Support Centre

Asia-Pacific

Insights

The Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flows (only available in Chinese here) (the Regulations) on March 22, 2024, following their initial request for public comment in October 2023. The Regulations aim to clarify data transfer obligations under the Cyber Security Law (CSL), Data Security Law (DSL), and the Personal Information Protection Law (PIPL) including the data export security assessment, personal information export standard contract, and personal information protection certification. OneTrust DataGuidance provides an analysis of the Regulations with comments provided by Dr. Michael Tan, Partner at Taylor Wessing.

The National Privacy Commission (NPC) issued the NPC Circular No. 2023-07 (the Circular) on December 13, 2023. This Circular is entitled Guidelines on Legitimate Interest and seeks to clarify the framework within which a personal information controller (PIC) may establish legitimate interest as a basis for processing personal data. The Circular is not meant to introduce any new basis for processing personal information, rather, it seeks to clarify concepts and requirements of legitimate interest, which is a lawful basis for processing personal information under Philippine privacy laws. Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, walks through these guidelines and their implications for PICs.  

The Circular should be read alongside part one and part two of the series on the NPC Guidelines on Consent, which comprise important tool kits for PICs and personal information processors that process the personal data of Philippine data subjects.  

In this Insight article, Rahul Kapoor, Shokoh H. Yaghoubi, and Theresa T. Kalathil, from Morgan, Lewis & Bockius LLP, shed light on the intricate landscape of artificial intelligence (AI) regulation in India. As the nation grapples with the surge of AI technologies, their analysis unveils the current state, future trajectories, and global collaborations shaping India's approach towards responsible AI deployment.

Part one of this series on India's Digital Personal Data Protection Act, 2023 (the Act) looked into the Act's scope and application and part two delved into consent and legitimate uses. In part three of this series, Rachit Bahl, Rohan Bagai, and Karishma Sumi, from AZB & Partners, discuss the provisions applicable to transfer (including cross-border transfer) of digital personal data under the Act in India.

Harsh Walia, Shobhit Chandra, and Sanjuktha A. Yermal, from Khaitan & Co., delve into the dynamic realms of technology, telecommunications, and privacy, offering nuanced perspectives on the evolving legal landscape and its implications for fostering a responsible digital future.

In this Insight article, Kwang Bae Park, Sunghee Chae, and Matt Younghoon Mok, from Lee & Ko, explore South Korea's Digital Bill of Rights, emphasizing its international cooperation principles and the government's preference for self-regulation in the artificial intelligence (AI) industry. It discusses related legislative trends and the evolving stance on AI regulation in a changing global landscape.

Since the release of the National Privacy Commission (NPC) Circular No. 2023-04 (the Circular) and the Guidelines on Consent, privacy practitioners and businesses have scurried to review and revise their privacy notices. Part one of this series addressed the implications the Circular had on the ways in which personal information controllers (PICs) obtain the consent of data subjects. In this second part, Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, continues with a discussion on the Circular's rules for PICs on using continued use of service as a stand-in for written consent, the documentation of consent, obtaining consent for direct marketing, data sharing, and automated profiling systems. Edsel concludes with some strategies for webmasters and app developers to enhance their products' compliance with the Circular. 

In an era dominated by digital connectivity, safeguarding the integrity of networks and information systems has become a global imperative. China, recognizing the critical importance of cybersecurity, has introduced the draft Management Measures for Cybersecurity Incident Reporting (the Measures). The Measures outline a comprehensive approach to reporting cybersecurity incidents, aiming to minimize losses, incentivize legal compliance, protect national cybersecurity, and align with existing legal frameworks. Samuel Yang, Chris Fung, and Bill Zhou, from AnJie Broad Law Firm, explore key provisions in the Measures, shedding light on the intricacies of China's evolving cybersecurity landscape.

Technological developments are advancing rapidly, creating an abundance of opportunities, and connecting people and systems globally. Approximately 99% of Australians use the internet, highlighting how technology has become an essential component of daily life, linking workplaces, schools, and homes. These advancements and an increased reliance on technology means Australians are more susceptible to cyber threats and cybercriminals are becoming more adaptable and proficient than ever before. There is mounting pressure on the Australian government to address cyber threats through regulation. On November 22, 2023, the Australian Government released the 2023-2030 Australian Cyber Security Strategy (the Strategy). Katherine Sainty, Kaelah Dowman, and Sarah Macken, from Sainty Law, discuss the development of the Strategy and how it will be released, as well as next steps.

On January 2, 2024, the Indonesian Government officially enacted Law No. 1 of 2024 on the Second Amendment to Law No. 11 of 2008 on the Electronic Information and Transactions (the Electronic Information Law) (the amendment). 

The revision of the Electronic Information Law was driven by a desire to establish a greater sense of public justice and legal certainty. The need for this revision became apparent as the prior version led to multiple interpretations and controversies within the community. The amendment reflects the Government's commitment to adapting to the changing landscape of digital transactions and online activities within the country. Overall, the Electronic Information Law is designed to protect individual rights in online spaces, regulate electronic transactions, and employ punitive measures to uphold its provisions. 

Specifically, the amendment made changes to various provisions in the previous draft. These changes include enhancing the protection of minors in electronic systems access and specifying the governing law for international electronic contracts. Teguh Darmawan, from Hogan Lovells, discusses the key highlights of the amendment to the Electronic Information Law.  

While representing a new source of growth for China's economy, intelligent and connected vehicles (ICVs) are confronted with institutional uncertainties on multiple fronts, such as market access, data protection, liability allocation, and so forth, which may affect the development of ICVs. In this Insight, Dr. Annie Xue, Yang Chen, and Xiaoqian Sun, from GEN Law Firm, look at the legislation around the development of ICVs with a particular focus on liability allocation, data security, and fair competition.

The development and use of artificial intelligence (AI) is growing at unprecedented rates globally, with mounting pressure on Australian regulators to establish adequate frameworks to govern its use in Australia. While AI has the capacity to provide many benefits, the potential risks associated with its use and rapid growth must be considered by regulators.

In September 2023, the Digital Platform Regulators forum1 (DP-REG) published its joint submission (the Submission) in response to a Department of Industry, Science and Resources (DISR) consultation for their discussion paper, 'Supporting Responsible AI in Australia' (the Discussion Paper). Katherine Sainty, Lily O Brien, Kaelah Dowman, and Sarah Macken, from Sainty Law, discuss the contents of both the Submission and the Discussion Paper and some of the key benefits and risks of AI.

Feedback