Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data protection and cybersecurity laws during the year 2024.
Based on the official statistics, during 2024, the CAC interviewed 11,159 website platforms, imposed warnings or
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our summary), the Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out such requirements, titled the Guideline on Data Breach Notification (“DBN
This article was originally posted to our Market Edge blog.
By Era Anagnosti, Brent Bernell, Daniel Caprio, Steven Phillips, Andrew Serwin, and John Gevertz
On February 18, 2025, President Donald J. Trump signed an Executive Order (EO), entitled, “Restoring Democracy and Accountability in Government,” which asserts greater authority over all federal
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL”), with the release of the Administrative Measures for Personal Information Protection Compliance Audits (“Measures”), effective 1 May 2025.
The Measures outline the requirements and procedures for both self-initiated and regulator-requested compliance audits.
(Interestingly, they
Since the full implementation of Thailand’s Personal Data Protection Act (PDPA) in June 2022, the Personal Data Protection Committee (PDPC) has been instrumental in shaping the nation’s data protection framework. Recently, the PDPC provided detailed clarifications on data breach notification requirements by responding to the public consultation, offering essential guidance for organizations striving to comply
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and hardware, for the purpose of identifying the device) for organisations using its advertising products, effective from 16 February 2025 (see an overview of Google’s new
On 14 January 2025, the UK Home Office published a consultation paper focusing on legislative proposals to reduce payments to cyber criminals and increasing incident reporting.
The proposals set out in the consultation paper aim to protect UK businesses, citizens, and critical infrastructure from the growing threat of ransomware, by reducing the financial incentives
The seventh annual edition of DLA Piper’s GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion (USD1.26 billion/GBP996 million) in fines issued across Europe in 2024.
Ireland once again remains the preeminent enforcer issuing EUR3.5 billion (USD3.7 billion/GBP2.91 billion) in fines since
A much-anticipated Opinion from the European Data Protection Board (EDPB) on AI models and data protection has not resulted in the clear or definitive guidance that businesses operating in the EU had hoped for. The Opinion emphasises the need for case-by-case assessments to determine GDPR applicability, highlighting the importance of accountability and record-keeping, while also
On 3 January 2025, the Cyberspace Administration of China (“CAC”) released for public consultation the draft Measures for Certification of Personal Information Protection for Cross-Border Transfer of Personal Information (“Draft Measures”). This regulation represents the final piece in the CAC’s regulatory framework for the three routes to legitimize cross-border transfers of personal data outside of China (“CBDTs”).
