In today’s information economy data is invaluable. A business' ability to transfer and use customer data and other information is both integral to the day-to-day running of a company and key to profitability and success.
New and evolving legal regimes will require significant changes for many businesses. Ongoing horizon scanning and strategic planning is key to protecting and maximising the value of one of the most important assets a business holds – data.
We are a global, cross-practice group of lawyers specialising in data protection, commercialisation and governance. We are uniquely placed with deep advisory, transactional, litigation, enforcement and regulatory engagement experience to support clients across their data strategy and matters.
Webinar: APAC data regulatory themes and strategies
In the face of stringent data regulations in APAC, how do you strike a balance between risk mitigation, building consumer trust and fostering innovation? Our panel of expert speakers explore key themes of data regulation and enforcement across Asia Pacific and share actionable strategies for navigating the evolving legal landscape. Focusing on issues and challenges of cross border data transfer, requirements for data storage and localisation, navigating new data regulations in jurisdictions such as China, emerging trends in AI data regulation, cybersecurity and enforcement and key considerations in developing data strategies.
Webinar: International Data Flows – Navigating the global legal landscape
Privacy laws and data localisation requirements are developing globally, and data transfer is in the regulatory spotlight. Joining this legal landscape are legislative proposals requiring the sharing of certain data. Our experts examine recent legal developments impacting data flows, related international cooperation efforts and how organisations can navigate the challenges of international data transfer.
U.S data privacy has entered a new era. The California Consumer Privacy Act was the first comprehensive state data privacy law added to this U.S. regulatory framework that focused on consumer protection. Since its adoption, various state-level regulatory and legislative activity has been building momentum. Several states have enacted or are continuing to develop comprehensive data privacy laws with requirements that apply across nearly all business sectors.
The Data Act entered into force on 11 January 2024, with the majority of its provisions applicable from 12 September 2025. Another key aspect is its introduction of provisions which aim to facilitate switching between data processing services (such as cloud services).
Data regulation is rapidly developing across the Asia Pacific (APAC) region. Businesses need to understand how these regulations will affect their strategies a...
The Cyberspace Administration of China released the Provisions on Regulating and Promoting Cross-border Data Flows (the New Provisions) on 22 March 2024, ...
On 10 July 2023, the European Commission reached an "adequacy decision" under the European Union General Data Protection Regulation (GDPR), approving transfers of personal data to organisations located in the United States that will be certified under the newly-established Trans-Atlantic Data Privacy Framework (DPF) agreed between the U.S. and the EU.
Pseudonymized data (being personal data that can no longer be attributed to a specific data subject without the use of additional information which is separately and securely held) may be personal data should there be 'reasonable means' or 'legal means' that enable the reidentification of the underlying data subjects.
On 18 January we reported on a decision issued by the Spanish Data Protection Agency (AEPD) shelving a complaint filed by an employee against his employer for having included him in two of the company's WhatsApp groups without his consent.
The Spanish Data Protection Agency (AEPD) has issued a decision in case no. 00050-2022, shelving a complaint filed by an employee against his employer for including him in two WhatsApp groups without his consent.
In recent years, China1 has developed its legal framework regulating data and personal information (PI) with the promulgation of the PRC Cybersecurity Law in 2016, the PRC Data Security Law in 2021 and the PRC Personal Information Protection Law (the PIPL) in 2021 (collectively, the PRC Data Laws).
The UK’s Data Protection and Digital Information Bill (Bill) was laid before the UK Parliament on 18 July 2022, marking a significant step in the post-Brexit reform of the UK’s data protection regime.
The leading European data protection teams at Clifford Chance and DLA Piper have collaborated on a joint paper setting out the case for a proportionate approach to conducting risk assessments of international transfers of personal data.
As 2023 approaches, a flurry of activity in California means big changes in the year ahead for data privacy. New obligations, an expanded scope of covered data, increasing enforcement, and scant regulations all mean it’s a good time for companies processing the personal information of California residents to make sure they’re prepared for the new year. Read ahead for insights into what’s coming and strategies for compliance, including Frequently Asked Questions.
