On 22 January 2021, the Digital Ministers of the Association of Southeast Asian Nations ('ASEAN') approved the Model Contractual Clauses for Cross-Border Data Flows ('MCCs)¹, which are a set of recommended template contractual provisions that organisations can voluntarily choose to incorporate as part of their legal arrangements in relation cross-border transfers of personal data in the ASEAN region. The MCCs are designed to ensure that personal data transferred from one ASEAN jurisdiction to another will continue to be processed in accordance with the data protection laws that apply in the first ASEAN jurisdiction. Mark Parsons, Anthony Liu, and Jacqueline Chan, from Hogan Lovells, discuss how the MCCs compare with European standards as well as their broader impact on the ASEAN region.

Epidemiologist. Droplets. PPE. Asymptomatic. R number. Long COVID. Social distancing. If there is an indisputable consequence of the COVID-19 pandemic, it is how familiar we have all become with concepts that were alien to most of us barely a year ago. As much as a physical, mental and economic struggle for humanity, COVID-19 has been a constant and rapid learning exercise. Some of it has to do with terminology, but a lot of it has involved a mental readjustment to what is normal, necessary and indeed, acceptable to balance public health and everyday life. As we approach the second year of the pandemic, governments and ethics councils are now grappling with the thorny issue of vaccine passports. Will we need them? Will they be reliable? Are they fair? These are familiar questions to anyone dealing with personal data because their answers have much to do with data protection.

Diversity and inclusion programmes are becoming increasingly popular across the globe due to a growth in awareness and a demand for organisations to support values such as equity and inclusion. While actively engaging in diversity and inclusion initiatives may help organisations to better understand, manage, and develop the business, it is not always clear what data can, and cannot, be included in diversity monitoring surveys or what the rules are for such data collection. The legal requirements surrounding information relating to an individual's race, gender, ethnicity, sexuality, and health differ from country to country, with some classifying such data as 'sensitive data,' while others view it under the umbrella of 'personal information.'

OneTrust DataGuidance has consulted with a number of legal experts operating within the Asia Pacific region in order to uncover the requirements for the collection and use of employee data for diversity and inclusion surveys. The countries covered in this article include Australia, China, Singapore, Japan, Hong Kong, and India.

The Global Privacy Control ('GPC') is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared with other subjects. It represents a standard developed by a coalition of stakeholders, such as technologists, web publishers, technology companies, browser vendors, extension developers, academics, and civil rights organisations.