The second edition of The Privacy, Data Protection and Cybersecurity Law Review appears as the world is converging on more privacy laws that cover more areas of business and are subject to more enforcement. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication, including Alan Charles Raul, William RM Long, Geraldine Scali, Catherine M. Valerio Barrad, Yuet Ming Tham, Jillian Lee, Takahiro Nonaka, Tasha D. Manoranjan, and Vivek K. Mohan. For a closer look at this developing area of law, please visit http://www.sidley.com/the-privacy-data-protection-and-cybersecurity-law-review-11-2015.
On April 24, 2015, China amended its Advertising Law for the first time since its initial promulgation in 1994. The amended Advertising Law (the “Amended Law”) will take effect on September 1, 2015. In the absence of a comprehensive data protection law in China, the Amended Law introduces certain provisions addressing data and privacy issues, in addition to existing data privacy rules which are scattered in various laws and regulations.
On July 1, 2015, China’s top legislature adopted a new National Security Law (中华人民共和国国家安全法), highlighting cyber security and paving the way for a coordinated crisis management system. The law aims to provide a general legislative framework to cover a wide range of areas, ranging from finance, politics, the military and cyber security to culture, ideology and religion.
Section 33 of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (the PDPO) deals with the transfer of personal data, and prohibits the transfer of personal data outside Hong Kong except in specified circumstances, such as when:
- the data protection laws of the foreign country are similar to the PDPO; or
- the data subject has consented in writing to the transfer.
Under the requirements of Singapore’s Personal Data Protection Act 2012 (PDPA), the Personal Data Protection Commission (PDPC) is the enforcement agency tasked with the responsibility of monitoring compliance with the PDPA.
The first edition of The Privacy, Data Protection and Cybersecurity Law Review appears at a time of extraordinary policy change and practical challenge for this field of law and regulation. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.
Editor’s Preface, Alan Charles Raul
- Chapter 1, “European Union Overview,” William Long, Geraldine Scali and Alan Charles Raul
- Chapter 2, “APEC Overview,” Catherine Valerio Barrad and Alan Charles Raul
- Chapter 9, “Hong Kong,” Yuet Ming Tham and Joanne Mok
- Chapter 12, “Japan,” Takahiro Nonaka
- Chapter 16, “Singapore,” Yuet Ming Tham, Ijin Tan and Teena Zhang
- Chapter 20, “United Kingdom,” William Long and Geraldine Scali
- Chapter 21, “United States,” Alan Charles Raul, Tasha D Manoranjan and Vivek Mohan
On December 26, 2013, Singapore’s Personal Data Protection Commission (the “Commission”) issued advisory guidelines on the “Do Not Call” Provisions (“DNC Guidelines”) of the Personal Data Protection Act 2012 (Act 26 of 2012) (“the Act”). The DNC Guidelines supplement the Commission’s earlier issued Advisory Guidelines1 on the Act. The DNC Provisions came fully into effect on January 2, 2014, and the DNC Guidelines serve to illustrate particular aspects of the DNC Provisions, though “they are not meant to exhaustively address every obligation in the Act.”2