On 12 February 2025, the Cyberspace Administration of China (CAC) issued the Measures for the Administration of Personal Information Compliance Audit (“Audit Measures”), which will take effect from 1 May 2025. The draft of the Audit Measures was first released for solicitation of public comments on 3 August 2023, and it took a year and a half for CAC to finalize the Audit Measures. In the final version of the Audit Measures, there are a few notable changes compared with the draft version, which reflect the evolving and more relaxed data protection regulatory stance of the CAC.

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence’s commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and “off-the-shelf” software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

The recent County Court of Victoria decision, Lynn Waller (A Pseudonym) v Romy Barrett (A Pseudonym) [2024] VCC 962, suggests the existence of an Australian common law cause of action for invasion of privacy.
The trial judge assessed that the right to privacy is a value distinct to the right to keep information confidential. As a result, she considered that privacy requires separate protection to breach of confidence claims. This brings Australia closer to the accepted position in the UK, US, Canada, and New Zealand.

The proposed amendments to the Consumer Protection Act Regulations in South Africa aim to enhance consumer privacy by regulating direct marketing practices. Open for public comment until 15 January 2025, these changes focus on creating an opt-out registry managed by the National Consumer Commission, allowing consumers to block unsolicited electronic communications. Direct marketers will be required to register, renew annually, and cleanse their databases regularly to comply with the new rules. The amendments also introduce enforcement mechanisms for non-compliance and align with the Protection of Personal Information Act, ensuring comprehensive consumer protection against unwanted marketing.

In response to the persistent issue of fraud, the Fraud Crime Hazard Prevention Act (FCHPA) was passed by the Legislative Yuan and came into force on 31 July 2024. The FCHPA requires financial institutions, virtual asset service providers, telecom enterprises, online advertising platform operators, third-party payment service providers, e-commerce and online gaming companies to respectively take certain fraud prevention measures.
In September 2024, the Ministry of Digital Affairs (MODA) published the criteria of the online advertising platforms that would be subject to the FCHPA, designated four foreign online advertising platform operators that meet the criteria, and asking them to report their legal representative (can be a law firm) in Taiwan by 31 October 2024.

With the anticipated publication of the European General Data Protection Regulation in 2016, multi-national companies are beginning to assess how the new Regulation will affect their global data protection and privacy compliance programs.

The Hungarian Parliament has recently adopted an amendment (Act No CXXIX of 2015) to the Information Act that will provide regulation regarding how data controllers must treat data breach incidents. Under the amendment, a data breach incident is any unauthorized processing of data, including the unauthorized access, alteration, unauthorized transfer,…