Living in the age of Big Data, consumers are slowly awakening half in doubt regarding the ownership of the data which they generated. As more enterprises start utilising user-generated data for so-called target marketing, more consumers begin questioning about unfairness in sharing the profit earned by commercialising that data. This question motivates us to think about the essence of privacy. Is privacy just about the right to be let alone? Or might it include the right to sell the users' own data? Read More
In our first article on the European Union General Data Protection Regulation (Regulation (EU) 2016/679 or ‘GDPR’) we focused on the global territorial scope of the new rules and how they could affect businesses based in Asia. In particular, we highlighted how the enhanced rights of data subjects in the EU and the expanded obligations on data controllers and data processors — even if they are located outside the EU — provide much for businesses to consider as they become compliant with the new rules. In this second article, we will focus on the new regulatory-enforcement regime and international data transfers, and then draw comparisons with the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system. Read More
Are individuals more likely to allow use of their data when it’s ‘for the greater good’ – even if permission is not sought? It may be that they don’t have a choice. Even as data protection measures increase and regulatory bodies increase their ability to punish bad behaviour by data custodians, there are still some thorny issues when it comes to the moral and legal obligations governing the sharing of Big Data and personal information. Read More
In this, the third of a series of articles, Pauline C. Reich examines how Asian countries are approaching the thorny issue of cybercrime and the interception of data. The author takes a look at two Southeast Asian countries in particular, Cambodia and the Philippines. Read More
The article provides a brief overview of the legal framework relating to data protection and privacy and discusses the provisions of relevant data protection and data privacy laws in India. It also discusses proposed legislative changes in India to strengthen and improve the existing data protection regime. Read More
The use and disclosure of personal data for direct marketing purposes is strictly regulated in Hong Kong with more severe consequences for non-compliance than other breaches of Hong Kong privacy law, and is often found to be significantly more onerous than in other jurisdictions. This article summarises some of the key elements of Hong Kong’s direct marketing regime. Read More
The exit of the United Kingdom from the EU has caused turmoil in world markets and has far reaching consequences for those companies in the European Union doing business with the country – and vice versa. There has also been some uncertainty about how the authorities based in London will be treating data security and privacy issues. The consensus seems to be that companies doing business with the second largest economy in Europe (after Germany) should be adopting a ‘business as usual’ approach. However, will this necessarily be the case in the future? Will global companies with a British connection (including those in Asia) be forced to revisit how they treat data security and privacy issues when dealing with the United Kingdom – and will British companies move away from the rules that have been set in place by Brussels? We take a closer look. Read More
In this, the final instalment in the series, Pauline C. Reich, Professor and Director of the Asia-Pacific Cyberlaw, Cybercrime and Internet Security Research Institute at the Waseda University School of Law in Tokyo, Japan examines the implications of the recent US v. Apple case in terms of disclosure requirements in Asia and across the globe. Read More
Improvements to the first Privacy Shield include better data retention provisions and independent Ombudsman, but Data Protection Authorities still cautious. Read More
In part one of a two part series, we examine some of the challenges that companies face in terms of the evolving privacy and data protection landscape. Data protection and privacy issues are now bedrock strategic issues for companies across the world and Information Security professionals are now under even more pressure to ensure that data remains secure. The value of data as an intangible asset continues to grow and legislation and regulation is becoming ever more stringent. The onus is on companies to comply or suffer the consequences. This is going to require a whole new breed of information security professional. In part two of this series (in next month’s newsletter) we’ll look at the argument for and against a new role combining Chief Security and Privacy Officer in this rapidly evolving regulatory environment. Read More