Support Centre



New technologies may reveal shortcomings in pre-existing legislation and how the broad, 'catch-all' language employed may be insufficient. As explored in Part 1 of this series, wearable tech is one example of a development that can call the efficacy of such laws into question. In Part 2, Saba Samian, Associate at Norton Rose Fulbright, delves further into this topic, giving an overview of the issues faced when regulating new technology and how common law jurisdictions such as Canada may meet these challenges.

In recent years, digital transformation has disrupted the traditional models of education. New methods have emerged for educating students, researchers, professors, educationists, and remote learners across the globe, regardless of territorial and geographical boundaries. The bulk of this frequent transmission of knowledge through well designed learning applications is referred to as Education Technology ('Edtech'). Ololade Oloniyo, Data Privacy Practitioner and Convener at IP Law Discourse, discusses data protection considerations for the Edtech industry and the business value of privacy for Edtech companies.

While privacy laws are generally intended to be technologically neutral, rapid advancements in areas such as wearable tech may create challenges herein. Indeed, wearable tech may have serious privacy implications and reveal much of the wearer's personal data, meaning that in practice they may be more like the emperor's new clothes. In Part 1 of this series, Saba Samanian, Associate at Norton Rose Fulbright, introduces this topic and discusses possible regulatory solutions.

As almost 400 million people worldwide have been vaccinated against the Coronavirus, the prospect of 'vaccine passports' is becoming an ever-increasing reality in order to get back to normal. Petitions have already been started in the UK to try and stop this almost inevitable reality, but are they really as bad as people are expecting, and to what extent will they be infringing on our privacy? Jamal Ahmed, Global Privacy Consultant at Kazient Privacy Experts, discusses the viability of vaccine passports and the privacy concerns that come with them.

On 22 January 2021, the Digital Ministers of the Association of Southeast Asian Nations ('ASEAN') approved the Model Contractual Clauses for Cross-Border Data Flows ('MCCs)1, which are a set of recommended template contractual provisions that organisations can voluntarily choose to incorporate as part of their legal arrangements in relation cross-border transfers of personal data in the ASEAN region. The MCCs are designed to ensure that personal data transferred from one ASEAN jurisdiction to another will continue to be processed in accordance with the data protection laws that apply in the first ASEAN jurisdiction. Mark Parsons, Anthony Liu, and Jacqueline Chan, from Hogan Lovells, discuss how the MCCs compare with European standards as well as their broader impact on the ASEAN region.

The privacy and data protection field continues to evolve as various laws and regulations are developed, implemented, modified, and replaced. For the last three years, the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') has been the standard; a principles-based, comprehensive law that applies across the EU and the EEA. Recent laws in two US states, however, are blazing a new trail. California's legislature passed, and the Governor approved, the California Consumer Privacy Act of 2018 ('CCPA'), which became effective from 1 January 2020, but the changes did not stop there. In November 2020, Californians voted to approve Proposition 24, the California Privacy Rights Act of 2020 ('CPRA'), amending the CCPA to expand the privacy rights of California consumers significantly. In Virginia, the legislature passed Senate Bill 1392 to Amend the Code of Virginia by adding in Title 59.1 a Chapter Numbered 52, Consisting of Sections Numbered 59.1-571 - 59.1-581, relating to the Consumer Data Protection Act ('CDPA') in February 2021, and approval by the Governor is expected. John Pilch, Cybersecurity/Privacy Analyst at Woods Rogers PLC, compares and contrasts the CDPA, the CPRA, and the GDPR, and points out important areas of agreement and key differences.

Epidemiologist. Droplets. PPE. Asymptomatic. R number. Long COVID. Social distancing. If there is an indisputable consequence of the COVID-19 pandemic, it is how familiar we have all become with concepts that were alien to most of us barely a year ago. As much as a physical, mental and economic struggle for humanity, COVID-19 has been a constant and rapid learning exercise. Some of it has to do with terminology, but a lot of it has involved a mental readjustment to what is normal, necessary and indeed, acceptable to balance public health and everyday life. As we approach the second year of the pandemic, governments and ethics councils are now grappling with the thorny issue of vaccine passports. Will we need them? Will they be reliable? Are they fair? These are familiar questions to anyone dealing with personal data because their answers have much to do with data protection.

In January 2021, the Association of Southeast Asian Nations ('ASEAN') adopted the Data Management Framework1 ('DMF') and the Model Contractual Clauses for Cross-Border Data Flows2 ('MCCs'), a move that represents a significant advancement towards the harmonisation of standards for ASEAN Member States and beyond. Although ASEAN envisages that businesses will directly adopt these guidelines into their operations, it also set outs some expectations for national authorities to integrate these with national legislation. Following on from Part 1 of this series, this article explores the expectations in relation to implementation at national level and some perspectives from a number of legal experts operating within the ASEAN region, including Cambodia, Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.

Diversity and inclusion programmes are becoming increasingly popular across the globe due to a growth in awareness and a demand for organisations to support values such as equity and inclusion. While actively engaging in diversity and inclusion initiatives may help organisations to better understand, manage, and develop the business, it is not always clear what data can, and cannot, be included in diversity monitoring surveys or what the rules are for such data collection. The legal requirements surrounding information relating to an individual's race, gender, ethnicity, sexuality, and health differ from country to country, with some classifying such data as 'sensitive data,' while others view it under the umbrella of 'personal information.'

OneTrust DataGuidance has consulted with a number of legal experts operating within the Asia Pacific region in order to uncover the requirements for the collection and use of employee data for diversity and inclusion surveys. The countries covered in this article include Australia, China, Singapore, Japan, Hong Kong, and India.

Having established cooperation in the realm of data governance as a priority since 2015, the Association of Southeast Asian Nations ('ASEAN') has finally issued its first set of guidelines: the Data Management Framework1 ('DMF') and the Model Contractual Clauses for Cross-Border Data Flows2 ('MCCs'). According to ASEAN, these two initiatives represent harmonised standards for data management and cross-border transfers between ASEAN Member States.

The Global Privacy Control ('GPC') is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared with other subjects. It represents a standard developed by a coalition of stakeholders, such as technologists, web publishers, technology companies, browser vendors, extension developers, academics, and civil rights organisations.

In December 2020, the Asia-Pacific Economic Cooperation ('APEC') released a report on e-commerce capabilities across APEC Member States1 ('the Report'). The Report is the result of a study conducted by APEC which assessed a number of capacity-building activities that can be implemented by Member States to facilitate cross-border e-commerce and ultimately enhance global trade, including, most notably, the harmonisation of national laws. To this end, the Report provides a comparative analysis of national policies, laws, and regulations that have an impact on cross-border e-commerce across various focus areas, namely: cross-border data flows, consumer protection, data privacy, and cybersecurity.