• 2019/10/12

    The Risk of Parallel GDPR Investgations…To Companies Without an EU Presence

    The data protection authorities of the EU Member States (DPAs) are imposing ever high fines for violations of the GDPR. In June and July 2019, the UK DPA imposed large fines on Marriott (€111 million) and British Airways (€204 million) for data breaches that breached the GDPR. But it is clear that increasingly larger fines are not the only problem facing companies worried about their exposure to the GDPR. Non-EU companies in particular face a risk of parallel GDPR investigations for the same conduct, and in each such case, the investigating DPR is authorized by GDPR to impose fines up to the maximums provided for the GDPR, which can be 2% or 4% of the company’s global group turnover, depending on the nature of the infringement. How can this be possible?

  • 2019/3/21

    China's Foreign Investment Law——New Rules and Their Impacts

    Foreign direct investment of China has been ranking No. one among developing countries for twenty-seven consecutive years, according to reports of the United Nations Conference on Trade and Development (UNCTAD)[1]. In that backdrop, on March 15th, 2019 the annual session of the National People's Congress (NPC), China's top legislature passed the PRC Foreign Investment Law ("Law"), which is a long-expected landmark legislation and was signed into law on the same day to be effective as of January 1st, 2020.

  • 2019/3/1

    Google Fine of €50 Million and Other GDPR Developments

    On 21 January 2019, the French data protection authority, CNIL, imposed a fine on Google of €50 million for various breaches of the GDPR, and the first fine imposed by CNIL.This was to biggest fine to-date by far imposed by any DPA pursuant to the GDPR.

  • 2018/11/1

    First UK GDPR Enforcement Action is Against Canadian Firm with Apparently No EU Presence

    On 24 October 2018, the UK data protection enforcement body, the Information Commissioner's Office (ICO), issued an Enforcement Notice against Canadian data services firm, AggregateIQ (AIQ). This was the first Enforcement Notice issued by the ICO under the General Data Protection Regulation (GDPR). The Notice specifies several breaches of the GDPR and gives AIQ 30 days to put itself into compliance or face a fine of €20 million or 4% of global group turnover, whichever is greater.

  • 2018/5/29

    The EU General Data Protection Regulation: How It May Affect Chinese Clients

    On 25 May 2018, the long-awaited EU General Data Protection Regulation ("GDPR") [1] will enter into force, ushering in the most severe data privacy regime in the world. The GDPR is the first EU "regulation" on data privacy and will be automatically applicable in all 28 EU Member States. Unlike the previous 1995 Directive, it will not be necessary for national legislatures to adopt it. [2] The Regulation imposes strict rules on the collection, use and storage of personal data, meaning data such as a person's national identification number, address, bank information, race, gender etc.

  • 2018/2/7

    Reforms and Changes of Foreign Employment Policies in China

    In China, only "qualified" entities are legally permitted to "employ" people (i.e., "employees"). In particular, all domestic businesses or other types of entities are qualified to directly hire people, while not all foreign entities doing business in China are so qualified. For example, a representative office in China of an overseas entity which was incorporated in a jurisdiction other than China is not qualified to directly hire employees because under China law such office can hire employees only by way of a seconding arrangement with a personnel seconding entity.

total  11