International Privacy Laws

This is the second in a series of updates addressing the bilateral data access agreement (Data Access Agreement or agreement) between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The agreement, which entered into force on October 3, 2022, is designed to facilitate cross-border criminal

Following the European Council’s approval last week, the Digital Services Act (DSA) has been officially adopted, starting the countdown to the law’s entry into force later this year. The DSA builds on the Electronic Commerce Directive 2000 (e-Commerce Directive) and regulates the obligations of digital services that act as intermediaries in connecting consumers with third-party

The Cyberspace Administration of China released the Measures for the Security Assessment of Cross-Border Data Transfer on July 7, 2022, to regulate cross-border data transfers in accordance with the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. The measures went into effect on September 1, 2022.

The measures provide a six-month

The National Information Security Standardization Technical Committee issued a draft of the new national standards on May 26, 2022. The new draft—Information Security Technology: Requirements of Privacy Policy of Internet Platforms, Products and Services—is available for public comment until July 25, 2022.

The Draft Requirements document is China’s first list of national standards

China’s internet watchdog, the Cyberspace Administration of China, has continued to tighten its regulation of internet industries and driven the formulation of many new laws and regulations in cybersecurity and data protection in China.

On March 17, 2022, the CAC reported to the public its campaign’s achievements. These achievements showcased the determination of regulators to

On August 17, 2021, China released the new regulations on the Security and Protection of Critical Information Infrastructure (CII Regulations), which became effective on September 1, 2021. Even though China started its protection of Critical Information Infrastructure (CII) as early as 2016, when it released the Cybersecurity Law of the People’s Republic of China (CSL)

Last month, the European Center for Digital Rights (more commonly known as None of Your Business or “noyb”) launched a new campaign against the use of allegedly unlawful cookie banners by sending nearly 600 draft complaints to companies across the European Union and European Economic Area (EU/EEA). Noyb is the privacy watchdog organization

Given that the Data Security Law is one of the three fundamental data protection laws in China, the legislative process of the law has attracted much attention. In July 2020, comments were solicited for the first draft of the Data Security Law (the First Draft). Nine months later, the 13th Standing Committee of the National

In the last two years, the Chinese Ministry of Industry and Information Technology, together with other agencies in the Chinese government, launched a series of campaigns for the rectification of excessive personal information processing activities of mobile application developers, operators, and third-party service providers. Now, drawing on the insights from these special rectification campaigns, the

In what could be a harbinger of the future regulation of artificial intelligence (AI) in the United States, the European Commission published its recent proposal for regulation of AI systems. The proposal is part of the European Commission’s larger European strategy for data, which seeks to “defend and promote European values and rights