New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield.

“The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”

“The decision does not directly affect transfers of data from

New Zealand’s Government Cyber Security Centre has issued a guide on incident response, laying out key steps designed to help business leaders and cybersecurity professionals strengthen their organizations’ ability to manage and respond to cybersecurity incidents.

The guide lists five incident management steps:

  • Define Roles and Responsibilities
  • Identify Threats and Assets
  • Have a Plan
  • Logging,

New legislation imposes stronger privacy protections on Australia’s planned contact-tracing app.

“The Australian government’s coronavirus tracing app will have stronger privacy protections under legislation which has passed Parliament,” reports The New Daily.

“People found accessing the data without authorization will face up to five years’ jail and fines of $63,000.

Businesses refusing to serve

“Indian authorities plan to make a contact-tracing mobile app mandatory for everything from taking public transit to going to work, raising concerns among digital rights experts about privacy and increased surveillance.”

“While authorities have said use of the app is voluntary, it has been made mandatory for food-delivery workers and some other service providers, and

Though said to be a replica of GDPR, the Indian Personal Data Protection Bill (PDPB) is actually quite different, writes Sandeep Sangwan of the International Association of Privacy Professionals, and this can cause issues for multinationals or Indian “data fiduciaries” who are also subject to GDPR.

Per Sangwan, the lack of the legal basis “necessary

“Regulators ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps,” reports

“The latest crackdown signals the government’s determination to clean up unauthorized data collection from any and every company violating data privacy laws, particularly bigger players.”

“Companies will need permission to collect the data of citizens in Thailand under the nation’s first privacy law, even if they don’t have a physical presence in the country”, reports Bloomberg Law.

“The Personal Data Protection Act will require businesses to obtain individuals’ consent before collecting their data and let them retroactively revoke consent for

The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:

  • Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal data will be disclosed.
  • Use headings, titles and sections especially when the notification is expected to convey a lot of information.
  • Use a layered

Click to accept – not always good enough, says the New Zealand Privacy Commissioner.

Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the individuals.

In the case of a “clicked consent,” the Commissioner will also check:

  • Why the company believes that click

The Cyberspace Administration of China has published Draft Administrative Measures on Evaluating the Security of Transmitting Personal Information Overseas.

Key requirements:

  • Contracts between the data exporter and the data importer(s) that must include all the certain specified clauses.
  • Internal review by the data exporter following Article 17 of the 2019 Draft Measures and a declaration