In a landmark decision, the Singapore High Court in Piper v. Singapore Kindness Movement [2025] SGHC 173 has clarified the limits of deemed consent under the Personal Data Protection Act 2012 (the "PDPA") and the requirements...more
9/8/2025
/ Damages ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Personal Information ,
Prior Express Consent ,
Regulatory Requirements ,
Singapore ,
Statutory Interpretation ,
Supreme Court of Singapore
Thailand's Digital Government Development Agency (“DGA”) has published two sets of draft public sector-targeted guidelines intended to steer government agencies towards implementing cloud technologies and data classification...more
Vietnam's data privacy landscape is undergoing a significant transformation with the recent enactment of the Law on Personal Data Protection (PDP Law), effective from 1 January 2026. This new law marks a pivotal step in...more
Thailand's Personal Data Protection Committee (“PDPC”) has significantly intensified its enforcement of Thailand's Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), announcing on 1 August 2025 eight new administrative...more
8/11/2025
/ Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Thailand
On 1 August 2025, the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”), and the Personal Data Protection Bureau, Macao (“PDPB”), in collaboration with seven other privacy and data protection authorities across...more
On 30 July 2025, the Indonesian Constitutional Court (“Court”) issued a landmark ruling, Decision No. 151/PUU-XXII/2024 (“Decision 151”), which significantly broadens the scope of mandatory Data Protection Officer (“DPO”)...more
Following its enactment earlier this year, Myanmar's Cybersecurity Law No. 1/2025 (the “Cybersecurity Law”) came into effect on 30 July 2025. It introduces a comprehensive framework regulating both domestic and international...more
On 26 June 2025, Singapore’s Personal Data Protection Commission (PDPC) and Cyber Security Agency (CSA) released a joint statement advising organizations to stop “as soon as possible” the practice of using Singapore national...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”).
Once passed, Cambodia will join the ranks of seven other countries...more
Australia has implemented a first-of-its kind requirement for eligible businesses to report ransomware payments. From 30 May 2025, eligible businesses that make a payment in response to a cyber security incident, or become...more
6/16/2025
/ Australia ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Government Agencies ,
New Legislation ,
Penalties ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
With the introduction of the Data Sharing Act 2025 (the “Act”), Malaysia has formalised the rules governing the sharing of data between its public sector agencies. Designed to foster greater collaboration and efficiency, the...more
On 17 March 2025, the Australian Government published Model Clauses to help government purchasers manage vendor relationships when procuring AI technology based systems and services. The Model Clauses cover issues relevant to...more
The launch of the Global Cross Border Privacy Rules (CBPR) and Privacy Rules for Processors (PRP) systems on June 2, 2025 offers a framework to manage increasingly difficult standards for global data privacy governance....more
In a digital age where large volumes of data can be transferred and retained with ease, the Singapore High Court’s recent decision in Hayate Partners Pte Ltd v Rajan Sunil Kumar [2025] SGHC 41 sheds light on a growing...more
The rapid development of data protection laws across the Asia-Pacific region indicates significant movement toward certain standards, albeit with notable local policy variations across multiple areas. Our Asia-Pacific Data,...more
On May 7th 2025 the EU and Singapore signed the Digital Trade Agreement (DTA). Following the signing of the EU-Singapore Free Trade Agreement in 2019, and building on the EU-Singapore Digital Partnership and Digital Trade...more
As artificial intelligence continues to reshape industries, understanding the evolving regulatory landscape is more critical than ever. Our new APAC AI Watch series offers in-depth analysis of key legal developments across...more
Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
Malaysia issued a regulatory guideline for data breach notification in February 2025. This article discusses how the new regulation affects businesses in Malaysia. On 25 February 2025, Malaysia's Personal Data Protection...more
3/24/2025
/ Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Malaysia ,
Personal Data ,
Popular ,
Privacy Laws ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements
Malaysia introduced a mandatory data protection officer appointment in February 2025. We discuss the implications of this new regulatory requirement for businesses operating in Malaysia....more