Catagory:New Developments

1
Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin
2
Provisional Political Agreement on Landmark AI Regulation in Europe
3
China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow
4
Beijing CAC Approved the First China SCC Filing
5
Japanese Privacy Regulator Cautioned Businesses regarding Issues Relating to Generative AI Services
6
Australian Government contemplates Asimov’s Omnibus
7
Australia to be the most cyber secure nation?
8
New Privacy Enforcement Act commences in Australia
9
Update from the Australia/New Zealand privacy conference and the changes to Australian privacy and cybersecurity laws
10
EU Digital Services Act: Fundamental Changes for Online Intermediaries?

Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

By Paul Haswell and Sarah Kwong

In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).

Read More

Provisional Political Agreement on Landmark AI Regulation in Europe

By: Giovanni Campi, Petr Bartoš, and Kathleen Keating

In a landmark development, EU lawmakers reached on 8 December 2023 a provisional political agreement on the Artificial Intelligence Act (AI Act). Once adopted, this regulation will be the first of its kind, and could set a global standard for AI laws around the world.

Read More

China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow

By Amigo L. Xie and Dan Wu

On 28 September 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Facilitating Cross-Border Data Flow (in Chinese) for a public comment period ending on 15 October 2023.1

Read More

Beijing CAC Approved the First China SCC Filing

By Amigo L. Xie, Lingjun Zhang, and Dan Wu

About four months after the Cyberspace Administration of China (CAC) released the Measures for the Standard Contract for the Export of Personal Data from China (China SCC Measures), and 15 working days after the China SCC Measures became effective, Beijing CAC published a notice announcing that a Beijing-based company passed the first-ever China SCC filing on 25 June 2023 (Notice).

Based on the Notice, the first China SCC filing relates to a cross-border personal data transfer from a Beijing-based data exporter, an online data service provider, to a Hong Kong-based data recipient. The type of data exported by the Beijing-based data exporter is personal data related to credit references as disclosed by the Notice.

The completion of the first-ever China SCC filing conveyed some positive messages to the market:

Read More

Japanese Privacy Regulator Cautioned Businesses regarding Issues Relating to Generative AI Services

By Yuki Sako and Aiko Yamada

Following the call for international standards on Artificial Intelligence (AI) at the recent G7 summit, on 2 June 2023, in a rare move, Japan’s Personal Information Protection Commission (PPC) issued two warnings in a publicly released letter (the “Letter”):

  • Firstly to the three categories of users of generative AI services, i.e.,
    • business operators who collect personal information and thus are subject to the Act on the Protection of Personal Information of Japan (APPI);
    • government agencies, which may adopt generative AI services into their operations; and
    • the general public; and
  • Secondly to the “ChatGPT” developers/publishers. 
Read More

Australian Government contemplates Asimov’s Omnibus

By Cameron Abbott, Daniel Knight, Rob Pulham, Stephanie Mayhew, and Dadar Ahmadi-Pirshahid

Amid the rapid acceleration of tools like ChatGPT and global calls for tailored regulation of artificial intelligence tools, the Australia Federal Government has released a discussion paper on the safe and responsible use of AI. The Government is consulting on what safeguards are needed to ensure Australia has an appropriate regulatory and governance framework to manage the potential risks, while continuing to encourage uptake of innovative technologies.

Read More

Australia to be the most cyber secure nation?

By Cameron Abbott, Rob Pulham and Dadar Ahmadi-Pirshahid

Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“.  This would seem to be a rather aspirational target!

The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur. 

Read More

New Privacy Enforcement Act commences in Australia

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

As of yesterday, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Privacy Enforcement Act) is now in effect after receiving Royal Assent on 12 December 2022.

As we have previously shared, the Privacy Enforcement Act increases the maximum penalties for serious or repeated privacy breaches. For body corporates/organisations this increases the penalty from the current $2.22 million to whichever is the greater of:

Read More

Update from the Australia/New Zealand privacy conference and the changes to Australian privacy and cybersecurity laws

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

We’ve just returned from the annual iapp Australia/New Zealand privacy conference held in Sydney this week, and it was a whirlwind. Even if you’re not one of around half of Australians affected by two of the biggest data breaches in our recent history, you’ll be aware a lot is changing – and a lot more is poised to change – in this space.

We’ll be blogging over the coming weeks about some of the key themes and changes your organisation will need to prepare for, including:

– new regulatory enforcement tools

– higher expectations of the way personal information is collected and secured, and when it needs to be destroyed

– potential removal of key exemptions such as the employee records exemption that your business may currently rely on,

– and of course the major penalty increases that seek to deter privacy breaches being viewed as ‘the cost of doing business’,

as Australia tightens the protections around the collection and use of Australians’ personal information.

Stay tuned!

EU Digital Services Act: Fundamental Changes for Online Intermediaries?

By Claude-Étienne Armingaud, Dr. Ulrike Elteste and Dr. Thomas Nietsch

The European Union has taken another step to set out its new legal framework for online intermediaries. Following the publication of the Digital Markets Act (Regulation (EU) 2022/1925) in the EU Official Journal on 12 October 2022, the Digital Services Act has now also been published in the EU Official Journal as Regulation (EU) 2022/2065.

While the Digital Markets Act focuses on the behavior of large “gatekeepers” towards other businesses, the Digital Services Act aims to fully harmonize the rules on the safety of online services and the dissemination of illegal content online. In particular, its Articles 4 to 10 replace the current provisions on the liability privilege enjoyed by online intermediaries in the eCommerce Directive 2000/31/EC. The privilege as such broadly remains intact, but is punctured in a number of ways. For example, the Digital Services Act encourages preemptive screening and provides that “trusted flaggers” must receive priority in the future. Providers of online platforms that allow consumers to enter into distance contracts with traders must obtain certain minimum information from the traders they admit to their platform. They may have to notify consumers if they become aware that products sold on their platform do not comply with legal requirements.

Again, “very large” online platforms and search engines receive the legislator’s (and the EU Commission’s) special attention. They must comply with additional transparency requirements and analyze and mitigate systemic risks.

But other intermediaries must also timely amend their terms of service, improve their complaint handling, and increase their transparency to avoid fines that can reach 6% of their global turnover. Specifically, online platforms must in the future provide clear information on “each specific advertisement presented to each individual recipient”, including “meaningful information directly and easily accessible from the advertisement about the main parameters used to determine the recipient to whom the advertisement is presented and, where applicable, about how to change those parameters”.

Most obligations bearing on companies subject to the Digital Services Act will start to apply on 17 February 2024. However, all but small online platforms and search engines will be required to publish information on the usage of their services (Statement) on their website, with an initial Statement to be published by 17 February 2023 at the latest. Intermediaries designated as “very large online platforms” or “very large online search engines” by the EU Commission will need to comply with most of their new obligations from four months after being notified of their “very large” status.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.