In addition to U.S. states like California, some foreign nations, including Brazil, South Korea, and Japan have enacted comprehensive data protection legislation. The EU, in particular, has long applied a more wide-ranging data protection regulatory scheme, and its most recent data protection law, the General Data Protection Regulation (GDPR), has served as a model for other jurisdictions developing data protection policy. The GDPR requires any entity that processes personal data to identify a legal basis for its action (such as consent or “legitimate interests”), and it enumerates eight data privacy rights afforded to individuals. The regulation also includes data breach notification requirements, data security standards, and conditions for cross-border data flows outside the EU.
China’s Personal Information Protection Law (PIPL) China’s PIPL, which came into effect in 2021, is seen as China’s version of GDPR, with strict requirements on how personal information is collected, processed, and shared. Law enforcement dealing with cross-border cyber investigations involving Chinese data must be aware of these constraints, particularly regarding obtaining and sharing data with Chinese entities.
Post your comment on this topic.