Session 1: Spotlight on privacy developments in Asia Pacific

China

China's PIPL came into effect on 1 November 2021. Together with the Data Security Law (DSL) which came into effect on 1 September 2021 and the Cybersecurity Law (CSL) which took effect on 1 June 2017, they form a three-pillar data protection and cybersecurity system in China. The PIPL is the first comprehensive personal data protection law in China and adopts certain concepts under the GDPR. It applies to personal information processing activities conducted within China, cross-border transfers of personal information outside of China and certain cross-border processing activities concerning data subjects in China. The DSL applies to all types of data and data processing activities carried out within the territory of China, with a focus on "important data" and state core data. The CSL has introduced the concept of "Critical Information Infrastructure" and sets out the general rules on cyber data and information security.

Vietnam

Companies should watch out for Vietnam's four key pieces of upcoming legislation that touch on data protection and cybersecurity issues, namely the Draft Decree detailing the Law on Cybersecurity ("Draft Cybersecurity Decree"), the Draft Decree on Personal Data Protection ("Draft PDPD"), the Draft Decree on Penalties for Administrative Violations in Cybersecurity ("Draft PAVCD"), and the Draft Law on Consumer Protection ("Draft LPCR").

The Draft Cybersecurity Decree was circulated to the Government Members for approval in May 2019 but the approval is yet to be granted (as of March 2022). The revised Draft PDPD (which has been kept confidential) is expected to be promulgated by May 2022, with further amendments to be applied by 2024. The public consultation on the Draft PAVCD ended last November but it seems that the Ministry of Public Security has not submitted the Draft PAVCD to the Government yet. The public consultation on the Draft LPCR closed in March 2022 and will require traders to comply with the regulations on personal information protection.

Hong Kong

The amended Personal Data (Privacy) Ordinance which criminalises "doxxing" took effect on 8 October 2021. "Doxxing" refers to gathering personal data of a specific targeted person and/or related persons (such as family members) through various means, e.g., public registers and discussion platforms, and disclosing such personal data on the Internet, social media or other open platforms (such as public places).

Australia

Australia is in the process of reforming the Privacy Act. There is also draft legislation for the creation of a binding online privacy code which would apply to social media services, data brokers, and certain large online platforms operating in Australia. Further, there are developments in Critical Infrastructure and Cyber Security Laws which seek to expand existing protections to more industries, with mandatory reporting requirements when the critical infrastructure is subject to a cyber-attack. The Online Safety Act came into effect in January 2022 and targets inappropriate material and cyberbullying, allowing the eSafety Commissioner to identify offending accounts in order to enforce the Act.

Access the session recording and other materials here.

Speakers: Jo-Fan Yu, Manh Hung Tran, Toby Patten, Zhenyu "Jay" Ruan and Dominic Edmondson

Related webinars

Global sessions

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 2 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World: Data Privacy Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World - Data Privacy Global Update - Session 2 (Webinar)

Europe sessions

Europe: Deciphering Data Webinar Series - Managing Workforce Data (Webinar)

Europe: Deciphering Data Webinar Series - When Data Goes Wrong - Enforcement and Litigation Trends Across Europe (Webinar)

Europe: Deciphering Data Webinar Series - Cookies and Online Advertising - Recent Trends in Europe (Webinar)

Europe: Deciphering Data Webinar Series - International Data Transfers - What’s Next? (Webinar)

Asia Pacific sessions

Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)