Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

    Transfer Impact Assessments – divergence between EDPB and ICO approaches

    Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more

    PDPA Update – Thailand’s New Legislation on Personal Data Breach Notification

    On 15 December 2022, the Notification of the Personal Data Protection Committee (the “PDPC“) Re: Criteria and Means on Personal Data Breach Notification (the “PDPC Notification“) was published on the Thailand’s royal gazette and takes effect on the same day. This sets out more elaborated requirements on one of the key data controller’s obligations – … Read more

    Key changes in data privacy and cyber security laws across Southeast Asia in 2022

    2022 is a milestone year for data privacy and cyber security laws developments across Southeast Asia.  We set out the key changes as follows: The new Personal Data Protection Law in Indonesia became effective on 17 October 2022. Multiple data protection guidelines have been issued to supplement the Personal Data Protection Act in Thailand, which … Read more

    $50m Penalties, More Regulatory Powers and Expanded Global Reach – Part One of Australia’s Privacy Act Reforms

    On Wednesday 26 October 2022, Australia’s Attorney-General Mark Dreyfus introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Cth) (Bill) into Federal Parliament. The Bill includes amendments to the Privacy Act 1988 (Cth) (Privacy Act), including: Maximum penalties of $50 million and more for serious or repeated interferences with privacy; Enhanced powers (including … Read more

    President Biden’s Executive Order implements EU-US data privacy framework

    President Biden recently issued an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Privacy EO) outlining steps that the US Government is taking to implement the US commitments under the European Union-US Data Privacy Framework (the Privacy Framework) that the US and the European Commission (EC) announced in March 2022 to … Read more

    New guidance on the CAC security assessment for cross-border data transfer

    On 31 August 2022, the Cyberspace Administration of China (“CAC“) published the Guidelines on the Application of Security Assessment of Cross-border Transfer of Data (“Guidelines“) to clarify how organisations in China can apply to CAC for a security assessment for cross-order data transfer, a requirement stipulated under the Measures for Security Assessment of Cross-border Transfer … Read more


    On 20 September 2022, Indonesia’s President and House of Representatives (DPR) approved the Personal Data Protection bill following six years of deliberation. However, while the PDP bill has been approved by both the President and DPR, it has not yet been signed by the President, who is required by law to ratify the PDP Law … Read more