Support Centre

Asia-Pacific

News

Insights

April 2024

International: A comparative analysis of the GDPR and India's DPDPA

In this article, Arun Babu and Gayathri Poti, from Kochhar & Co., delineate the primary disparities between the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR) from a business perspective, analyzing the rationale behind these distinctions and their practical implications.

April 2024

India: Digital Personal Data Protection Act, 2023 part four - data subject rights

Part one of this series on India's Digital Personal Data Protection Act, 2023 (the Act) looked into the Act's scope and application, and part two delved into consent and legitimate uses. Part three discussed the provisions applicable to the transfer of digital personal data under the Act in India.

In part four of this series, Rachit Bahl, Rohan Bagai, and Navdeep Baidwan, from AZB & Partners, delve into the rights and duties of data subjects under the Act, emphasizing the pivotal role individuals play in safeguarding their personal data in the digital era.

April 2024

Hong Kong, China: Standard Contract for Cross-boundary Flow of Personal Information within the Guangdong–Hong Kong–Macao Greater Bay Area

In this Insight article, Ada Chung Lai-Ling, Privacy Commissioner for Personal Data, Hong Kong, explores the Standard Contract for Cross-boundary Flow of Personal Information Within the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland, Hong Kong) (the GBA SC), including its scope and adoption.

April 2024

Australia: Management of data to mitigate the risk of cyber attacks

In an increasingly digitized world, safeguarding against cyber attacks has become pivotal for modern businesses. The alarming rate at which cyber attacks are evolving creates significant challenges for Australian businesses in maintaining data security and integrity. Data management is an important tool for businesses to mitigate cyberattacks and maintain strong security measures. Data management strategies, such as data minimization, data de-identification, and data governance frameworks help fortify a business's defenses against cybercriminals and limit risks associated with the collection, use, and storage of data assets. Katherine Sainty and Sarah Macken, from Sainty Law, look specifically at data governance, data minimization, and data de-identification, and how businesses can best utilize these to safeguard data.

April 2024

Bangladesh: The cybersecurity landscape

Nasir Doulah, Partner at Doulah & Doulah, explores the main cybersecurity regulations in Bangladesh, focusing on the ICT Act and the Cybersecurity Act. 

March 2024

China: New regulations on promoting and regulating cross-border data flows

The Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flows (only available in Chinese here) (the Regulations) on March 22, 2024, following their initial request for public comment in October 2023. The Regulations aim to clarify data transfer obligations under the Cyber Security Law (CSL), Data Security Law (DSL), and the Personal Information Protection Law (PIPL) including the data export security assessment, personal information export standard contract, and personal information protection certification. OneTrust DataGuidance provides an analysis of the Regulations with comments provided by Dr. Michael Tan, Partner at Taylor Wessing.

March 2024

Philippines: The NPC's Guidelines on Legitimate Interest

The National Privacy Commission (NPC) issued the NPC Circular No. 2023-07 (the Circular) on December 13, 2023. This Circular is entitled Guidelines on Legitimate Interest and seeks to clarify the framework within which a personal information controller (PIC) may establish legitimate interest as a basis for processing personal data. The Circular is not meant to introduce any new basis for processing personal information, rather, it seeks to clarify concepts and requirements of legitimate interest, which is a lawful basis for processing personal information under Philippine privacy laws. Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, walks through these guidelines and their implications for PICs.  

The Circular should be read alongside part one and part two of the series on the NPC Guidelines on Consent, which comprise important tool kits for PICs and personal information processors that process the personal data of Philippine data subjects.  

March 2024

India: AI regulation - current state and future perspectives

In this Insight article, Rahul Kapoor, Shokoh H. Yaghoubi, and Theresa T. Kalathil, from Morgan, Lewis & Bockius LLP, shed light on the intricate landscape of artificial intelligence (AI) regulation in India. As the nation grapples with the surge of AI technologies, their analysis unveils the current state, future trajectories, and global collaborations shaping India's approach towards responsible AI deployment.

March 2024

India: Digital Personal Data Protection Act, 2023 part three – data transfers

Part one of this series on India's Digital Personal Data Protection Act, 2023 (the Act) looked into the Act's scope and application and part two delved into consent and legitimate uses. In part three of this series, Rachit Bahl, Rohan Bagai, and Karishma Sumi, from AZB & Partners, discuss the provisions applicable to transfer (including cross-border transfer) of digital personal data under the Act in India.

March 2024

India: Exploring the Telecommunications Act through the lens of data protection and cybersecurity

Harsh Walia, Shobhit Chandra, and Sanjuktha A. Yermal, from Khaitan & Co., delve into the dynamic realms of technology, telecommunications, and privacy, offering nuanced perspectives on the evolving legal landscape and its implications for fostering a responsible digital future.

February 2024

South Korea: Digital Bill of Rights - key takeaways

In this Insight article, Kwang Bae Park, Sunghee Chae, and Matt Younghoon Mok, from Lee & Ko, explore South Korea's Digital Bill of Rights, emphasizing its international cooperation principles and the government's preference for self-regulation in the artificial intelligence (AI) industry. It discusses related legislative trends and the evolving stance on AI regulation in a changing global landscape.

February 2024

Philippines: The NPC releases Guidelines on Consent - part two

Since the release of the National Privacy Commission (NPC) Circular No. 2023-04 (the Circular) and the Guidelines on Consent, privacy practitioners and businesses have scurried to review and revise their privacy notices. Part one of this series addressed the implications the Circular had on the ways in which personal information controllers (PICs) obtain the consent of data subjects. In this second part, Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, continues with a discussion on the Circular's rules for PICs on using continued use of service as a stand-in for written consent, the documentation of consent, obtaining consent for direct marketing, data sharing, and automated profiling systems. Edsel concludes with some strategies for webmasters and app developers to enhance their products' compliance with the Circular. 

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.
Feedback