Latest Articles

The European Commission announced on 23 January 2019 that it has adopted an adequacy decision on Japan (its press release can be found here).[1] This is a result of the assessment process which began on 5 September 2018, the background of which can be found in our previous blog here. Japan’s data protection authority, the Personal Information Protection Commission (PPC), has also adopted its equivalent decision on Japanese personal data flows to…
To any good lawyer, the answer is ‘both’ are important.  However, most in-house counsel know the answer is which receives the limited available budget.  Compliance budgets usually follow the greatest risks for the company.  Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that data privacy will take a larger portion of the budget than cybersecurity.  However, in the US, where the penalties for…
What’s New? On 5 September 2018, the EU Commission commenced proceedings to adopt an Adequacy Decision in relation to Japan’s protection of personal data by issuing a draft ‘Commission Implementing Decision’. This is an important step towards the culmination of discussions between the EU and Japan that were initiated in January 2017, with the aim of permitting the free flow of personal data between the parties. These discussions were part of the broader free trade…
As 2018 picks up steam from its start, we are beginning to see traction in relation to various new regional data privacy and cybersecurity laws.  Many of the provisions seem designed to enable countries to seek an EU Adequacy Finding, which is akin to the Privacy Shield provisions between the EU and the US.  This would allow the easier transfer of EU data between the countries.…
This week, the Standing Committee of the National People’s Congress approved the new Cyber Security Law. The law, which contains 79 articles under eight chapters, is set to take effect in June 2017 and has wide-ranging implications for how companies in China handle personal data and cybersecurity issues. The law applies broadly to entities or individuals that construct, operate, maintain, and use networks within China, as well as those who are responsible for supervising and…