Support Centre

Asia-Pacific

News

Insights

July 2024

South Korea: Summary of the PIPC's guidelines for the processing of pseudonymous data

On February 5, 2024, the Personal Information Protection Commission (PIPC) released the revised 'Guidelines for Processing Pseudonymous Data' (the Guidelines). This revision addresses the limitations of the existing guidelines, which only provided processing standards for structured data. The Guidelines aim to establish pseudonymization standards for unstructured data - such as images, videos, audio, and text - which are crucial for the development of artificial intelligence (AI) technologies.

In the Guidelines, the PIPC provides methods and specific examples of pseudonymization regarding unstructured data. In addition, the PIPC explains in more detail the important points to consider for each phase of pseudonymization (pre-preparation, risk review, pseudonymization, appropriateness review, and safe management). As it is not practically possible to eliminate all the various risks that may arise in the course of AI development and use, the Guidelines also focus on post-management. Timothy Dickens, from DR & AJU LLC, explores the different scenarios discussed in the Guidelines where unstructured data was successfully pseudonymized.

July 2024

Hong Kong: Steering the AI future - unveiling Hong Kong SAR's new AI Governance Framework

In this Insight article, Albert Yuen and Jasmine Yung, from Linklaters, discuss the increasing pace of regulatory developments across APAC jurisdictions, particularly focusing on Hong Kong's new Model AI Framework.

June 2024

South Korea: Guidelines for foreign businesses under PIPA

In this Insight article, HoSang Yoon and Hyein Lee, from Shin & Kim LLC, delve into the release of the Guidelines on Applying the Personal Information Protection Act to Foreign Business Operators (the Guidelines), designed to assist foreign businesses in complying with the Personal Information Protection Act (PIPA). Released by the Personal Information Protection Commission (PIPC) on April 4, 2024, the Guidelines provide a comprehensive framework to help foreign businesses meet PIPA requirements and emphasize the importance of adopting robust measures to safeguard the personal data of South Korean users.

May 2024

South Korea: Overview of data retention requirements

In this Insight article, Hyeon Song Lee, Principal at Pine Law Office, explores how the Personal Information Protection Act (PIPA) in South Korea grants personal data rights and sets obligations for data processors. Additionally, he delves into the complex landscape of data retention regulations that extend beyond PIPA, highlighting the necessity for businesses to navigate various individual laws to ensure compliance and avoid potential penalties.

May 2024

Philippines: Updated rules on compliance checks

The National Privacy Commission (NPC) issued NPC Circular No. 2024-01 (the Circular) on January 26, 2024, entitled Amendments to Certain Provisions of the 2021 Rules of Procedure of the National Privacy Commission (the 2021 NPC Rules of Procedure).

Edsel F. Tupaz, Senior Partner at Gorriceta Africa Cauton & Saavedra and Lead of the firm's Data Privacy, Cybersecurity, and AI Initiatives practice group, discusses the salient amendments under the Circular and their practical implications for Personal Information Controllers (PICs). In particular, Edsel breaks down and describes the practical import of the amended provisions found in the new procedure of the National Privacy Commission for compliance checks, alternative dispute resolutions (ADR), and decisions.

May 2024

Australia: Consultation on legislative reforms - ransomware

The Australian Government released the 2023-2030 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper (the Consultation Paper) in December 2023. The Consultation Paper follows the Australian Government's 2023-2030 Australian Cyber Security Strategy (the Strategy). The Strategy aims to build 'cyber shields' to strengthen Australia's cyber defenses and build resilience against cyber-attacks. Katherine Sainty, Kaelah Dowman, and Sarah Macken, from Sainty Law, explore the current ransomware environment in Australia and the Government's proposed ransomware reporting obligations.

April 2024

India: Digital Competition Bill - a value add or deterrent to DPDPA?

In this Insight article, Prashanth Shivadass, Partner at Shivadass & Shivadass, delves into India's evolving digital landscape, marked by a surge in data usage and technological advancements. Examining the journey from the Information Technology Act, 2011 (the IT Act) to the Digital Personal Data Protection Act, 2023 (DPDPA), and the emergence of the Digital Competition Bill (DCB), the article navigates the intricate intersection of data protection, competition law, and the challenges posed by big tech entities in shaping India's digital future.

April 2024

International: A comparative analysis of the GDPR and India's DPDPA

In this article, Arun Babu and Gayathri Poti, from Kochhar & Co., delineate the primary disparities between the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR) from a business perspective, analyzing the rationale behind these distinctions and their practical implications.

April 2024

India: Digital Personal Data Protection Act, 2023 part four - data subject rights

Part one of this series on India's Digital Personal Data Protection Act, 2023 (the Act) looked into the Act's scope and application, and part two delved into consent and legitimate uses. Part three discussed the provisions applicable to the transfer of digital personal data under the Act in India.

In part four of this series, Rachit Bahl, Rohan Bagai, and Navdeep Baidwan, from AZB & Partners, delve into the rights and duties of data subjects under the Act, emphasizing the pivotal role individuals play in safeguarding their personal data in the digital era.

April 2024

Hong Kong, China: Standard Contract for Cross-boundary Flow of Personal Information within the Guangdong–Hong Kong–Macao Greater Bay Area

In this Insight article, Ada Chung Lai-Ling, Privacy Commissioner for Personal Data, Hong Kong, explores the Standard Contract for Cross-boundary Flow of Personal Information Within the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland, Hong Kong) (the GBA SC), including its scope and adoption.

April 2024

Australia: Management of data to mitigate the risk of cyber attacks

In an increasingly digitized world, safeguarding against cyber attacks has become pivotal for modern businesses. The alarming rate at which cyber attacks are evolving creates significant challenges for Australian businesses in maintaining data security and integrity. Data management is an important tool for businesses to mitigate cyberattacks and maintain strong security measures. Data management strategies, such as data minimization, data de-identification, and data governance frameworks help fortify a business's defenses against cybercriminals and limit risks associated with the collection, use, and storage of data assets. Katherine Sainty and Sarah Macken, from Sainty Law, look specifically at data governance, data minimization, and data de-identification, and how businesses can best utilize these to safeguard data.

April 2024

Bangladesh: The cybersecurity landscape

Nasir Doulah, Partner at Doulah & Doulah, explores the main cybersecurity regulations in Bangladesh, focusing on the ICT Act and the Cybersecurity Act. 

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.