By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian
Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).
Read MoreBy Cameron Abbott, Rob Pulham, Stephanie Mayhew and Lauren Hrysomallis
ASIC has further focused its attention on the duties of companies and directors with regards to cyber resilience with the signing of a Memorandum of Understanding (MoU) with the Office of the Australian Information Commissioner (OAIC).
Read MoreBy Claude-Étienne Armingaud and Kenza Berrada
Digital intermediation service platforms within the sectors of chauffeur-driven transportation and goods delivery have new responsibilities since the enactment of Decree no. 2024-388 on 25 April 2024. Operating under the framework established by Article L. 7345-1 of the French Labor Code, this Decree has initiated a systematic collection and transmission protocol for data concerning platform workers’ activities to the French Employment Platforms Social Relations Authority (ARPE).
Read MoreBy Paul Haswell and Sarah Kwong
In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).
Read MoreBy Claude-Étienne Armingaud & Sophie Verstraeten
The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.
Read MoreBy Andrew Glass, Gregory Blase, and Joshua Durham
Effective immediately, the Federal Communications Commission (FCC) banned AI-generated phone calls with its recent Declaratory Ruling (the Ruling). Known as audio or voice “deepfakes,” AI can be trained to mimic any person’s voice, resulting in novel scams such as grandparents receiving a call from their “grandchild” and believing they have been kidnapped or need money for bail. FCC Commissioner Starks deemed such deepfakes a threat to election integrity, recalling that just recently, “potential primary voters in New Hampshire received a call, purportedly from President Biden, telling them to stay home and ‘save your vote’ by skipping the state’s primary.”
Read MoreBy Claude-Étienne Armingaud and Sophie Verstraeten
The UK’s Information Commissioner (the “ICO”) has recently sent warnings to the UK’s most visited websites to inform them that they may face enforcement action if they do not make changes to their cookie banner to ensure compliance with UK data protection law. For example, some websites warned by the ICO do not provide their user with a fair choice on tracking for personalised advertising. This position aligns with the EU’s stance, noting France (see prior Alert here).
Read MoreBy Claude-Étienne Armingaud and Nóirín McFadden
The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US “Data Bridge” as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.
Read MoreBy Aiko Yamada and Yuki Sako
Aiming to address creators’ concerns and to minimize risks of copyright infringement by artificial intelligence (AI) developers and users, the Agency for Cultural Affairs, Government of Japan convened panels at the Legal System Subcommittee of the Copyright Committee on 26 July 2023 and 5 September 2023 to identify issues to resolve in relation with generative AI and copyrights as roughly noted below:
Read More
By Amigo L. Xie, Lingjun Zhang, and Dan Wu
About four months after the Cyberspace Administration of China (CAC) released the Measures for the Standard Contract for the Export of Personal Data from China (China SCC Measures), and 15 working days after the China SCC Measures became effective, Beijing CAC published a notice announcing that a Beijing-based company passed the first-ever China SCC filing on 25 June 2023 (Notice).
Based on the Notice, the first China SCC filing relates to a cross-border personal data transfer from a Beijing-based data exporter, an online data service provider, to a Hong Kong-based data recipient. The type of data exported by the Beijing-based data exporter is personal data related to credit references as disclosed by the Notice.
The completion of the first-ever China SCC filing conveyed some positive messages to the market:
Read MoreCopyright © 2024, K&L Gates LLP. All Rights Reserved.