Cyber Law Watch

Insight on how cyber risk is being mitigated and managed across the globe.

1
California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence
2
Australia’s Privacy Framework set to be Revamped Following the Government’s Response to the Privacy Act Review Report
3
California Proposes Cybersecurity Requirements for Businesses
4
China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow
5
UK Government Approves Adequacy of UK-US Data Bridge
6
Japanese Government Identified Issues Related to AI and Copyrights
7
Beijing CAC Approved the First China SCC Filing
8
Japanese Privacy Regulator Cautioned Businesses regarding Issues Relating to Generative AI Services
9
Australian Government contemplates Asimov’s Omnibus
10
New ICO guidance for employers responding to data subject access requests

California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence

By Eric Vicente Flores and Michael Stortz

Executive Summary: The California Privacy Protection Agency has proposed a new set of draft regulations that aim to regulate the use of artificial intelligence and automated decision making technology. These regulations will be discussed alongside other draft regulations the agency has previously proposed regarding risk assessments and cybersecurity assessments. The three sets of draft regulations will be discussed at the agency’s meeting on 8 December.

Read More

Australia’s Privacy Framework set to be Revamped Following the Government’s Response to the Privacy Act Review Report

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew,and Maddy Bassal

Last week the federal Government released its response (the Response) to the recommendations proposed by the AGD’s Privacy Act Review Report released in February 2023 (the Report).

Read More

California Proposes Cybersecurity Requirements for Businesses

By: Eric Vicente Flores, Avril Love, and Whitney McCollum

In recognition of Cybersecurity Awareness Month in the US, we will be bringing awareness to relevant 2023 cybersecurity updates each week.

On 28 August, the California Privacy Protection Agency (CPPA) published draft regulations regarding risk assessments and cybersecurity audits for consideration at the Board’s September meeting. The draft regulations precede the formal rulemaking process, but provide insight into CPPA’s current priorities.

Read More

China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow

By Amigo L. Xie and Dan Wu

On 28 September 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Facilitating Cross-Border Data Flow (in Chinese) for a public comment period ending on 15 October 2023.1

Read More

UK Government Approves Adequacy of UK-US Data Bridge

By Claude-Étienne Armingaud and Nóirín McFadden

The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US “Data Bridge” as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.

Read More

Japanese Government Identified Issues Related to AI and Copyrights

By Aiko Yamada and Yuki Sako

Aiming to address creators’ concerns and to minimize risks of copyright infringement by artificial intelligence (AI) developers and users, the Agency for Cultural Affairs, Government of Japan convened panels at the Legal System Subcommittee of the Copyright Committee on 26 July 2023 and 5 September 2023 to identify issues to resolve in relation with generative AI and copyrights as roughly noted below:

Read More

Beijing CAC Approved the First China SCC Filing

By Amigo L. Xie, Lingjun Zhang, and Dan Wu

About four months after the Cyberspace Administration of China (CAC) released the Measures for the Standard Contract for the Export of Personal Data from China (China SCC Measures), and 15 working days after the China SCC Measures became effective, Beijing CAC published a notice announcing that a Beijing-based company passed the first-ever China SCC filing on 25 June 2023 (Notice).

Based on the Notice, the first China SCC filing relates to a cross-border personal data transfer from a Beijing-based data exporter, an online data service provider, to a Hong Kong-based data recipient. The type of data exported by the Beijing-based data exporter is personal data related to credit references as disclosed by the Notice.

The completion of the first-ever China SCC filing conveyed some positive messages to the market:

Read More

Japanese Privacy Regulator Cautioned Businesses regarding Issues Relating to Generative AI Services

By Yuki Sako and Aiko Yamada

Following the call for international standards on Artificial Intelligence (AI) at the recent G7 summit, on 2 June 2023, in a rare move, Japan’s Personal Information Protection Commission (PPC) issued two warnings in a publicly released letter (the “Letter”):

  • Firstly to the three categories of users of generative AI services, i.e.,
    • business operators who collect personal information and thus are subject to the Act on the Protection of Personal Information of Japan (APPI);
    • government agencies, which may adopt generative AI services into their operations; and
    • the general public; and
  • Secondly to the “ChatGPT” developers/publishers. 
Read More

Australian Government contemplates Asimov’s Omnibus

By Cameron Abbott, Daniel Knight, Rob Pulham, Stephanie Mayhew, and Dadar Ahmadi-Pirshahid

Amid the rapid acceleration of tools like ChatGPT and global calls for tailored regulation of artificial intelligence tools, the Australia Federal Government has released a discussion paper on the safe and responsible use of AI. The Government is consulting on what safeguards are needed to ensure Australia has an appropriate regulatory and governance framework to manage the potential risks, while continuing to encourage uptake of innovative technologies.

Read More

New ICO guidance for employers responding to data subject access requests

By Noirin M. McFadden and Claude-Étienne Armingaud

Today, the UK data protection regulator, the ICO, has published guidance to assist employers in responding to data subject access requests (DSARs) from current and former employees. DSARs have become the primary tool for employees attempting to gain leverage against employers during a dispute or grievance process: they can be extremely time-consuming and resource intensive for employers to deal with, and it is a difficult balance to strike between upholding employees’ right of access under the UK GDPR and applying exemptions from disclosure in an appropriate way.

The new guidance covers issues that often occur when employers try to strike this balance, and notably:

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.