The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of
Data Transfer
Thailand – The Regulation with respect to Cross-border Transfer of Personal Data
On 25 December 2023, the Personal Data Protection Committee (PDPC) published two notifications detailing regulations for cross-border transfers of personal data under Sections 28 and 29 (Notifications) of the Personal Data Protection Act B.E. 2562 (2019)…
China proposes to ease cross border data transfer restrictions
On 28 September 2023, the Cybersecurity Administration of China (CAC) released the Draft Provisions on Regulating and Promoting Cross Border Data Flow (规范和促进数据跨境流动规定) (Draft Provisions) for public consultation. The Draft Provisions, if passed, will ease the…
European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses
Introduction
To enable international businesses to comply with cross-border personal data transfers and the relevant laws across the European Union (EU) and South-East Asia, on 24 May 2023 the European Commission and the Association of Southeast Asian Nations…
Practical steps for businesses to comply with Bill C-27: part 2
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the…
New UK guidance on Transfer Risk Assessments
On 17 November 2022, the Information Commissioner’s Office (ICO) published an update to its guidance on international transfers (Transfers Guidance). This included specific guidance about transfer risk assessments or TRAs and a tool for undertaking…
First part of EU/ US Transatlantic Data Protection Framework published today
On 7 October 2022, the US White House published the Executive Order on enhancing safeguards for United States signals intelligence activities. This action is the first part of the US legal apparatus required for the EU Commission to find certain…
UK finally publishes revised standard form international data transfer agreements and conversion addendum for the use of revised EU SCCs
The UK government has finally published the UK’s own standard form international data transfer agreement (UK IDTA) for transferring personal data outside the UK to countries not deemed to have adequate data protection regimes. It has also published…
Where data meets IP – Derivative data in M&A transactions
With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in…
Where data meets IP – protecting business data in a commercial context
In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is…