KWM TOPICS >

Data and Privacy

GLOBAL | EN
Current site :    GLOBAL   |   EN
Australia
China
China Hong Kong SAR
Japan
Singapore
United States
Global

Big changes are coming to privacy: get your data house in order

Our approach is holistic and risk-based, focusing strongly on commercial and customer outcomes. We provide strategic advice and long-term approaches to assist our clients to be data-driven leaders in the digital economy.

We collectively strive to bring clarity to our clients as they grapple with the unique impact that new technologies, the growing value of data assets, regulatory change, a heightened cyber risk environment, and ongoing cost pressures have on their operations. We have experts in big data, AI, the data economy, the Internet of Things (IoT), cloud services, management of cyber breaches, data-related regulatory investigations and court actions, and all other aspects of privacy and data protection regulation.

OUR PRIVACY INSIGHTS

Privacy Annual Update 2024

Each year, we write this publication to recap the key developments in Australian privacy law over the past year.

11 December 2024

Data Wars Part IV: Enforcement reforms in the Privacy Amendment Bill

The Australian Government is seeking to implement reforms to the Privacy Act 1988 (Cth) (Privacy Act).

21 November 2024

Data Wars Part III: Statutory tort, incoming!

With a substantially pared back Privacy and Other Legislation Amendment Bill 2024 (the Bill) before Parliament, only the statutory tort remains.

15 October 2024

Whose phone is it anyway? Navigating employee privacy and employer data in the age of BYOD

An ever-increasing proportion of business is conducted outside of the physical office and contracted hours – most commonly, on an employee’s mobile device, whether it is their personal device or employer-provided.

11 October 2024

Breaking down the Privacy Amendment Bill

The Government has (at last) introduced the first tranche of long-anticipated privacy reforms.

18 September 2024

Privacy Act Reforms – A Long Running Saga, Yet Still to be Continued …

A privacy reform Bill has been introduced to parliament. If enacted, the Bill will implement significant changes to the Privacy Act, including introducing broader enforcement powers for the Australian Information Commissioner, a statutory tort for serious invasions of privacy, greater transparency for individuals regarding use of personal information for automated decision-making, and additional protections for children’s privacy.

12 September 2024

Data Wars Part II: A direct right of action

In our previous Insight, we explored the proposed statutory tort for serious invasions of privacy detailed in the Attorney-General’s Department’s Privacy Act Review Report (Report) in February 2023. Draft legislation is expected in coming months.

29 August 2024

Risk of GenAI - Probing the privacy pitfalls

The Australian public is nervous about AI and has low trust that companies using AI will protect their personal data.

01 August 2024

Data Wars - Part I: Tortious invasions of privacy

The Australian Government has confirmed its commitment to introduce a new direct right of action for breaches of the Privacy Act 1988 (Cth) (the Act) or the Australian Privacy Principles (APPs), and a statutory tort for serious invasions of privacy.

12 July 2024

Consumer Energy Resources: data and privacy

Welcome back to our 5-part series exploring the emerging opportunities and challenges associated with the uptake of CER in Australia from a tech law perspective, with a focus on privacy and data, AI and automation, cyber security and contracting to enable the transition to CER.

20 June 2024

Representative complaints under the Australian Privacy Act – recent developments

Data breach litigation in Australia is a relatively new occurrence. The courts have recently decided that a multiplicity of court cases and administrative investigations into the same incident may run in parallel.

20 March 2024

Australian privacy regulator sues in data breach case

On 3 November 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty (fine) in connection with the company’s response to a data breach that occurred in February 2022.

13 November 2023

Inching forwards: Government responds to Privacy Act Review Report

TL;DR The Government has today released its long-awaited response to the proposals made in the Attorney General’s Privacy Act Review Report.

28 September 2023

Europe’s AI regulation gets real : what to know (and do) about the EU AI Act as it nears finalisation

More than two years ago, the European Union (EU) released the first draft of the Artificial Intelligence Act (AI Act). This was the first significant attempt at regulating AI on a large scale. In June, it passed a major milestone bringing it closer to finalisation. There is some way to go, but the signs are clear. Our experts share what the AI Act means for companies worldwide – and why now is the time to start thinking about risk mitigation steps.

26 June 2023

Have your say on the regulation of Artificial Intelligence in Australia: Recent Developments

Artificial Intelligence (AI) is increasingly becoming a focal point for lawmakers and regulators around the world. Like many nascent technologies, AI has the potential for both harmful as well as positive outcomes, with algorithmic biases and the generation of misleading or erroneous outputs of particular concern. Consequently, safety and the effective management of AI risk has been at the forefront of the minds of Australian regulators. While some overseas jurisdictions are already further down the path towards AI regulation, there have been three recent significant developments in

26 June 2023

KWM privacy bytes – Privacy Act Review Report individual rights

Released in February this year, the Government’s long-awaited Privacy Act Review Report (Report) contains 116 proposals for privacy reform. In this, our second article in the Privacy Bytes series, we take a closer look at the new individual rights the Report proposes to include or expand in the Privacy Act.

