Category Archives: Asia

The current data protection landscape in Indonesia Until recently, Indonesia has had a largely patchwork approach to personal data protection. There is not currently a singular comprehensive data protection law or regulation; nor, for example, are there any regulations specifically addressing cookies and location data. Overall, the scattered guidance is found in regulations relating to employees; banks; criminal procedures; human rights; health; financial services; and the more detailed Electronic Information and Transactions Law (Law No. 11 of 2008) ("EIT Law") and its implementing regulations, among others. In 2012, Indonesia passed Government Regulation 82 ("GR82"), implementing various aspects of the EIT Law but with a key focus on ensuring that electronic system operators for "public services" use Indonesia-based data-centres. The scope of "public services" is still somewhat unclear but it has the potential to cover both government organisations and certain public-facing private sector businesses (which may include certain organisations in banking, insurance, health, … Continue Reading ››
Last week, Singapore's minister for Home Affairs and Law announced plans  to strengthen cybersecurity legislation as part of his government's National Cybercrime Action Plan, strengthening Singapore's establishment as a technology hub for the region and signaling a significant advancement in its Smart Nation Programme. Acknowledging the worrying trends in cybercrime rates and the evolving creativity of attackers, My Shanmugam emphasised the need for legislation to keep pace with national cybersecurity initiatives. The new Cybersecurity Act, announced earlier this year, is expected to be tabled in 2017. The legislation will aim to enhance law enforcement investigative and enforcement powers and, significantly, advance the accountability of companies responsible for processing and/or collecting sensitive data. Previous commentary from the government on the new Cybersecurity Act focused more heavily on accountability for companies responsible for data collection and processing than last week's announcements, which considered cybersecurity more broadly. "A significant part of the legislation … Continue Reading ››
The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
  • EU policy and regulation including latest news from Brussels on the GDPR and NISD
  • News from the UK
  • News from Germany
  • News from Spain
  • News from Asia
EU POLICY AND REGULATION
  • GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
  The latest round up of legal, regulatory and other news from the Datonomy blogging team at Olswang LLP. With thanks to: Christian Leuthner in Munich, Aisling O’Dwyer and Matt Hunter in Singapore, and Callum Monro-Morrison in London for their contributions to this week’s alert. EU POLICY AND REGULATION
  • Datonomy’s correspondent in Munich, Christian Leuthner has tweeted, that Germany’s IT Security Act came into force on 25 July. See his more detailed coverage of the new Act here
  • Network and Information Security Directive: A glimmer of progress on the EU’s draft NISD in the past week, with the mention on the Council’s Consilium website of a Council document “Drafting suggestions on operators providing essential services”. As Datonomy readers will be aware, one of the sticking points on the Directive has been the extent to which online services should be caught by the new rules. At the end of … Continue Reading ››
The latest round up of legal and regulatory developments and news on cyber security from the Datonomy blogging team at Olswang LLP. With thanks to Datonomy’s correspondents Tom Pritchard in London and Sylvie Rousseau (Paris and Brussels) for their contributions to this week’s update.  EU policy and regulatory developments
  •  General Data Protection Regulation: ITProPortal and the Register are reporting that the trilogue negotiations on 14 July made “good progress” and culminated in agreement on Chapter 5 (territorial scope) and Article 3 (international transfers).  The Council’s Consilium website has posted a document detailing the debrief that the Council received on 15 July, however, this document is not yet publically accessible so we cannot report on the substance of the agreed compromise.   The Register’s article states that “there has been a notable push to get the GDPR onto the law books as soon as possible. Negotiators have set themselves an ambitious deadline … Continue Reading ››
Last month, Korea passed the world's first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea? When does it come into force? On 3 March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users (Cloud Act).  The bill has been under consideration since October 2013.  The final version of the Cloud Act is available here (currently only available in Korean). The Cloud Act comes into force on 28th September this year.  Before the Cloud Act comes into force, the Ministry of Science, ICT and Future Planning (Ministry) will establish additional rules for cloud services (as explained below). What will it do? The good news for cloud customers and cloud services providers alike is that the Cloud Act aims to promote the cloud market in Korea. The … Continue Reading ››
With cyber-security tipped as one of the top tech trends for 2014 a lot has already been written about the controversial data security breach proposals in Europe. But what is happening elsewhere in the world? We hear from one of Datonomy’s Asia correspondents, Olswang Partner Elle Todd Datonomy was pleased to lead a discussion and mock cyber security breach scenario alongside the local chapter of the IAPP in Singapore last week where such issues are gaining a lot of attention and interest. The engaging session, attended by a variety of practitioners, followed the unfortunate exploits of a fictitious international e-commerce company faced with an anonymous threat from an individual claiming that they had managed to obtain the customer database and would release it to the blogosphere. As the morning unfolded, more facts and problems emerged for the company and the audience discussed how best to respond to the potential disaster from … Continue Reading ››