On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal
Privacy Matters
DLA Piper's Global Privacy and Data Protection Resource
Latest from Privacy Matters - Page 2
Ireland: Increased regulatory convergence of AI and data protection: X suspends training of AI chatbot with EU user data after Irish regulator issues High Court proceedings
The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension proceedings against X in the…
Hong Kong: A Practical Guide to the Proposed Critical Infrastructure Cybersecurity Legislation
Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI”). While the proposed new law, tentatively entitled the Protection of Critical Infrastructure…
China: Important new guidance on defining sensitive personal information
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of…
Australia’s e-marketing expectations: When customers don’t give a spam
On 1 July 2024, Australia’s spam regulator, the Australian Communications and Media Authority (AMCA), released a Statement of Expectations setting out its requirements for customer consent in the context of direct marketing.
The ACMA has consistently demonstrated a clear intolerance…
FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable Data
The Federal Trade Commission (FTC) reiterated its long-held view that hashing or pseudonymizing identifiers does not render data anonymous, in a post to its Technology Blog on July 24, 2024.
In the rather strongly worded post, while acknowledging that…
EU: European Supervisory Authorities issue second batch of technical standards under DORA
On 18th July, the European Supervisory Authorities (“ESAs”) published the final versions of the second batch of their draft regulatory technical standards (RTS) and implementing technical standards (ITS), developed under the Digital Operational Resilience Act (DORA), as well as two sets…
Requirements of EHR systems under the European Health Data Space
This is Part 2 in a series of articles on the European Health Data Space (“EHDS”). Part 1, which provides a general overview of the EHDS, is available here.
Alongside the better-known provisions of the EHDS dealing with secondary…
UK: Changes to UK surveillance and communications law: the Investigatory Powers (Amendment) Act 2024.
The UK has made several consequential amendments to its primary electronic surveillance law, the Investigatory Powers Act (“IPA”). These changes have the potential to impact the development of certain privacy-enhancing services by technology companies, whilst also widening the scope of…
HONG KONG: Artificial Intelligence – Model Personal Data Protection Framework
In the rapid development of artificial intelligence (“AI”), regulators are playing catch up in creating frameworks to aid and regulate its development.
As the AI landscape begins to mature, different jurisdictions have begun to publish guidance and frameworks. Most recently,…