Topic: Regulatory response

Subscribe to Regulatory response RSS feed

Thailand Personal Data Protection Law

Tassanai KiratisountornPimchanok EianlengAnna Gamvros (HK)Ruby Kwok (HK)By Tassanai Kiratisountorn, Pimchanok Eianleng, Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Regulatory response
Norton Rose Fulbright - Data Protection Report blogBackground The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become … Continue reading

Application by Privacy Commissioner To Shed Light on Judicial Enforcement of PIPEDA

Jean-Simon SchoenholzBy Jean-Simon Schoenholz on Posted in Compliance and risk management, Cybersecurity, Dispute resolution and litigation, Regulatory response
Data Protection Report - Norton Rose FulbrightRecent legal action by the Office of the Privacy Commissioner of Canada (OPC) will shed light on the Federal Court’s willingness to enforce and monitor compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). On February 6, the OPC filed a notice of application (the Application) in the Federal Court seeking a declaration … Continue reading

Changes to Hong Kong’s data protection law discussed by government panel

Anna Gamvros (HK)By Anna Gamvros (HK) and Libby Ryan (HK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe discussion paper on the proposed changes to Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) was debated by the  Legislative Council’s Panel on Constitutional Affairs’ (the Panel) on 20 January. The proposals set out in LC Paper. No. CB(2) 512/19-20(03) (the Paper) are summarised in our earlier post.… Continue reading

Discussion paper published on Hong Kong’s data protection law

Anna Gamvros (HK)By Anna Gamvros (HK) on Posted in Regulatory response
Written by Partner Anna Gamvros and Associate Libby Ryan, both based in the Hong Kong office. Earlier this week, the Constitutional and Mainland Affairs Bureau (the CMAB)  released its discussion paper (LC Paper. No. CB(2) 512/19-20(03) (the Paper) seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) views on proposed changes to the Personal … Continue reading

Turkey’s data protection legislation on data controller registry to impact data controllers outside of Turkey

Ekin Inal (TR)By Ekin Inal (TR) on Posted in Regulatory response
Norton Rose Fulbright - Data Protection Report blogObligations Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal … Continue reading

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Fiona Bundy-Clarke (UK)By Fiona Bundy-Clarke (UK) on Posted in Regulatory response
Data Protection Report - digital privacy, CCPA and cybersecurityOn 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design (the “Code”).  The Code will remain open for public consultation until 31 May 2019. The consultation document is described as a “code of practice for online services likely to be accessed by children.”  However, its … Continue reading

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

David Kessler (US)Christoph Ritzer (DE)Sven Jacobs (DE)Anna Rudawski (US)Max Kellogg (US)By David Kessler (US), Christoph Ritzer (DE), Sven Jacobs (DE), Anna Rudawski (US) and Max Kellogg (US) on Posted in Compliance and risk management, Enforcement, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”).… Continue reading

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads

Marcus Evans (UK)Lara White (UK)Cécile Auvieux (FR)By Marcus Evans (UK), Lara White (UK) and Cécile Auvieux (FR) on Posted in Compliance and risk management, Cybersecurity, Enforcement, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC.  It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Andrea D'Ambra (US)Max Kellogg (US)By Andrea D'Ambra (US) and Max Kellogg (US) on Posted in Compliance and risk management, Data breach, General, Regulatory response
Data Protection Report - Norton Rose FulbrightOn November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading

EDPB clarifies territorial scope of the GDPR

Marcus Evans (UK)Anna Rudawski (US)By Marcus Evans (UK) and Anna Rudawski (US) on Posted in Compliance and risk management, Data breach, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn November 23, 2018, the European Data Protection Board (“EDPB”) issued highly anticipated draft Guidelines (the “Guidelines”) on the territorial scope of the GDPR. See our previous blog posts on the GDPR here and here. The Guidelines provide some clarity around the scope and applicability of the GDPR to data Controllers and Processors both inside … Continue reading

New China Guideline for Internet Personal Information Security Protection

Barbara Li (CN)Bohua Yao (CN)By Barbara Li (CN) and Bohua Yao (CN) on Posted in Compliance and risk management, Data breach, Regulatory response
On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments.… Continue reading

California Consumer Privacy Act blog series: Covered entities

Jeewon Kim Serrato (US)Steve Roosa (US)Alexis Wilpon (US)By Jeewon Kim Serrato (US), Steve Roosa (US) and Alexis Wilpon (US) on Posted in CCPA, Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThis is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA. … Continue reading

Overview of Thailand Draft Personal Data Protection Act

Natpakal Rerknithi (TH)Anna Gamvros (HK)Ruby Kwok (HK)By Natpakal Rerknithi (TH), Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightData protection laws in Asia continue to be introduced and updated. One of the most recent developments in South East Asia is in Thailand. On 22 May 2018, the Thai Cabinet approved in principle a revised draft of Thailand’s first personal data protection act (Draft Act). This Draft Act is currently under consideration by the … Continue reading

The European Parliament asks for the suspension of the privacy shield

Chris Cwalina (US)Jeewon Kim Serrato (US)Susan Ross (US)Tristan Coughlin* (US)By Chris Cwalina (US), Jeewon Kim Serrato (US), Susan Ross (US) and Tristan Coughlin* (US) on Posted in Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn July 5, the European Parliament passed a non-binding resolution, asking the European Commission, the EU’s executive body, to suspend the Privacy Shield framework. The EU-US Privacy Shield, designed by the US Department of Commerce and the European Commission, provides a mechanism for companies to transfer personal data between the EU and the US while … Continue reading

US states pass data protection laws on the heels of the GDPR

Jeewon Kim Serrato (US)Chris Cwalina (US)Anna Rudawski (US)Tristan Coughlin* (US)By Jeewon Kim Serrato (US), Chris Cwalina (US), Anna Rudawski (US), Tristan Coughlin* (US) and Katey Fardelmann (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightSeveral U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here.   Like their European counterparts, these state laws are intended to provide consumers with … Continue reading

GDPR is upon us: are you ready for what comes next?

Jeewon Kim Serrato (US)Steven Hadwin (UK)Marcus Evans (UK)By Jeewon Kim Serrato (US), Steven Hadwin (UK) and Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThe wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the … Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Steven Hadwin (UK)By Steven Hadwin (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

FTC, privacy, vendor due diligence and opt-in consent

Susan Ross (US)By Susan Ross (US) on Posted in Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn April 30, 2018, the U.S. Federal Trade Commission (FTC) released for public comment an administrative complaint and proposed consent agreement with mobile phone manufacturer BLU Products Inc. and its owner and president. Although the FTC has entered into many settlements relating to privacy and data security, this proposed settlement is particularly noteworthy for two … Continue reading

Singapore PDPC responds to feedback on public consultation on approaches to managing personal data

Stella Cramer (SG)Wilson Ang (SG)Jessica Paulin (SG)David Olds (SG)Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG), Jessica Paulin (SG), David Olds (SG) and Jeremy Lua (SG) on Posted in Compliance and risk management, Data breach, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 1 February 2018, Singapore Personal Data Protection Commission (PDPC) released its response to feedback on its public consultation on approaches to managing personal data in the digital economy, which took place in Q3 2017 (the Public Consultation). The purpose of  the Public Consultation, was to seek public feedback on proposed changes to Singapore’s data … Continue reading

Amended Colorado bill aims to enhance data privacy laws

By on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightAs Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections.  On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs.… Continue reading
LexBlog