The data centre industry is poised for growth in 2023 due to increased demand from businesses. However, factors such as higher costs, a slowing economy, new capacity challenges and increased regulation due to sustainability concerns about energy and water consumption, will impact growth. The pandemic has fueled the growth of the global data centre market, projected to reach 235 billion euros by 2026 with a projected Compound Annual Growth Rate of 4.5%. Companies must consider the latest tech trends when selecting a data centre partner or colocation provider.
Monitoring employees in the workplace is not new but the methods by which this is achieved, the workplace itself and relevant regulatory regimes are continually evolving. The UK's Information Commissioner's Office (ICO) has published for consultation draft Guidance on Monitoring at Work. Coincidentally, in the same week the international press reported a Dutch case in which the courts awarded an employee in the region of €75,000 after being dismissed for refusing an instruction to keep his webcam on for the entire duration he was logged on to his work PC.
The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) published its "Artificial Intelligence: Model Personal Data Protection Framework" (Model Framework). The Framework is a valuable guide for organisations in Hong Kong that seek to procure, implement and use AI systems that handles and processes personal data.
The Personal Information Protection Committee of Japan has published an interim report following their meeting on 26 June 2024 to summarise the ongoing discussions to revisit the APPI. This article looks at the revisions which are being proposed as part of the requirement to have the APPI reviewed every three years and in response to industry feedback calling for regulations that better align with practical business conditions.
The First-tier Tribunal held that the UK Information Commissioner's Office (ICO) did not have jurisdiction to issue its 18 May 2022 enforcement and monetary penalty notices, which alleged breaches of the UK and EU General Data Protection Regulations (together, GDPR), to Clearview AI Inc (Clearview).
The CJEU's decision that the fear of potential misuse of personal data can constitute 'non-material damage' could potentially lead to an increase in damage claims from data subjects following cyberattacks.
Competition authorities around the world have increased their focus on fintech as part of a broader rise in intervention in financial services and tech markets...
In recent years, China has developed its legal framework regulating data and personal information (PI) with the promulgation of the PRC Cybersecurity Law in 20...
The data centre industry is poised for growth in 2023 due to increased demand from businesses. However, factors such as higher costs, a slowing economy, new capacity challenges and increased regulation due to sustainability concerns about energy and water consumption, will impact growth. The pandemic has fueled the growth of the global data centre market, projected to reach 235 billion euros by 2026 with a projected Compound Annual Growth Rate of 4.5%. Companies must consider the latest tech trends when selecting a data centre partner or colocation provider.
Last year was a tough one for fintech with the collapse of a number of high-profile industry players, as well as wider economic pressures including the war in Ukraine, supply chain challenges and high inflation.
Evolving technologies, increased digital connectivity, cyber risk, geopolitical tensions, climate change, supply chain disruption and changing markets are shaping government policies, regulation and legal risk in relation to use of data and technology.
Space tech is not a future concept – it's here and now and offers many investment opportunities. The space industry is growing rapidly and has expanded by 70% ...
Approximately US$2 billion worth of 'land' has changed hands so far this year without a single human ever setting foot on it and with the knowledge that no hum...
The regulatory landscape for digital services is being fundamentally redefined in the European Union (EU), with a boom in the number of legislative initiatives...
Companies across a wide range of sectors are exploring the commercial potential of the metaverse but will need to navigate a complex patchwork of existing and ...
The metaverse has been described as the future of the internet – a digital world where we will live, work and play and which has attracted enormous investment ...
The Digital Markets Act (DMA) ushers in a new era for the digital sector in the EU, as compliance will require some of the most influential digital companies t...
As a growing number of tech companies invest heavily in the metaverse – which allows users to live, work and play in alternative virtual worlds – we explore th...
The Principles and Code incorporate international BHR standards and provide guidance on risks that might arise when developing AI systems, as well as steps to advance responsible AI stewardship
Clifford Chance
