The Hong Kong Government recently submitted its proposed legislative framework to enhance protection of computer systems of critical infrastructure (“Proposal”) to the Legislative Council (“LegCo”) Panel on Security for...more
Key Point: The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework, which allows certain businesses to transfer data from the EU to the U.S. without the need for additional transfer...more
On May 22, Ireland’s Data Protection Commission (DPC) announced that it had imposed a €1.2 billion fine on Meta Platforms for violating the European Union’s General Data Protection Regulation (GDPR) in its use of standard...more
The Privacy Commissioner for Personal Data reminds organisations to review and implement appropriate data security measures amidst more data breaches. On 13 February 2023, the Privacy Commissioner for Personal Data of...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
Meta Ireland (Meta) has recently been issued with two fines by the Irish Data Protection Commission (DPC) for breaches of the EU General Data Protection Regulation (GDPR) relating to advertisements run on its Facebook and...more
The Office of the Privacy Commissioner for Personal Data of Hong Kong summarised enforcement trends and plans to further amend the Personal Data (Privacy) Ordinance. On 9 November 2022, the Office of the Privacy...more
The guidance outlines steps that organizations should take to enhance data security as hybrid working and learning introduce new risks. On August 30, 2022, the Office of the Privacy Commissioner for Personal Data of Hong...more
This article discusses briefly the various possible liabilities for data protection breaches under China’s main laws, regulations and statutory instruments governing the protection of personal information. Introduction -...more
Effective from October 8, 2021, the Personal Data (Privacy) (Amendment) Ordinance 2021 (“Amendment Ordinance”) has come into operation as it was published in the Hong Kong Government Gazette that day. The Amendment Ordinance...more
Ireland’s Data Protection Commission has imposed a fine of €225 million (more than $267 million) on WhatsApp, a popular messaging app owned by Facebook. Here are some key takeaways for companies subject to GDPR:.....more
Pathways for U.S. companies to transfer personal data out of the European Union have been repeatedly blocked by EU authorities concerned by what they perceive as gaps in data protection under U.S. laws. Schrems I invalidated...more
On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000 for failing to notify the DPC promptly of a data breach affecting EU...more
Will the EU finally deny the right to transfer any personal data from its shores to the United States? Its privacy decisions have been inching closer to this determination for years, and an Irish case against Facebook may tip...more
Cross-border and international discovery can be complicated. And the recent invalidation of the EU-U.S. Privacy Shield Program by the European Union Court of Justice in Irish Data Protection Commissioner v. Facebook Ireland...more
Twitter is likely to suffer significant fines in the EU for its handling of a data incident, but regulators are conflicted about their response. In late 2018, Twitter experienced a data breach involving an exploitation of a...more
Report on Supply Chain Compliance 3, no. 5 (March 5, 2020) - On Feb. 3, Facebook Inc. informed the Irish Data Protection Commission (DPC) that it would be rolling out a new dating service Feb. 14. The DPC was concerned about...more
Shook Weighs in on Updated CCPA Regulations - In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
Report on Supply Chain Compliance 3, no. 4 (February 20, 2020) - After a number of complaints regarding Google‘s processing of location data, the Irish Data Protection Commission opened an investigation into whether or not...more
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) recently announced a public consultation process regarding anonymization under the European Union General Data Protection Regulation (GDPR)...more
Matching Parent Emails with the Document Identifier In Relativity, if the Parent Document ID field does not match the Document Identifier (the control number with a link to a document), email threading will not have been...more
Bond Connect applications - The Central Bank of Ireland confirmed on 21 March 2019 that it would begin to accept applications from Irish authorized investment funds to participate in China Bond Connect ("Bond Connect")....more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Commission's second annual review of the Privacy Shield and the Department of Commerce's guidance on how to comply with the Privacy Shield...more
The Irish Data Protection Commissioner (DPC) has launched a public consultation on children and data protection issues. The consultation will have two streams: one aimed at adult stakeholders, and the other aimed directly...more
Following the recent legalization of cannabis, private retailers are open for business from coast to coast. While cannabis remains illegal in other jurisdictions, cannabis users' personal information is highly sensitive. In...more