The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
The Federal Administrative Court (FAC) recently issued a ruling concerning the status of instant messaging app Threema from a telecoms surveillance legislation perspective. The consequences of the FAC's ruling, if upheld by the Federal Supreme Court, would exonerate many over-the-top service providers (typically instant messaging and voice call providers) from certain obligations under telecoms legislation. However, businesses active in the telecoms area should nonetheless remain cautious.
All five Taiwanese 5G operators were recently listed as 'clean' 5G networks by the United States. The National Communications Commission has welcomed this international collaboration and commented that similar programmes previously applied to Taiwan 4G networks and kept Chinese hardware companies such as Huawei and ZTE out of Taiwan's 4G infrastructure.
The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
The Taiwanese government recently accelerated its ban on Chinese over-the-top (OTT) TV services in Taiwan. As of 3 September 2020, no entities, legal persons or individuals in Taiwan may act as business agents, carry out resales or provide intermediary services for Chinese OTT TV services. Non-compliance with the ban could result in an administrative fine of NT$50,000 to NT$5 million per case and to a cease and desist order from the National Communications Commission.
The Cayman Islands Monetary Authority (CIMA) has updated its Rule and Statement of Guidance – Cybersecurity for Regulated Entities following feedback received during a private sector consultation. The rule, which sets out CIMA's requirements in relation to the management of cybersecurity risks, is a clear and precise directive that creates binding obligations, the breach of which may lead to a fine or regulatory action being taken by CIMA.
The Litigation Chamber of the Data Protection Authority recently issued a reprimand to a hospital for its violation of an employee's access and information rights regarding an audit, which had led to the employee's dismissal. Specifically, the hospital had refused the employee access to the external expert's audit report which had formed the basis of its decision to dismiss the employee.
The Federal Data Protection and Information Commissioner (FDPIC) recently removed the United States from its list of countries deemed to provide an "adequate level of data protection". Essentially, the FDPIC is of the opinion that legal remedies for data subjects in Switzerland under the Swiss-US Privacy Shield are insufficient. Going forward, businesses must reassess their cross-border data transfers in light of the FDPIC's statement.
A new bill to establish the Ministry of Digital Development is being prepared by Cabinet and will be proposed to the Legislative Yuan in September 2020 for review. According to President Tsai Ing-wen's recent inauguration address, the Ministry of Digital Development will be an industry-oriented government agency for business development in the IT, cybersecurity, telecoms, internet and media sectors.
The Anhui Province government recently issued the Regulations on the Development and Application of Big Data in Anhui Province for public opinion. The draft regulations encourage enterprises, universities, scientific research institutions and other organisations and individuals to engage in the research and development of Big Data technology and give full play to the economic value and social benefits of data resources.
Mexico recently introduced a new digital services tax. Under the new rules, paid-for digital services provided via digital content or apps through the Internet or any other fundamentally automated network are subject to specific value added tax rules if the user of the service is located in Mexico. This article provides a general summary of the new tax rules.
The California attorney general recently issued the final implementing regulations for the California Consumer Privacy Act. The final regulations – which had been under review by the California Office of Administrative Law since 1 June 2020 – include several changes to the previous draft regulations and take effect immediately. Most of the changes relate to grammar, formatting and drafting consistency, but several substantive provisions have been withdrawn entirely for additional consideration.
The Central Committee of the Communist Party of China and the State Council have jointly issued the Master Plan for the Construction of the Hainan Free Trade Port. According to the plan, the aim is for the port to be completed and operational as a globally influential duty-free trading centre by 2050. Among other things, the port is expected to open up value-added telecoms services and gradually remove restrictions on the percentage of enterprises' shareholdings which can be held by foreign investors.
In May 2020 the National People's Congress passed the Civil Code, which will take effect on 1 January 2021. The Civil Code includes special provisions on the protection of privacy and personal information and provides that personal information pertaining to natural persons should be protected as a fundamental civil right. The processing of personal information should adhere to the principles of lawfulness, legitimacy and necessity, and excessive and unreasonable processing is prohibited.
While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it applies these laws more broadly and makes it easier for individuals to take civil action in relation to breaches. As such, privacy and personal information protection laws are likely to be enforced more often and more broadly in China from 2021 onwards. Companies that process personal information in China should ensure that their existing privacy practices comply with the new Civil Code.
The use of connected medical devices has changed the way in which the healthcare sector works. However, the various benefits based on the advance of connected healthcare come with an increased flow of personal data, whether in hospitals or between different market players in the healthcare industry, which has led to an increased risk of cybersecurity incidents and personal data breaches.
The Federal Supreme Court recently issued a ruling addressing the liability of a securities trading company when hackers break into and use a client's email account to send transfer orders. This case is a stark reminder of the importance for anyone using online accounts and online (email) communications to properly secure their IT systems against hackers and other malevolent third parties. In case of any suspicious activity, it is necessary to immediately assess the situation and react accordingly.
The Data Protection Authority recently updated its FAQs regarding personal data processing in the face of the COVID-19 emergency, providing some important clarifications on contact tracing and medical data processing based on mobile app technology more generally. This article examines the data protection implications of contact tracing apps at national and regional levels, in medical applications and private enterprise.
The App Special Governance Panel recently issued the 2019 Special Governance Report on Apps for Illegal Collection and Use of Personal Information, summarising governance efforts from January 2019. According to the report, illegal collection and use activities by apps will be cracked down on and enterprises' capacity to protect personal information will be greatly improved. Further, knowledge of personal information protection by apps should be extensively available.
At present, the regulation of the AI sector in Croatia is practically non-existent, as is the case in many other EU member states. This might be viewed as troublesome, as the technology is advancing rapidly without a specific legal control system to provide guidance. However, the issues arising from the use of AI are complex and difficult to foresee, which makes the legislative process time consuming and demanding.