The National Cyber Security Centre (the NCSC) has warned that businesses and the public face an increased threat from attacks seeking to exploit COVID-19 (coronavirus), particularly given the move to home-working as a result of the COVID-19 outbreak.… Continue Reading
The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published.
The PDPA is under the supervision of the Ministry of Digital Economy and Society and the main supervising authority of the PDPA is the Office of Data Protection Committee (Office… Continue Reading
A few weeks ago, we blogged about the decision of the English High court in AA v. Persons Unknown & Ors.
Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. This is set out below.… Continue Reading
Outbreak of the coronavirus and personal data privacy
The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World Health Organization.… Continue Reading
Quebec’s minister of justice announced her intention to introduce a bill aimed at modernizing the privacy regime provided by the Act respecting the protection of personal information in the private sector.… Continue Reading
Recent legal action by the Office of the Privacy Commissioner of Canada (OPC) will shed light on the Federal Court’s willingness to enforce and monitor compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). On February 6, the OPC filed a notice of application (the Application) in the Federal Court seeking a declaration that Facebook has contravened PIPEDA and various orders that would compel Facebook to bring itself into compliance.  Organizations governed by PIPEDA should keep a close eye on the Court’s inquiry as well as any eventual order enforcing compliance with the Act.… Continue Reading
At the end of 2019, following a public consultation, the CNIL adopted its much-anticipated “standard” on whistleblowing systems. The “standard” is essentially a reference document which serves as guidance for those implementing whistleblowing systems.… Continue Reading
On 21 January 2020 at a meeting at the World Economic Forum, the Personal Data Protection Commission (PDPC) and Infocommunications Media Development Authority (IMDA) released the second edition of its Model Artificial Intelligence (“AI”) Governance Framework (“Model Framework”).… Continue Reading
The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here).
The objective of the recommendations is to provide stakeholders with practical guidance and illustrative examples. These recommendations are neither exhaustive nor binding and data controllers are free to consider other practical measures as long as they comply with the revised rules as provided by the CNIL in July 2019. The CNIL also provides a number of “good … Continue Reading
Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.… Continue Reading