It has been a busy month for cyber and privacy regulation in Australia. On the heels of the proposed amendments to the Privacy Act 1988 released just under a month ago (see our summary here), three further draft Bills
Privacy Matters
DLA Piper's Global Privacy and Data Protection Resource
EU: ECJ rules that competitors are entitled to bring an injunction claim based on an infringement of the GDPR.
Introduction
In its judgement of 04 October 2024 (C-21/23), the European Court of Justice (“ECJ”, “Court”) ruled, that the provisions of Chapter VIII of the GDPR, do not preclude national rules which grant undertakings the right to rely,…
EU: CJEU Confirms that Legitimate Interests can cover purely commercial interests
Introduction
The subject of “legitimate interests” and in particular whether they can be “purely commercial” has been a topic of front and center stage debate in the Netherlands for some time. The Dutch data protection authority (AP) has historically interpreted…
UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?
In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s…
China: New definition and guidelines on Sensitive Personal Information now finalised
We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide”). The Guide has now (September 2024) been finalized and issued by the National…
UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal data
On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.
Between 10 January and 3 March…
Data Act Frequently Asked Questions answered by the EU Commission
The EU Data Act is one of the cornerstones of the EU’s Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU’s data economy. Most of the provisions of the…
Australia: Long awaited Australian privacy reform comes to fruition
The Australian Government has today published a draft Bill outlining the next steps in Australia’s Privacy Act Review process.
The changes to be implemented by the Privacy and Other Legislation Amendment Bill 2024 include the introduction of:
- A statutory tort
…
Australia: Anti-scam measures and ransomware reporting on the agenda
Cyber regulation is changing in Australia. As governments globally grapple with the everchanging and increasingly challenging cyber landscape, Australia is poised to implement new laws and update existing regulation in order to enhance Australia’s cyber security and resilience. These changes…
CHINA: Mandatory data protection compliance (self) audits on their way
The Personal Information Protection Law (“PIPL”) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits”). Apart from such Self-supervision Audits, in case the data regulator finds significant risks involved…