Topic: General

Subscribe to General RSS feed

Where data meets IP – protecting business data in a commercial context

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Patrick Chou (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Patrick Chou (CA) and Suzie Suliman (CA) on Posted in Data Transfer, General, Intellectual Property
Data Protection Report - Norton Rose FulbrightIn our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Photo of Kate Nelson (US)By David Kitchen and Kate Nelson (US) on Posted in Cybercrime, Cybersecurity, General, Ransomware
Norton Rose Fulbright - Data Protection Report blogOn September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

The UK National AI Strategy: Regulation, Data Protection and IPR in the Mix

Photo of Marcus Evans (UK)Photo of Michael Sinclair (UK)Photo of Peter McBurneyBy Marcus Evans (UK), Michael Sinclair (UK) and Peter McBurney on Posted in General
The UK Government has published its National AI Strategy. Click here to read more about what the National AI Strategy says about AI regulation, and its implications for data protection in the UK. In this detailed blog we examine three discrete issues addressed in it (AI regulation, data protection and intellectual property rights) and we … Continue reading

UK Government sets out proposals to shake up UK data protection laws

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK), Lara White (UK) and Sahar Bhaimia on Posted in Compliance and risk management, General
Data Protection Report - Norton Rose FulbrightOn 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime.  The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading

Where Data Meets IP

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Patrick Chou (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Patrick Chou (CA) and Suzie Suliman (CA) on Posted in Data Transfer, General, Intellectual Property
Data Protection Report - Norton Rose FulbrightHow do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property. Data as IP Copyright Original compilations of data … Continue reading

The UK Government unveils its post-Brexit plans to shake up data protection laws

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK), Marcus Evans (UK) and Isabella Martinez-Sistac Orozco on Posted in General, Privacy law, Regulatory response
On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading

Ontario moves towards introducing new privacy law

Photo of Imran Ahmad (CA)Photo of Liana Di Giorgio (CA)By Imran Ahmad (CA) and Liana Di Giorgio (CA) on Posted in General, PHIPA, PIPEDA, Privacy law
Data Protection Report - Norton Rose FulbrightGiven global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading

China’s evolving data laws: PIPL likely to be passed soon

Photo of Anna Gamvros (HK)Photo of Lianying Wang (CN)By Anna Gamvros (HK) and Lianying Wang (CN) on Posted in Cybersecurity, General
Norton Rose Fulbright - Data Protection Report blogChina’s much anticipated Personal Information Protection Law (PIPL) is very likely to pass this month after the conclusion of the 30th meeting of the Standing Committee of the National People’s Congress, which is to be held in Beijing on 17-20 August. This follows the enactment earlier this year of the Data Security Law (DSL), which … Continue reading

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

Photo of Christoph Ritzer (DE)Photo of Natalia Filkina (DE)By Christoph Ritzer (DE) and Natalia Filkina (DE) on Posted in General, Regulatory response
Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. Pursuant to the court’s decision, Article 15 … Continue reading

Hong Kong: Bill to amend the Personal Data (Privacy) Ordinance to combat doxxing acts was gazetted today

Photo of Anna Gamvros (HK)Photo of Ruby Kwok (HK)Photo of Edward Yau (HK)By Anna Gamvros (HK), Ruby Kwok (HK) and Edward Yau (HK) on Posted in General
The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) was gazetted today, 16 July 2021. The Bill aims to combat doxxing acts through (i) criminalisation of doxxing acts; (ii) empowering the Privacy Commissioner for Personal Data to conduct criminal investigation and institute prosecution for doxxing cases; and (iii) conferring on the Commissioner statutory powers to … Continue reading

EDPB cautiously welcomes UK adequacy finding

Photo of Lara White (UK)By Lara White (UK) and Janine Regan (UK) on Posted in General, Regulatory response
Norton Rose Fulbright - Data Protection Report blogYesterday, the European Data Protection Board (EDPB) published its opinion on the European Commission’s draft Decision that the UK ensures an adequate level of protection for personal data (the Opinion).  The Opinion was adopted by the EDPB on 13 April 2021, a couple of days before the Opinion’s official publication on 15 April 2021. The … Continue reading

EU Commission draft UK Data Protection Adequacy Decision published

Photo of Marcus Evans (UK)Photo of Shiv Daddar (UK)By Marcus Evans (UK) and Shiv Daddar (UK) on Posted in Enforcement, General, Regulatory response
Data Protection Report - Norton Rose FulbrightFollowing nine months of assessment of the UK’s data protection laws (including the rules on access to data by public authorities), the European Commission has today published its draft decision on the adequate protection of personal data by the United Kingdom. The draft decision can be found here. The draft decision is welcome news to … Continue reading

