Transfer of personal data between Europe/UK and Asia: Key changes and practical tips

Following the publication of the new EU Standard Contractual Clauses (“SCCs“) last year and their UK equivalent at the beginning of this year, any current arrangements for transferring personal data outside of Europe or the UK (e.g. international data transfer agreements involving a European or UK party) should be revisited and updated in the coming … Read more

The UK’s International Data Transfer Agreement is laid before Parliament

Following the conclusion of the Information Commissioner’s Office (“ICO“) 2021 consultation on the UK’s draft international data transfer agreement and accompanying methodology, the Secretary of State laid before Parliament the final version of the transfer documents on 28 January 2022. Collectively, the following documents are intended to be used by organisations transferring personal data outside … Read more

ASIA DATA PROTECTION UPDATE

New security assessment rules, which are applicable to the transfer of both important data and personal information outside of China, have been issued for public consultation. The Cybersecurity Administration of China (“CAC“) released a draft of the Measures for Security Assessment of Cross-border Transfer of Data (“Draft Measures“) for public consultation on 29 October 2021. … Read more

Online Privacy Bill and Privacy Act Discussion Paper: Stricter Enforcement, Online Privacy Code and the Impact for Organisations Handling Personal Information

Two recent publications by the Australian Attorney-General’s Department mark significant steps forward on the long road to reform of Australian privacy legislation: An Online Privacy Bill Exposure Draft introducing amendments to the Privacy Act 1988 (Cth) (“Online Privacy Bill”), which will strengthen penalties and enforcement measures and introduce a binding privacy code for online platforms. … Read more

China’s Personal Information Protection Law creates challenges for compliance

China’s Personal Information Protection Law (“PIPL”) was passed on 20 August 2021. PIPL presents certain challenges for compliance, which is required when it comes into force on 1 November 2021. Overview Lack of clarity over what constitutes consent Lack of clarity over “contract necessity” as a complete exception to consent Safeguards for transferring personal information … Read more