On 22 May 2023, following the adoption of a binding decision by the EDPB, the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed Meta to suspend its transfers … Read more

HSF technology disputes practitioners Andrew Moir, Rachel Lidgate, Martin Hevey, Kate Macmillan, Peter Dalton, Heather Newton and Rachel Montagnon have recently published a Q&A in Practical Law on Disputes in the Technology Industry (see here for subscribers and here for a pdf) covering all aspects of disputes in the sector including current and future trends. … Read more

On 13 January 2022, the draft Guidelines for Identification of Critical Data (“Draft Guidelines“) were released. The public consultation period will end on 13 March 2022.  This is a key step for the full enforcement of the Data Security Law (“DSL“) which came into force on 1 September 2021. Read more

The US Federal Trade Commission (the FTC) released the text of a Final Rule (the Final Rule) on October 27, 2021, amending the Standards for Safeguarding Consumer Information (the Safeguards Rule). Since 2003, the Safeguards Rule has set the data security standards applicable to certain non-banking financial institutions, as defined under the Gramm-Leach-Bliley Act of … Read more

New security assessment rules, which are applicable to the transfer of both important data and personal information outside of China, have been issued for public consultation. The Cybersecurity Administration of China (“CAC“) released a draft of the Measures for Security Assessment of Cross-border Transfer of Data (“Draft Measures“) for public consultation on 29 October 2021. … Read more

China’s Personal Information Protection Law (“PIPL”) was passed on 20 August 2021. PIPL presents certain challenges for compliance, which is required when it comes into force on 1 November 2021. Overview Lack of clarity over what constitutes consent Lack of clarity over “contract necessity” as a complete exception to consent Safeguards for transferring personal information … Read more

This year is a pivotal year for data laws in China, with two very significant pieces of new legislation coming into force – the Data Security Law (“DSL“), governing important/core data, and the Personal Information Protection Law (“PIPL“), governing personal information, on 1 September 2021 and 1 November 2021 respectively. The key issue is how … Read more

Key highlights – our comments on the cybersecurity probe into DiDi and the draft of the revised Measures on Cybersecurity Review In early July, the Cyberspace Administration of China (CAC) announced that it had initiated cybersecurity review on three companies, namely DiDi, Boss Zhipin and Full Truck Alliance, and during the review the three companies … Read more