ICO publishes consultation on the AI and data protection risk toolkit

Executive Summary On 12 October 2021, the Information Commissioner’s Office (“ICO“) opened its consultation in relation to the use of the beta version of its AI and data protection risk mitigation and management toolkit (the “Consultation“). The Consultation runs until 1 December 2021 and the ICO is seeking responses from all industry sectors and from … Read more

ASIA DATA PROTECTION UPDATE

New security assessment rules, which are applicable to the transfer of both important data and personal information outside of China, have been issued for public consultation. The Cybersecurity Administration of China (“CAC“) released a draft of the Measures for Security Assessment of Cross-border Transfer of Data (“Draft Measures“) for public consultation on 29 October 2021. … Read more

China’s Personal Information Protection Law creates challenges for compliance

China’s Personal Information Protection Law (“PIPL”) was passed on 20 August 2021. PIPL presents certain challenges for compliance, which is required when it comes into force on 1 November 2021. Overview Lack of clarity over what constitutes consent Lack of clarity over “contract necessity” as a complete exception to consent Safeguards for transferring personal information … Read more

China’s new laws complicate data transfers

This year is a pivotal year for data laws in China, with two very significant pieces of new legislation coming into force – the Data Security Law (“DSL“), governing important/core data, and the Personal Information Protection Law (“PIPL“), governing personal information, on 1 September 2021 and 1 November 2021 respectively. The key issue is how … Read more

ICO issues draft International Data Transfer Agreement and guidance on undertaking risk assessments for consultation on ensuring compliance for data transfers from the UK

The UK has taken its first big data protection step in a post-Brexit world with the Information Commissioner’s Office (“ICO“) publishing its own version of an international data transfer agreement and accompanying methodology for conducting international risk assessments on 11 August 2021. The ICO has published the following documents, which all inter-relate with one another: … Read more