09 May 2023

Developments in the regulation of Artificial Intelligence

Artificial intelligence (AI) has captured the attention of the world over the last 12 months. From AI chatbots to AI-generated art and inventions, AI has the potential to radically transform our economy, our society, and humanity.

19 April 2023

ChatGPT and the Importance of AI Governance

ChatGPT, the artificial intelligence chatbot developed by OpenAI, has become the fastest growing consumer product in history, reaching 100 million monthly active users within a mere 2 months of its launch. It has caused shockwaves across the education, media and marketing industries and has stoked fears of broader job losses amongst white collar workers.

14 April 2023

KWM Privacy Bytes - Privacy Act Review Report: Collecting and using of personal information

The Government’s long-awaited Privacy Act Review Report contains 116 proposals for reform. While not fundamentally changing the current principles based approach, these proposals will require a step change in how Australian companies collect and use personal information.

30 March 2023

Privacy Act Review Report (Finally) Released

The Government has released a long-awaited report setting out its privacy reform agenda. This landmark report proposes many significant changes.

17 February 2023

SHOW MORE SHOW LESS

 

WHAT OUR EXPERTS SAY ON THE PRIVACY ACT

Privacy Act and the reforms that will matter most

Cal Samson tells us in 3 minutes the reforms that will matter the most. (2023)

Government response to the Privacy Act Review Report

 

SEE WHAT'S COMING WITH THE KWM TECH REGULATION TRACKER

Track important privacy developments with our easy-to-use and regularly updated timeline.

Privacy Annual Update 2023

The pace of change in this area is faster than ever before. We reflect on the key developments in Australian privacy law in 2023.

OUR DATA INSIGHTS

Can the data centre goldrush go green? Malaysia’s Johor shows we can move fast, but more is needed

Johor sits at the southern tip of Malaysia, minutes away from neighbouring Singapore. Lesser known than the nation’s capital, Kuala Lumpur, and less developed than its most populous state of Selangor, Johor – and its capital Johor Bahru – are rapidly rising in prominence.

29 August 2024

Rebooting the system – the Government announces its plans for the Consumer Data Right

The Government has outlined its plans for the Consumer Data Right (CDR) ecosystem, focusing in particular on reducing the costs of compliance for industry participants, lowering the barriers to adoption for consumers and increasing uptake of the CDR in the sectors in which the CDR is already active.

26 August 2024

ASX provides welcome cyber breach disclosure guidance – update to Guidance Note 8

Following recent high profile cyber breaches, ASX has included a new data breach worked example in its updated Guidance Note 8 (effective 27 May 2024).

20 May 2024

Navigating the Legal Ethics of Generative AI

Generative AI is much more than just ChatGPT. Broadly speaking, generative AI refers to AI products that can be used to produce new content (such as text, images and video) as opposed to other tasks like classification or data analysis.

24 April 2024

Act on your suspicions: Key lessons from the OAIC’s latest Notifiable Data Breaches Report

Twice a year the OAIC produces a report about the operation of the notifiable data breaches (NDB) scheme under the Privacy Act.

27 February 2024

Inventing inventors? Generative AI & patents

Generative AI has ushered in a new era of innovation and creativity. While much of the discussion has

12 February 2024

Lessons from where you don’t want to be: Analysing the OAIC’s latest report on notifiable data breaches

The OAIC’s latest report on the Privacy Act’s notifiable data breach scheme reveals a declining number of notifications.

06 September 2023

A reminder about FSCODA following recent enforcement action by APRA

As the Australian Prudential Regulation Authority (APRA) has recently taken enforcement action against an Australian authorised deposit-taking institution (ADI) under the Financial Sector (Collection of Data) Act 2001 (“FSCODA”) , we thought it timely to provide a refresher on the requirements of FSCODA and potential consequences of non-compliance.

11 July 2023

Australian Government releases new Data and Digital Government Strategy

The Minister for Finance, Senator the Hon Katy Gallagher, recently launched for consultation a draft Data and Digital Government Strategy: The data and digital vision for a world-leading APS to 2030 (Draft Strategy). You’re invited to make comments on the Draft Strategy by 25 July 2023.

07 July 2023

Hong Kong’s new financial crime tool

Fraud is one of the thorniest problems for banks and their customers globally, with billions of dollars of leakage to opportunists, criminal syndicates and thieves. The Hong Kong Monetary Authority (HKMA) has recently announced Hong Kong’s newest institutional financial crime tool – FINEST. The initiative was launched in collaboration with the Hong Kong Police Force (HKPF) and The Hong Kong Association of Banks (HKAB). King & Wood Mallesons was delighted to serve as legal advisor on the project. This alert summarises the key points to know.

