In an era of intensifying geopolitical tensions, companies with operations in the U.S. must navigate an increasingly fragmented and national security-driven regulatory landscape governing cross-border transfers of many different types of data, including personal data and technical information used in R&D and patent filings. The US Department of Justice’s new Data Security Program (DSP) essentially prohibits US persons from making certain volumes of Americans’ personal data available to entities headquartered or residing in China (including Hong Kong and Macau), Russia, Venezuela, Iran, Cuba, or North Korea, or their subsidiaries in other countries, unless an exception applies.

The recent County Court of Victoria decision, Lynn Waller (A Pseudonym) v Romy Barrett (A Pseudonym) [2024] VCC 962, suggests the existence of an Australian common law cause of action for invasion of privacy.
The trial judge assessed that the right to privacy is a value distinct to the right to keep information confidential. As a result, she considered that privacy requires separate protection to breach of confidence claims. This brings Australia closer to the accepted position in the UK, US, Canada, and New Zealand.

Following the passing of the Personal Data Protection (Amendment) Bill 2024 by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations:

• Notifying the Personal Data Protection Commissioner and affected data subjects for personal data breach.
• Appointing data protection officer(s).
• Effecting the data subject’s right to data portability.

The deadline to provide feedback is 6 September 2024 (Friday).