Archives: Asia Privacy

Subscribe to Asia Privacy RSS Feed

EU & JAPAN: Free flow of personal data from EU to Japan soon possible

On 17 July 2018 the European Union and Japan agreed to recognize each other’s data protection systems as ‘equivalent’ and to adopt reciprocal adequacy decisions. What is an adequacy decision? An adequacy decision is a decision establishing that a third country provides a comparable level of protection of personal data to that in the European … Continue Reading


Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely:  some further indications as to whom … Continue Reading

CHINA: Significant changes to data and cybersecurity practices under PRC Cybersecurity Law

Written by Carolyn Bigg After a third deliberation, the Chinese government passed the new PRC Cybersecurity Law on 7 November 2016. The new law will come into force on 1 June 2017 and has significant implications for the data privacy and cybersecurity practices of both Chinese companies and international organisations doing business in China. The … Continue Reading

HONG KONG – HONG KONG’s Privacy Commissioner addresses privacy compliance and best practice for BYOD

Written by Scott Thiel Following the publication of industry-specific BYOD guidelines such as those issued by the Hong Kong Association of Banks (the “HKAB Guidelines“), the trend towards Bring Your Own Device (“BYOD“) has come to the attention of Hong Kong’s Privacy Commissioner. The Commissioner published an information leaflet on 31 August 2016 (the “Information … Continue Reading

CHINA: Yet more changes proposed to China cyber and data security laws

Written by Scott Thiel China’s cybersecurity and data privacy frameworks are facing yet more significant changes, as in recent weeks the Chinese Government has announced two further initiatives. These are in addition to the significant legal developments that we highlighted in July 2016. Strengthening the standardisation of national cyber security: The Cyberspace Administration of China … Continue Reading

Singapore’s enforcement of data protection law on the rise

Written by: Scott Thiel and Carolyn Biggs Singapore’s Personal Data Protection Commission (PDPC) is stepping up its efforts to enforce the Personal Data Protection Act 2012 (PDPA). Following the release of its first nine enforcement decisions in April this year, the PDPC has published a further enforcement decision in June and two decisions in July, … Continue Reading

SINGAPORE: Monetary Authority of Singapore outsourcing guidelines 2016

Written by Scott Thiel The Monetary Authority of Singapore (MAS) has published its new and replacement Guidelines on Outsourcing on 27 July 2016. The Guidelines are intended to provide comprehensive guidance over the risk management practices that should be adopted by financial institutions in handling outsourcing arrangements. Businesses operating in Singapore that have entered into … Continue Reading

Written by Scott Thiel, Julia Gorham, Anita Lam and Nicholas Boyle Wearable devices’ – such as fitness trackers, wristbands, access cards – are an increasingly popular technology. Market researchers have estimated that some 21 million wearable devices were sold in 2014 (The Economist,14 March 2015, citing research by IDC). In the US, approximately 90% of … Continue Reading


Written by Louise Crawford Earlier this week, the Hong Kong Monetary Authority (HKMA) ordered seven credit card issuers to suspend issuing cards with contactless payment functions, in light of identified security weaknesses. The technology used to facilitate contactless payment devices is known as Near Field Communication (NFC). Cards that contain an NFC chip can be … Continue Reading


Written by Scott Thiel, Edward Chatterton and Louise Crawford The Hong Kong Privacy Commissioner for Personal Data (“PCPD“) recently published an information leaflet outlining the application of the Personal Data (Privacy) Ordinance (the “PDPO“) for data users looking to engage cloud providers. The information leaflet outlines the data protection principles (“DPPs“) which apply in the … Continue Reading


Written by:  Heng Loong Cheong, Joyce Chan, Samuel Yang, Louise Crawford DOMESTIC BANK CARD CLEARING MARKET OPENS UP Only a few months ago, the State Council’s announcement of the Decision on the Implementation of Market Access Administration in relation to Bank Card Clearing Institutions (the “Decision“) marked the opening of China’s domestic bank card clearing … Continue Reading

China Adopts the New National Security Law – A Top Legislative Effort To Control Cyber Security

Written by Scott Thiel On 1 July, 2015, the Standing Committee of the National People’s Congress, China’s top legislature, approved the new National Security Law of the People’s Republic of China (中华人民共和国国家安全法, the “New Law”) which became effective on the same day. This New Law is very high-level in its nature covering a wide range … Continue Reading

China Issues New CBRC Guidelines: Disclosure Requirements Affect Foreign IT Suppliers, Foreign Banks

Written by Scott Thiel and Belinda Tang A new set of regulations issued by the China Banking Regulatory Commission has fuelled concerns that China intends to squeeze foreign investment in its banking industry. The Guidelines on Banks Using Secure and Controllable Information Technology 2014-2015 were promulgated and became effective in late December.  The Guidelines require banks … Continue Reading

Developments in Payments Regulation in Hong Kong and China

The payments service industry in Hong Kong and China is set to enter a new and more stringently regulated era following announcements by the respective governments about their proposed regulatory reforms. The anticipated new regulations are intended to align the law with technology advancements in this rapidly evolving industry, bringing greater clarity as to the … Continue Reading

Hong Kong Privacy Commissioner Issues Guidelines re Cross-Border Data Transfers

Although the restrictions for transfer of personal data outside of Hong Kong set out in section 33 of the Personal Data (Privacy) Ordinance (the Ordinance) are currently not yet in force, on December 29, the Hong Kong Privacy Commissioner for Personal Data (PCPD) published a Guidance on Personal Data Protection in Cross-border Data Transfer (the … Continue Reading

Malaysia’s Personal Data Protection Act Finally in Effect

Malaysia’s first ever comprehensive privacy law,  the Personal Data Protection Act of 2010 (“PDPA“), came into force on November 15, 2013. The Malaysia Parliament passed the PDPA in 2010.  However, it was passed with no set effective date and uncertainty as to when it would come into force. Now that the law is in force, there is … Continue Reading