Insight on how cyber risk is being mitigated and managed across the globe.
By: Rob Pulham, Cameron Abbott, and Annaliese Filippis (Graduate, Melbourne)
The Office of the Australian Information Commissioner (OAIC), Australia’s privacy regulator, is conducting its first ever privacy compliance sweep, as of this January. The compliance sweep will include a review of the privacy policies of businesses that collect information in person.
Read MoreThe Federal Court has ordered Australian Clinical Labs (ACL) to pay AU$5.8 million in civil penalties following a 2022 data breach involving its then-newly acquired Medlab Pathology business. The breach affected over 223,000 individuals whose data was accessed and infiltrated by malicious actors and is one of Australia’s most significant healthcare cyber incidents.
Read MoreBy: Rob Pulham, Cameron Abbott, and Maryam Ahmed
Not to be outdone by its regional peers, New Zealand updated its privacy laws with the passing of the Privacy Amendment Act 2025 (the Act) last month: see the NZ Privacy Commissioner’s media release here.
Read MoreBy: Cameron Abbott, Rob Pulham, and Stephanie Mayhew
This week the Australian Government released its Final Report on the Age Assurance Technology Trial. Its findings will underpin the coming into effect of new rules to implement the social media minimum age limit laws, required to be in place by December 10.
Read MoreBy: Cameron Abbott, Rob Pulham, and Stephanie Mayhew
Tranche 2 of the Australian Privacy Act reforms is expected soon (perhaps imminently), following comments from the new attorney general in the media that suggested the time for conversation and for lobbying is over. The attorney general noted in an interview last month on Sky News that the highly anticipated “second tranche” of Australian privacy law reform is coming, saying “Australians are sick and tired of their personal data being exploited” and “not being protected,” and that “we will not have our privacy reforms dictated by multinational tech giants.”
Read MoreBy: Amigo Xie, Dan Wu and Sarah Kwong
On 18 July 2025, China’s Cyberspace Administration (CAC) officially launched its online portal (Portal) for registration of China Data Protection Officers (China DPO). This operationalizes the requirements under Article 52 of the Personal Information Protection Law (PIPL).
Read MoreBy: Dr Thomas Nietsch and Andreas Müller
Under the Regulation (EU) No 524/2013 on online dispute resolution for consumer disputes (ODR Regulation) traders established in the European Union (EU) who sell or offer products or services online to consumers residing in the EU are required to provide an easily accessible and clickable link to the EU’s ODR Platform on their websites to enable consumer to resolve disputes regarding the obligations stemming from the online sales or service contracts out of court. Until now…
Read MoreBy: Corey Bieber and Guillermo Christensen
K&L Gates partners Corey Bieber and Guillermo Christensen have published an article in Volume 2 of the June 2025 edition of CPI Antitrust Chronicle.
Read MoreBy: Claude-Etienne Armingaud, Thomas Nietsch, Nóirín McFadden, and Sophie Verstraeten
The UK’s major post-Brexit reform of the UK General Data Protection Regulation (UK GDPR), the Data Use and Access Act (DUAA), became law on 19 June 2025.
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
In proceedings initiated by a Consumer Protection Agency for a preliminary injunction against the operator of a social network to prohibit the use of publicly accessible user data for AI training, the competent court ruled that using such data is permissible under the General Data Protection Regulation (GDPR.)
Read MoreCopyright © 2025, K&L Gates LLP. All Rights Reserved.