Topic: Data Protection

Subscribe to Data Protection RSS feed

Testing the tricky apps for privacy and data protection

NT Analyzer blog series, cookieDealing with cert pinning and root detection The privacy area has been white-hot lately, including litigation and investigations involving VPPA; Wiretap/Pen Register/Trap and Trace; and Opt Out Compliance. Furthermore, with the HHS updates on tracking in the HIPAA context, and the new state privacy laws (such as the My Health My Data Act), we can … Continue reading

Singapore releases New Guidelines on the Use of Personal Data in AI Systems

On 1 March 2024, Singapore’s Personal Data Protection Commission (PDPC) issued the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (AI Advisory Guidelines). These AI Advisory Guidelines followed a public consultation which concluded in August 2023. Our blog post on the public consultation for the draft AI Advisory Guidelines … Continue reading

ASEAN releases Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses and AI Governance Guide 

On 1 and 2 February 2024, at the fourth 4th ASEAN Digital Ministers Meeting (ADGMIN) in Singapore, ASEAN[1] unveiled: We summarise and discuss both the Joint Guide and the ASEAN AI Governance Guide below. Joint MCC – SCC Guide To recap, the first part of the Joint MCC – SCC Guide (the Reference Guide) was … Continue reading

Significant amendments to the Singapore Cyber Security Act set to have implications for the cybersecurity landscape

On 15 December 2023, the Cyber Security Agency of Singapore (CSA) released the draft Cybersecurity (Amendment) Bill (Draft Bill), which seeks to amend the Cyber Security Act 2018 (CS Act), for public consultation. The public consultation concluded on 15 January 2024. The consultation paper and the Draft Bill can be accessed here. The proposed changes … Continue reading

Singapore proposes Governance Framework for Generative AI

On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing the areas where future policy interventions relating to generative AI may take place and options for such intervention. The … Continue reading

Thailand – The Regulation with respect to Cross-border Transfer of Personal Data

On 25 December 2023, the Personal Data Protection Committee (PDPC) published two notifications detailing regulations for cross-border transfers of personal data under Sections 28 and 29 (Notifications) of the Personal Data Protection Act B.E. 2562 (2019) (PDPA). These Notifications are the Adequacy Country Notification and the Appropriate Safeguard Notificationrespectively. Key information In summary, the Adequacy … Continue reading

How to Effectively Draft Data Processing Agreements to Protect Information Shared with Service Providers – Part 2

PadlockIn our previous post, we discussed specific considerations for common boilerplate provisions in data processing agreements (DPAs). Due to the sensitivity of data transfers and privacy laws, DPAs require careful drafting to ensure the data processor complies with appropriate privacy obligations and is responsible for any non-compliance. This post takes a closer look at DPA-specific … Continue reading

How to Effectively Draft Data Processing Agreements to Protect Information Shared with Service Providers – Part 1

PadlockModern businesses collect and process personal information about their customers and employees for the benefit of their business – these benefits include identifying opportunities to enhance their products or services, streamlining operations, reducing costs or maximizing profits. Processing such data is often outsourced to a third-party data processing service provider. For example, third parties may … Continue reading

China proposes to ease cross border data transfer restrictions

On 28 September 2023, the Cybersecurity Administration of China (CAC) released the Draft Provisions on Regulating and Promoting Cross Border Data Flow (规范和促进数据跨境流动规定) (Draft Provisions) for public consultation. The Draft Provisions, if passed, will ease the requirements around cross border data transfer under the Personal Information Protection Law (PIPL). The consultation closed on 15 October … Continue reading

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance).  The Guidance is aimed at employers across both the private and public sector.  Responding to the rise of remote working and new technologies available to monitor employees, the ICO has looked to provide clear direction on … Continue reading

Act 25 – Demystifying privacy impact assessments with the CAI’s new tools

With most provisions of the Act to modernize legislative provisions as regards the protection of personal information (Act 25) having just come into effect on September 22, public bodies and enterprises (organizations) will now need to conduct privacy impact assessments (PIA) during various projects that involve personal information. A PIA is an impact analysis that takes all … Continue reading

An overview of the European digital strategy

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each … Continue reading

Singapore Releases Proposed Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems

On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued its Proposed Advisory Guidelines on Use of Personal Data In AI Recommendation and Decision Systems (the Proposed AI Advisory Guidelines) for public consultation. The Proposed AI Advisory Guidelines address the following: The Proposed AI Advisory Guidelines may be accessed here. A brief summary of, … Continue reading

OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline

On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes.  The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading

Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A

Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading

European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses

Introduction To enable international businesses to comply with cross-border personal data transfers and the relevant laws across the European Union (EU) and South-East Asia, on 24 May 2023 the European Commission and the Association of Southeast Asian Nations (ASEAN) published a Reference Guide to ASEAN Model Contractual Clauses (ASEAN MCCs) and EU Standard Contractual Clauses … Continue reading

Singapore contributes to the development of accessible AI testing and accountability methodology with the launch of the AI Verify Foundation and AI Verify Testing Tool

On 7 June 2023, at the ATxAISummit, Singapore launched the AI Verify Foundation, which aims to “harness the collective power and contributions of the global open source community” in order to develop the AI Verify testing tool for the responsible use of AI. In this short post, we discuss this development as well as the … Continue reading

New commitments in principle regarding UK to USA data transfer mechanism

On 8 June 2023, the UK Secretary of State for Science, Innovation, and Technology and the US Secretary of Commerce issued a joint Statement confirming that the UK and the USA have committed in principle to establishing a “data bridge” to allow for the free flow of data between organisations in the UK and participating … Continue reading

Building Cyber Resiliency In the Energy Sector

For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

UK AI White Paper

At last, UK Government publishes its White Paper on AI – “A pro-innovation approach to AI regulation” – an opportune start, but as expected, a framework with detail to follow… The Department for Science, Innovation and Technology, has finally published its AI regulation white paper (the ‘White Paper’). Here are the key elements: What AI … Continue reading

Practical steps for businesses to comply with Bill C-27: part 2

In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Data Protection Report - Norton Rose FulbrightIn three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading
LexBlog