GDPR fines can contemplate parent group turnover: The story behind the WhatsApp fine

    Summary The DPC has fined WhatsApp, an instant messaging app owned by Facebook, €225 million in relation to an investigation into its compliance with transparency obligations under the GDPR. Following intervention from the EDPB, the proposed fine was increased from €30 – €50 million up to €225 million by taking into account the turnover of … Read more

    China’s Personal Information Protection Law creates challenges for compliance

    China’s Personal Information Protection Law (“PIPL”) was passed on 20 August 2021. PIPL presents certain challenges for compliance, which is required when it comes into force on 1 November 2021. Overview Lack of clarity over what constitutes consent Lack of clarity over “contract necessity” as a complete exception to consent Safeguards for transferring personal information … Read more

    China’s new laws complicate data transfers

    This year is a pivotal year for data laws in China, with two very significant pieces of new legislation coming into force – the Data Security Law (“DSL“), governing important/core data, and the Personal Information Protection Law (“PIPL“), governing personal information, on 1 September 2021 and 1 November 2021 respectively. The key issue is how … Read more

    ICO issues draft International Data Transfer Agreement and guidance on undertaking risk assessments for consultation on ensuring compliance for data transfers from the UK

    The UK has taken its first big data protection step in a post-Brexit world with the Information Commissioner’s Office (“ICO“) publishing its own version of an international data transfer agreement and accompanying methodology for conducting international risk assessments on 11 August 2021. The ICO has published the following documents, which all inter-relate with one another: … Read more

    China Cybersecurity and Data Protection: Monthly Update – July 2021 Issue

    Key highlights – our comments on the cybersecurity probe into DiDi and the draft of the revised Measures on Cybersecurity Review In early July, the Cyberspace Administration of China (CAC) announced that it had initiated cybersecurity review on three companies, namely DiDi, Boss Zhipin and Full Truck Alliance, and during the review the three companies … Read more

    British Airways data class action settles

    Following a stay of proceedings to pursue ADR, a number of the claims being pursued as part of the Group Litigation known as the British Airways Data Event Group Litigation (the “BA GLO”) have now been settled. We last updated on the procedural developments in this case in February 2021, when a ruling was given … Read more