On 11 April 2017 the Cyberspace Administration of China published a circular calling for comments on its draft Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures (the Draft Export Review Measures). Public comments are open through 11 May 2017.
The main legislative purpose of the Draft Export Review Measures is to … Continue Reading
2016 was an eventful year in the Asia-Pacific region, as data protection and cyber security issues increasingly feature in the news headlines in the Asia-Pacific region as they do elsewhere, our annual publication, the 2017 Asia-Pacific Data Protection and Cyber Security Guide provides you with an update on key regulatory developments and emerging trends in data protection and cyber security.… Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June … Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures“) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect from … Continue Reading
On 11 November, 2016, Hong Kong’s Applied Science and Technology Research Institute (“ASTRI“) published its “Whitepaper On Distributed Ledger Technology” (the “DLT Whitepaper“), a substantial research exercise commissioned by the Hong Kong Monetary Authority (the “HKMA“).
The DLT Whitepaper is a useful and well-informed introduction to blockchain, or distributed ledger technology (“DLT“), … Continue Reading
China’s Cyber Security Law, which will take effect from 1 June, 2017 was adopted on 7 November. The third draft of the law adopted by the Standing Committee of the National People’s Congress, China’s highest legislative authority, contained few changes from the second draft put forward for comment in July, 2016 (see our briefing). The net result is continued … Continue Reading
The law on the notification of data breaches in Australia looks set to change. The Privacy Act 1988 does not currently require companies that suffer a data breach to notify the Australian Information Commissioner (“Commissioner“) or affected individuals. While organisations are encouraged to do so by the Commissioner’s Data Breach Notification Guide (2014), and in practice many … Continue Reading
The Philippines Data Privacy Regime
The Philippines’ first comprehensive data protection law, the Data Privacy Act of 2012 (the “Act“), took effect on 8 September 2012. The Act mandated the creation of a National Privacy Commission (“NPC“) to implement, enforce and monitor compliance with the Act, with one of its duties to promulgate rules and regulations … Continue Reading
On June 21, 2016, the State Council issued the Guiding Opinions on Promoting and Regulating the Development of the Application of Healthcare Big Data (“Guiding Opinions“). The Guiding Opinions declare that healthcare big data is a fundamental, strategic national resource; recognize that its development will have a significant impact on healthcare and medical treatment; and formulate programmatic plans … Continue Reading
On 6 July 2016, a second draft of the People’s Republic of China Cyber Security Law was released to the public for comment following its second reading by the Standing Committee of the National People’s Congress. The deadline for submitting comments on the second draft is 4 August 2016.
Given the growing cyber threat globally, the Chinese move towards more … Continue Reading
The Asia Pacific region is undergoing significant development in data protection and cybersecurity regulation. These changes are impacting all business sectors.
Anticipating a new phase of development across the region we are delighted to share our latest briefing discussing the key trends and issues.
Click on the link below to read all about it. “Asia Pacific Data Protection and … Continue Reading
On 25 March 2016, the Chinese Ministry of Industry and Information Technology (the “MIIT“) issued Draft Rules on the Administration of Internet Domain Names (“Draft“) and issued a call for comments. The Draft has raised serious concerns among the public and the international media. In this article we summarize the key changes in the Draft, and … Continue Reading
China’s online payment market is growing at breakneck speed. In the first three quarters of 2015, the total volume of online transactions processed by payment institutions exceeded RMB 56 billion, and the monetary value of transactions reached close to RMB 3.3 trillion.
But these impressive figures have come with significant “growing pains” in the industry, as the quality of some … Continue Reading
On 26 January, Hong Kong’s Privacy Commissioner for Personal Data (Commissioner) published his annual report on 2015 complaints and enforcement activity under the Personal Data (Privacy) Ordinance (PDPO).
The report reveals that 871,000 Hong Kong individuals were affected by data breaches in 2015, compared with 47,000 in 2014. The 98 incidents reported to the Commissioner last year (an increase from … Continue Reading
On 27 December 2015, China’s National People’s Congress passed the nation’s first comprehensive law on terrorism, the People’s Republic of China Counter-Terrorism Law, which took effect on 1 January 2016.
The Counter-Terrorism Law reflects some important developments that may give some comfort to observers that their voices are being heard, without by any means removing all the concerns.
In … Continue Reading
Personal data is an important aspect of most M&A transactions because almost all businesses store information about their employees and customers. For some deals, data is critical, and there is a trend among regulators on a global scale to increase sanctions over data privacy and security violations. There is also a risk that data protection violations may render a deal … Continue Reading
On 15 September, the Hong Kong Monetary Authority (the “HKMA”) issued a letter drawing its authorized institutions’ attention to the increasing importance of cyber security risk management.
The letter comes just weeks after a 24 August letter by the Monetary Authority of Singapore (the “MAS”) warning Singaporean-regulated financial institutions of the importance of improving on their intrusion detection measures as … Continue Reading
We are seeing significant increase in the scale and complexity of outsourcing and technology procurement in the Asia region, as businesses look to modernise and build economies of scale into their regional operating platforms. Consolidation of platforms through regional outsourcing arrangements is often being pursued, not just to reduce costs, but also to gain competitive advantage. As regulation across the … Continue Reading
A recent appeal against an enforcement notice issued by the Privacy Commissioner for Personal Data of Hong Kong raised an interesting and highly controversial issue as to whether, and to what extent, individuals in Hong Kong have a “right to be forgotten” entitling them to deletion of personal data in the public domain.
This label of “right to be forgotten” … Continue Reading
Hogan Lovells’ Asia Data Privacy Guide 2015 provides a practical overview of the rapid pace of change in data privacy regulation across the region and a guide to achieving compliance.
2014 saw the implementation of new comprehensive, “European style” privacy laws in Singapore and Malaysia, the amendment of China’s consumer protection law to include data privacy principles and a further … Continue Reading
On Thursday, 14 May, Hogan Lovells data protection lawyers Mark Parsons and Eugene Low will host an in-person discussion at Hogan Lovells’ offices in Hong Kong to take stock of where Asia is in terms of data privacy regulation, and to help chart a roadmap to compliance. The focus will be on identifying “hot spots” for businesses operating across the … Continue Reading
On 29 March, the Hong Kong Privacy Commissioner for Personal Data (the “Commissioner“) published a guidance note that supplements previous guidance on the use of closed circuit television systems and for the first time addresses the increasing use of unmanned aircraft systems (“UAS“, or, more popularly, “drones”). The Commissioner’s guidance is the first significant regulatory engagement … Continue Reading
On 29 December, 2014, Hong Kong’s Privacy Commissioner for Personal Data (the “Commissioner”) published a guidance note concerning the potential implementation of section 33 of the Personal Data (Privacy) Ordinance (the “PDPO”), which would restrict the export of personal data from Hong Kong.
The Commissioner’s view is that publication of his guidance will help businesses prepare for the eventual implementation … Continue Reading
Privacy regulators are increasingly turning their attention to the manner in which mobile apps collect, process and transmit personal data.
On 9 December, 21 privacy enforcement authorities around the world issued an open letter to seven of the world’s leading app marketplaces calling on them to make app privacy policies available to users prior to downloading.
The open letter was … Continue Reading