30 June 2023

Europe’s AI regulation gets real : what to know (and do) about the EU AI Act as it nears finalisation

More than two years ago, the European Union (EU) released the first draft of the Artificial Intelligence Act (AI Act). This was the first significant attempt at regulating AI on a large scale. In June, it passed a major milestone bringing it closer to finalisation. There is some way to go, but the signs are clear. Our experts share what the AI Act means for companies worldwide – and why now is the time to start thinking about risk mitigation steps.

26 June 2023

Have your say on the regulation of Artificial Intelligence in Australia: Recent Developments

Artificial Intelligence (AI) is increasingly becoming a focal point for lawmakers and regulators around the world. Like many nascent technologies, AI has the potential for both harmful as well as positive outcomes, with algorithmic biases and the generation of misleading or erroneous outputs of particular concern. Consequently, safety and the effective management of AI risk has been at the forefront of the minds of Australian regulators. While some overseas jurisdictions are already further down the path towards AI regulation, there have been three recent significant developments in

26 June 2023

It copies, right? Generative AI & copyright law

Only last September and October we published our AI Guides to AI & Copyright Infringement and Ownership of AI Generated Works.

11 May 2023

India: Navigating a Growing Data Centre Market

The Indian data centre market has attracted significant interest from foreign investors. This, in part, is due to the efforts of the Indian government to significantly improve the country’s IT infrastructure under the National Digital Transformation Programme, as well as recently-passed data localisation laws and the growth of the e-commerce and FinTech solutions sectors. In this short guide, we share our insights on the key considerations for foreign investors pursuing data centre opportunities in India, such as structuring, financing (equity and debt) and regulatory considerations. As investors, developers, contractors and operators in the digital infrastructure sector globally look to improve the sustainability of their digital infrastructure assets, demand will increase for businesses engaged in creating solutions for efficient data storage and management.

10 May 2023

KWM privacy bytes – Privacy Act Review Report individual rights

Released in February this year, the Government’s long-awaited Privacy Act Review Report (Report) contains 116 proposals for privacy reform. In this, our second article in the Privacy Bytes series, we take a closer look at the new individual rights the Report proposes to include or expand in the Privacy Act.

09 May 2023

DABUS dismissed again! United States Supreme Court declines to consider whether AI can be an inventor

This decision means that the lower court’s ruling holds — US patents can only be issued to human inventors and that Dr Thaler’s AI system (Device for the Autonomous Bootstrapping of Unified Sentience or DABUS) could not be considered the legal creator of two inventions that Dr Thaler said it generated.

27 April 2023

Developments in the regulation of Artificial Intelligence

Artificial intelligence (AI) has captured the attention of the world over the last 12 months. From AI chatbots to AI-generated art and inventions, AI has the potential to radically transform our economy, our society, and humanity.

19 April 2023

ChatGPT and the Importance of AI Governance

ChatGPT, the artificial intelligence chatbot developed by OpenAI, has become the fastest growing consumer product in history, reaching 100 million monthly active users within a mere 2 months of its launch. It has caused shockwaves across the education, media and marketing industries and has stoked fears of broader job losses amongst white collar workers.

14 April 2023

KWM Privacy Bytes - Privacy Act Review Report: Collecting and using of personal information

The Government’s long-awaited Privacy Act Review Report contains 116 proposals for reform. While not fundamentally changing the current principles based approach, these proposals will require a step change in how Australian companies collect and use personal information.

30 March 2023

Investing in Japanese data centres: a guide

Data centres – and in turn investments relating to them – are increasing worldwide. Japan is home to the third largest number of data centres, after the US and China. The regulatory settings in Japan may make it a more attractive destination for data centre investments in the future. In this insight, we look at laws and regulations relating to data centres in Japan, as well as: - Why it might become a favoured investment destination - Customer contracting considerations - Investment structuring - ESG considerations (in particular, renewable energy), and - Considerations when selecting the location of a DC. Our experts are closely watching this space, both in Japan and across Asia.

22 March 2023

Privacy Act Review Report (Finally) Released

The Government has released a long-awaited report setting out its privacy reform agenda. This landmark report proposes many significant changes.

17 February 2023

Vietnam: Opportunities in the data centre market

In this short guide, we share our insights on the key considerations for foreign investors pursuing data centre opportunities in Vietnam.

12 October 2022

Only the link: Google not liable for defamation

In allowing the appeal, the majority found that, in circumstances where Google did not participate in the writing or dissemination of the defamatory article, the provision of the hyperlink merely facilitated access to the article. Google neither “lent assistance” to the original publisher, nor did it participate in any “bilateral process” of, communicating the article to third-party users.

18 August 2022

5 key issues in negotiating cloud contracts

With the promise of cost savings, greater flexibility and ability to scale, it is not surprising that companies are continuing to move their key business applications and data to the cloud.

15 August 2022

Of charlatans and poor choices: how restrictions on crypto assets are growing worldwide

Yet the ancient origin of the word goes to the essence of today’s regulatory tension: ‘crypto’ has its origin in the Greek word ‘kruptos’, meaning ‘hidden’. Governments and regulators around the world are working to bring crypto assets into view.

22 February 2022

SHOW MORE SHOW LESS