In Singapore, private sector organisations must generally comply with the transfer limitation obligation in the Personal Data Protection Act (the Act). Any transfer of personal data outside Singapore must be in accordance with the Act’s requirements, to ensure that a comparable standard of protection is accorded to that data.

However, where an organisation is a data intermediary, i.e., it processes personal data on behalf of and for the purposes of another pursuant to a written contract, that intermediary is not subject to the transfer limitation obligation, as specified in section 4(2) of the Act.

Continue Reading Guidance given on Singapore cross-border data transfer obligation for intermediaries and cloud providers

This month, the Privacy Shield Program posted answers to Frequently Asked Questions. The Privacy Shield provides a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

The general guidance addresses topics such as the continued status of the Privacy

This post was also written by Nick Tyler.

Having hosted and won the very first ‘soccer’ World Cup in 1930, and then having won it again twenty years later, Uruguay belongs to a very exclusive band of multiple-World Cup winning countries. Having reached the semi-finals of this year’s tournament (for the fifth time in

This post was also written by Nick Tyler.

The Information Commissioner’s Office (ICO), the UK data protection regulator, has recently responded to the UK Government’s Call for Evidence on the current data protection legislative framework. The Ministry of Justice sought evidence about how the European Data Protection Directive 95/46/EC and the Data Protection Act