Topic: Data protection

Most incidents handled by our Norton Rose Fulbright cyber team originate from the customer’s service provider. In many cases it is the service provider’s systems, infrastructure and environment which proves to be the most vulnerable to cyber breaches and security issues.

Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.

Please join us at our 12th Annual European Data Protection Conference.

On 16 January 2023, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing the areas where future policy interventions relating to generative AI may take place and options for such intervention.

The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance).

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each other and with European data privacy rules.

The Commercial Court in Jinxin Inc v Aser Media Pte Ltd and others & Others has ruled that an employer’s right to monitor and access private information of an employee held on its systems does not extend to a loss of confidentiality in those documents, and therefore a loss of privilege, as against the employer.

On 25 November 2022, the UK Information Commissioner’s Office (ICO) and the Office of Communications (OFCOM) (together, the Regulators) released a joint statement setting out their shared views on the interactions between online safety and data protection (the Statement).

On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).

The latest instalment in the Tulip Trading v Bitcoin Association litigation has been greeted with relief by many in the blockchain community, after the High Court threw out a claim that bitcoin developers (including several bitcoin forks) owed a duty of care or a fiduciary duty to an alleged owner of bitcoin.