s who under the DMA, DSA, DGA and Data Act?

On 26 May 2022, the TC260 released the Draft Requirements on Privacy Agreements for Internet Platforms, Products and Services (“Draft Requirements”) for public consultation. The Draft Requirements flesh out the regulatory scheme regarding privacy policies as put forward in the Personal Information Protection Law (“PIPL”) and Personal Information Specification (“PIS
Continue Reading CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

On 3 August, the Indian Central Government withdrew the Personal Data Protection Bill, 2019 (PDP Bill). The PDP Bill, which has drawn criticism from both privacy advocates and industry stakeholders, was first published in 2018 and was to be India’s first law on the protection of personal data. A government notice stated that
Continue Reading India: Government withdraws long-awaited Personal Data Protection Bill

On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR.

It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning
Continue Reading NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial

On Thursday 21 July 2022, the Cyberspace Administration of China (“CAC”) fined Didi Global Inc, an online ride-hailing business a total of RMB 8.026 billion (approximately USD 1.2 billion).

The CAC explained that the reasons for the fines were due to Didi’s:

  • illegal collection of over 11.9 million screenshots from users’ mobile phone


Continue Reading China: Enforcement of data protection – 5% of annual local revenue

Authors: Sarah Birkett and Alex Moore 

The use of CCTV systems to collect biometric information from individuals in Australia is attracting headlines. The issue relates not to the use of CCTV itself, but rather the collection of biometric information (i.e. electronic copies of faces, fingerprints, voices) via CCTV. Organisations, including retailers, may collect biometric information
Continue Reading Australia: Collection of biometric information via CCTV