With the rise in drone usage for both commercial and recreational activities, air safety regulators around the world have increasingly focused on the impact of drones (otherwise known as unmanned aircraft systems or UAS) on flight safety and efficiency. Consistent with calls by the International Air Transport Association (IATA) for more oversight, Hong Kong’s Civil Aviation Department (CAD) recently announced plans to step up the regulation of commercial and recreational drones.
The fourth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the links below for a closer look at this developing area of law. (more…)
The EU Commission, through a joint statement on 4 July 2017 by Vera Jourova, EU Commissioner for Justice, and Haruchi Kumazawa, a Commissioner of Japan’s Personal Information Protection Commission, announced that the process is underway to provide Japan an EU adequacy decision on international data transfers by early 2018. Once approved, Japan will become the 13th country (crediting the US with an adequacy finding for organizations certifying under the Privacy Shield) globally and the first Asian country to be given adequate status by the EU Commission. (more…)
As the FinTech industry continues to expand, regulators around the globe are starting to react. The past 18 months have seen the emergence of a new trend in financial services regulation, the “sandbox.”
Since the launch of the UK’s regulatory sandbox in May 2016, regulators across the globe have adopted similar frameworks. There are now regulatory sandboxes in Abu Dhabi, Australia, Canada, Hong Kong, Lithuania, Singapore, Switzerland and Thailand, to name a few, and the European Union recently set out proposals for a possible EU-wide regulatory sandbox. (more…)
Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation into a proposed revision to the law that would require reporting of certain data breaches. Singapore currently uses a voluntary approach to data breach notifications, but, according to the PDPC, this has resulted in uneven notification practices. Under the proposals, it will be mandatory for organizations to inform customers of personal data breaches that pose any risk of impact or harm to the affected individual as soon as they are discovered. If an incident involves 500 or more individuals, organizations will need to notify the PDPC as soon as possible but no later than 72 hours after discovery of the breach. The proposals aim to allow individuals to take steps to protect their interests in the event of a data breach, for example, by changing their password. (more…)
On May 24, 2017, the China Food and Drug Administration (CFDA) issued its  Circular No. 63 (the Circular), setting out penalties for clinical trial data integrity violations, including intentional data falsification, incomplete and incompliant data and other data defects. The highlights are: (more…)
The Personal Data Protection Act, 2012 (PDPA), Singapore’s general data protection law, governs the collection, use and disclosure of personal data. The Singapore Personal Data Protection Commission (PDPC), which enforces the PDPA, recently updated the chapter on data anonymization found in its Advisory Guidelines (Guidelines). The Guidelines are not legally binding but provide guidance on how the PDPC will interpret the PDPA. The revisions encourage organizations to incorporate into the process of anonymizing data an inquiry into the risks that the data may be re-identified and any potential negative effect on the individuals involved rather than focusing purely on the various techniques to anonymize the data.
In keeping with Singapore’s recent emphasis on strengthening national cybersecurity protections, on March 9, 2017, the Ministry of Home Affairs (MHA) announced proposed amendments to the existing Computer Misuse and Cybersecurity Act (CMCA). The proposed amendment, Bill No. 15/2017, would broaden the scope of the CMCA by criminalizing certain conduct not covered by the existing law and enhancing penalties in certain situations.
2016 was a year of seismic changes in the global data protection and privacy landscape. Here, we look back at the top ten events and issues that shaped 2016, and are poised to shape the year ahead as well.
Year In Review
1. GDPR Adoption
On April 14, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (GDPR), formally completing adoption of the GDPR. The GDPR was published in the Official Journal of the EU on May 25, 2016, giving companies and Member States until the May 25, 2018 effective date to implement the Regulation fully. In the wake of its adoption, businesses should have planning under way for implementation of the significantly expanded Regulation by evaluating whether they are subject to the expanded jurisdiction, and if so, completing an internal gap analysis of current data protection practices as compared with the new requirements and rights under the Regulation. Some of the key aspects to consider include data breach response planning under the new 72-hour notice requirement, reviewing existing data protection notices and consents for the more robust obligations, identifying current profiling activities and existing data protection and retention policies and procedures, ensuring privacy impact assessments are carried out where required, and evaluating whether there is an obligation to appoint a data protection officer. Despite the time until the effective date, the extensive preparation necessary to comply presents a challenge as companies around the world refocus resources to develop compliance plans.
2. Political Cyber Warfare
There is a new front in geopolitical battles. (more…)