As Singapore takes its next step towards living with COVID-19, the Ministry of Manpower (“MOM”), the Singapore National Employers Federation (SNEF) and the National Trades Union Congress (NTUC) (collectively, the “Tripartite Partners”) have issued a revised set of guidelines for
Latest from Data Protection Report - Page 2
New PCI DSS v4.0 – Flexibility added
On March 31, 2022, the PCI Security Standards Council released the new version of the Payment Card Industry Data Security Standards (version 4.0), which represents an update almost four years in the making. In addition to some clarifications and
Retention of records in South Africa
This blog was co-authored by: Preshanta Poonan, associate designate.
There are several pieces of legislation in South Africa that govern the retention of records. Ensuring efficient record management practices are in place is crucial for compliance with these Acts. Nerushka
“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices
The EDPB has published draft guidance on “dark patterns” in social media (the Guidelines) for consultation. The Guidelines consider in detail common social media interfaces that present the content of privacy policies and collect consent in ways which substantively
Another fine for over-retention of data
A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority,
Nascent EU/ US Trans-Atlantic Data Privacy Framework: some points to note
On 25 March the EU Commission (Commission) and United States (US) announced that they had agreed in principle on a new “Trans-Atlantic Data Privacy Framework” (TADPF) to foster trans-Atlantic data flows and address the concerns raised by Schrems II. We
UK proposes rules to protect against anonymous online trolls
The UK Government has added two new duties to the proposed Online Safety Bill (the Bill) that are aimed at protecting people against anonymous online abuse. These measures would give users of “main social media firms” more control over who
The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR).
The
SMO v TikTok: representative actions post Lloyd v Google
In SMO (A Child) v Tiktok Inc. & Ors [2022] EWHC 489, the High Court considered an alternative basis for bringing a representative claim for loss of control under the GDPR and the Data Protection Act 2018 (DPA 2018) following
Congress Agrees – 72-Hour Cyber Incident Reporting Requirement to Take Effect
On March 15, 2022, President Biden signed an omnibus spending bill into law, which, in part, requires companies to report cyber incidents and ransom payments. The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act