Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Photo of Wilson Ang (SG)Photo of Jeremy Lua (SG)By Wilson Ang (SG) and Jeremy Lua (SG) on Posted in General
In a recent decision (the Decision),[1] the Personal Data Protection Commission (PDPC) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 (PDPA) when the consent procured is invalid. The General Legitimate Interests Exception The general Legitimate Interests Exception was introduced to … Continue reading

Privacy law is becoming more technically sophisticated. So should you.

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)Photo of Susan Ross (US)By Steve Roosa (US), Daniel Rosenzweig (US) and Susan Ross (US) on Posted in Compliance and risk management, Privacy law
As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit.… Continue reading

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Photo of Nadège Martin (FR)Photo of Geoffroy Coulouvrat (FR)By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on Posted in General
Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club (CESIN) has estimated that 54% of French companies were subject to cyberattacks in 2021,[1] while France Assureurs has put cyberattack risks on … Continue reading

FTC proposed consent order prohibits perpetual retention of personal information

Photo of David Kessler (US)Photo of Susan Ross (US)Photo of Susana Medeiros (US)By David Kessler (US), Susan Ross (US) and Susana Medeiros (US) on Posted in General
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information.  On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit the company from perpetual retention of personal information—a broader category.   Also unlike the previous matter, … Continue reading

EDPB Guidelines on international transfers: 6 key takeways

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in General
EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board (EDPB) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation … Continue reading

Practical steps for businesses to comply with Bill C-27: part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Jeremie Wyatt (CA)By Imran Ahmad (CA), Shreya Gupta and Jeremie Wyatt (CA) on Posted in Cybersecurity, Data Protection, Data Transfer, Intellectual Property, Privacy law
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading

Hong Kong’s data privacy law reform may come in 2023

Photo of Anna GamvrosPhoto of Edward Yau (HK)By Anna Gamvros and Edward Yau (HK) on Posted in General
The reform of Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) is back on the agenda. In our earlier post in 2020, we reported that the Constitutional and Mainland Affairs Bureau published a discussion paper (the Discussion Paper) seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) views on proposed changes to the … Continue reading

BIPA damages accrue per transaction

Photo of Anna Rudawski (US)Photo of Susan Ross (US)By Anna Rudawski (US) and Susan Ross (US) on Posted in BIPA
Data Protection Report - Norton Rose FulbrightOn February 17, 2023, the Illinois Supreme Court decided, by a 4-3 vote, that each time a private entity scans or transmits an individual’s biometric information without complying with Illinois Biometric Information Privacy Act (BIPA), that constitutes a separate violation under BIPA.  (Cothron v. White Castle System, Inc., 2023 IL 128004 (Ill. Feb. 17 2023).)  … Continue reading

Hong Kong: Data Security Measures Guidance published by the PCPD

Photo of Anna GamvrosPhoto of Edward Yau (HK)By Anna Gamvros and Edward Yau (HK) on Posted in Cybersecurity
As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a Guidance Note on Data Security Measures for Information … Continue reading

Privacy Act Review report

Photo of Ka-Chi CheungPhoto of Anna GamvrosPhoto of Jim Lennon (AU)Photo of Ross PhillipsonBy Ka-Chi Cheung, Anna Gamvros, Jim Lennon (AU) and Ross Phillipson on Posted in Privacy law
Norton Rose Fulbright - Data Protection Report blogThe Attorney General’s Department released its Privacy Act Review report on 16 February 2023, that includes the broad suite of reforms you would expect to bring Australia’s privacy laws in to line with both international standards and the reality of our data-based economy. These include enhanced data subject rights and increased accountability requirements for organisations collecting and … Continue reading
LexBlog