1. EU and Japan sign protocol to include cross-border data flows
On behalf of the EU, the Belgian Presidency of the Council has signed the protocol to include provisions on cross-border data flows in the agreement between the EU and Japan for an Economic Partnership.
The protocol will provide greater legal certainty, ensuring that data flows between the EU and Japan will not be hampered by unjustified data localisation measures, and also ensuring the benefit from the free flow of data according to the EU and Japan’s rules on data protection and the digital economy.
2. ASEAN launches guide for governing AI
ASEAN published its initial framework for AI governance, as the 10 nation-bloc seeks to encourage responsible use of AI in governments and organizations.
In the ASEAN guide, national-level recommendations include nurturing AI talent and upskilling workforces as well as investing in AI research and development. Regional-level recommendations include setting up a working group to roll out such recommendations and compiling use cases to show implementation.
3. Data Security Council of India publishes FAQ on DPDPA
The Data Security Council of India released an FAQ to help better understand the Digital Personal Data Protection Act. It touches on the duties of data fiduciaries, cross-border data transfers rules and enforcement mechanisms.
https://www.dsci.in/files/content/documents/2024/FAQs-on-DPDP-Act-2023-MiniBooklet.pdf
4. Shanghai to allow faster data transfer from China for foreign firms-sources
The government of Shanghai, China, will streamline international data transfer approvals to spur economic improvements, Reuters reports. The fast-track approval initiative is aimed at certain multinational companies and their ability to move their Chinese data out of the country. The new approval system will reportedly be exclusive to Shanghai while businesses in other parts of the country will follow transfer rules enforced by the Cyberspace Administration of China.
5. ASEAN: Issued Updated Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses
The Association of Southeast Asian Nations (ASEAN) Digital Ministers adopted the Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses, including new information on the personal data transfer mechanisms and legal clarifications. The Guide outlines the similarities and differences between the ASEAN and EU standard contractual clauses and includes the best practices to enable entities to comply with the data protection regulations in both jurisdictions. The ASEAN model contractual clauses and EU standard contractual clauses represent model data protection clauses that entities can use in the contractual arrangements to transfer data and ensure data protection and do not require prior authorisation from authorities.
6. South Korea: PIPC publishes revised guidelines for processing pseudonymous data
The Personal Information Protection Commission (PIPC) published revised guidelines for the existing ‘Pseudonymous Information Processing Guidelines.’ The previous guidelines only included recommendations for structured data. The revised guidelines include new standards and principles for identifying and controlling the personal information risks that may appear in the process of pseudonymizing and utilizing unstructured data.
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=9899