On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…
In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers. First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…
The video game industry is expected to generate over 200 billion USD in 2023. While this includes the sale of home consoles and physical video games, the largest growth is in mobile gaming. There are an estimated 2.7 billion gamers worldwide, of which 2.6 billion are playing on mobile devices such as smartphones and tablets.[1] Mobile gaming platforms allow individuals to play without a gaming console or personal computer. They are the most popular for…
After numerous delays the Thailand Personal Data Protection Act (PDPA) has officially come into effect as of today (1st June). Any and all businesses that handle personal data in one way or another are now required to implement additional measures or alter the way in which they interact with customers, business partners and employees. Some of the key steps that will need to be taken involve updating or issuing a new privacy policy; providing data…
On 10 March 2022, the National Data Management Office (NDMO) published for consultation a draft of the executive regulations (“Regulations”) to the Personal Data Protection Law, promulgated by Royal Decree No. M/19, dated 09/02/1443H (PDPL). You can access our previous alert on the publication of the Law here. You can access the consultation and a full draft of the Regulations here. The consultation invites comments on the Regulations and will close on 25 March 2022. The timing…
In this uncertain time, some global companies are announcing that they are “leaving Russia.” What does it mean to “leave Russia,” and what are the data privacy implications of doing so? Setting aside the broader business, political, and other legal considerations, the following are some initial thoughts on these challenging and rapidly developing data privacy issues. What does it mean for a global company to “leave Russia”? The specifics of the answer to this question…
The EU Commission proposed a new regulation called the Data Act. It contains extensive obligations for B2C, B2B and B2G data sharing, as well as rules requiring providers of cloud services to facilitate switching and interoperability between service providers. We’ve set out below our key takeaways.
After almost 3 years since the announcement of the Personal Data Protection Act (PDPA), the Personal Data Protection Committee (PDPC) has finally been announced by the Thai government. The PDPC will be made up of 10 commissioners – one chairman and nine experts from a range of different fields. The PDPC will set about planning the promotion and protection of personal data, prescribing guidelines/measures, and issuing various rules, codes and sub-regulations, among others. The Ministry…
The French data protection authority (“Commission nationale de l’informatique et des libertés” or “CNIL”) published, on January 12, 2022, a statement on processor reuse of data entrusted by data controllers. This guidance aims at establishing a legal framework to determine if, and under which conditions, a processor can use personal data it obtained from a controller for purposes broader than just strictly providing services to the controller. Can a processor reuse the data it receives…
Over the years, protecting children’s informational privacy has become a controversial issue. From a legal perspective, there are two questions: to what extent does it depend upon parental control and consent, and how is this factor incorporated into the law seeking to protect children’s informational privacy? Under the Law on Children 2016 (LoC), a child is defined as any person below the age of 16. Personal information, as prescribed by the Law on Cyberinformation Security…