101 Problems and Schrems Ain’t One

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in General
NT Analyzer blog series, cookieEureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” … Continue reading

Algorithmic Decision-making and the UK ICO’s Guidance on AI

Photo of Magdalene Lie (UK)By Magdalene Lie (UK) on Posted in General, Regulatory response
Algorithmic decision-making has been in the news of late. From Ofqual’s downgrading of students’ A-level results[1] to the complaint lodged by None of Your Business’ against the credit rating agency CRIF for failing (amongst other things) to be transparent about the reasons why a particular applicant had been given a negative rating[2]. We have been … Continue reading

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Photo of Lara White (UK)By Lara White (UK) and Janine Regan (UK) on Posted in General
On 11 August 2020, the Court of Appeal (CA) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police.  The court found that the use of automated facial recognition technology (AFT) by South Wales Police (SWP) was unlawful and did not comply … Continue reading

An “enhanced” Privacy Shield is being negotiated – third time a charm?

Photo of Lara White (UK)By Lara White (UK) and Janine Regan (UK) on Posted in Compliance and risk management, Data Transfer, Enforcement, General
On 10 August, the European Commission and the US Department of Commerce confirmed that talks have begun between the EU and US for an “enhanced” Privacy Shield. This will be the third attempt to revise this framework, following the invalidation of Safe Harbor in 2015 and Privacy Shield in July 2020. Third time a charm? … Continue reading

Schrems II landmark ruling: Privacy Shield is invalid, Standard Contractual Clauses are valid but court puts obligations on parties and authorities

Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)By Marcus Evans (UK), Christoph Ritzer (DE) and Janine Regan (UK) on Posted in Data breach, Enforcement, General, Regulatory response
The Court of Justice of the European Union (CJEU) has today published its decision in the landmark case, known as Schrems II. While Privacy Shield has been completely invalidated, the Standard Contractual Clauses (SCCs) remain valid, but the court has emphasised obligations on the parties to the SCCs  and Data Protection Authorities which have the … Continue reading

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Photo of Wilson Ang (SG)Photo of Stella Cramer (SG)Photo of Jessica Paulin (SG)Photo of Jeremy Lua (SG)By Wilson Ang (SG), Stella Cramer (SG), Jessica Paulin (SG) and Jeremy Lua (SG) on Posted in General
On 14 May 2020, the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) announced a public consultation (the Public Consultation) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill) and related amendments to the Spam Control Act (SCA). The Public Consultation will take place from … Continue reading

Contact tracing apps: A new world for data privacy

Photo of Anna Gamvros (HK)Photo of Steven Hadwin (UK)By Anna Gamvros (HK) and Steven Hadwin (UK) on Posted in General
May 12, 2020 Norton Rose Fulbright today launched its survey analysing regulatory and policy issues applicable to COVID-19 contact tracing and related tracking technology across 18 jurisdictions. The global survey explores key issues across Australia, Canada, China, France, Germany, Hong Kong, Italy, Indonesia, Russia, Poland, Singapore, South Africa, Thailand, The Netherlands, Turkey, UAE, UK and … Continue reading

How contact tracing apps in Asia are being used to fight COVID-19 – is the reward worth the risk?

Photo of Anna Gamvros (HK)By Anna Gamvros (HK) and Libby Ryan (HK) on Posted in General
Data Protection Report - Norton Rose FulbrightThe COVID-19 pandemic has seen governments across the world restricting civil liberties and movement to unprecedented levels. To aid the safe lifting of current public health restrictions, new technologies are being developed and rolled out to automate labour intensive tasks critical to containing the spread of the virus, such as contact tracing. Contact tracing applications … Continue reading

NYDFS Requires COVID-19 Plans by April 9

Photo of Susan Ross (US)Photo of Kathleen Scott (US)By Susan Ross (US) and Kathleen Scott (US) on Posted in Compliance and risk management, Cybercrime, Cybersecurity, Dispute resolution and litigation, Enforcement, General
Norton Rose Fulbright - Data Protection Report blogOn March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Photo of Anna Gamvros (HK)By Anna Gamvros (HK) and Libby Ryan (HK) on Posted in General
Norton Rose Fulbright - Data Protection Report blog2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. We … Continue reading
LexBlog