November 10, 2021
The rapid development of artificial intelligence (AI) promises plenty of benefits and opportunities but also comes with risks when processing personal information. These risks include: Large-scale data processing: the extensive learning data used in AI development likely involves a variety of personal and sensitive information; Complexity and lack of transparency: the methods used in processing personal information to develop and operate AI services are complex, which makes it difficult for data subjects to know how their personal information is processed; Automation and uncertainty: the difficulty in predicting the results of data processing in automated services can lead to unexpected consequences such as privacy infringement, social discrimination and bias. A recent controversy in South Korea about AI and personal information protection involved “Lee Luda,” an AI chatbot service released on December 23, 2020. Lee Luda was quickly shut down due to complaints about its inappropriate use of personal information. For example, the providers of Lee Luda were accused of directly copying user conversations from another website they serviced without consent. Although the service providers claimed they had consent to collect and use personal information, their stated purpose for collecting and using the data – “service development” – was considered to be too abstract. To address the many issues, South Korean regulators are strengthening the safety and integrity of AI-related personal information processing. For example, the Ministry of Science and ICT released its “People-centered National Artificial Intelligence Ethical Guidelines,” while the Personal Information Protection Commission released the “Guidelines for Protecting Personal Information Processed by Automated Methods” along with the “Artificial Intelligence Personal Information Protection Self-Checklist.” This article provides an overview of...
November 10, 2021
Vietnam has taken large steps to improve its cybersecurity and data protection. The task is not over, and the steps are controversial. Cybersecurity and data protection are governed by the Cybersecurity Law, the Law on Network Information Security (LNIS) and the Law on Information Technology (LIT), with the former two more relevant to cybersecurity and protection of data. Unclear and Confusing Environment Since the Cybersecurity Law came into effect in 2019, there has been an ongoing conversation largely opposing the requirement of data localization, that offshore entities must have a local presence and the government’s ability to censor “inappropriate” Internet content. Strict enforcement, it is feared, will disrupt the continuous flow of data, so crucial for commercial development. However, the government has not clarified or even enforced the law yet. Business continues to operate in the shadow of the law while awaiting guidance. The circumstances are further clouded by the broad language of the law. But lack of clarity and selective enforcement are not new in Vietnam, and they often serve the government’s purpose of indirect control. For businesses, this means past practices in a lightly-regulated environment can be voluntarily and incrementally modified. But with no detail, this is unlikely. The muddled situation may soon change. The past 12 months has seen active development of new draft legislation to clarify the current law but also focus on implementation and enforcement of current requirements. Recent Developments in Cybersecurity Legislation In early 2020, the Ministry of Information and Communications (MIC) proposed to amend Government Decree No. 72/2013 on the provision, management and use of services and information on the Internet. The...
November 10, 2021
In-house lawyers can be the fence at the top of the cyber cliff, creating procedures to prevent the worst effects of a cyberattack and responding quickly and effectively when (not if) a cyberattack occurs. Given how quickly cybersecurity has risen from being a line-item on the IT department’s annual budget to top of the list for most companies, in-house lawyers are now a critical gear in the machinery protecting a firm’s digital assets, client data and balance sheet. General counsel must lead the charge in encouraging the C-suite to create, implement and test a robust cybersecurity incident response (IR) plan. The future success of their company could depend on it. Just how much of a problem are cyberattacks and breaches in 2021? US-based cybersecurity provider FireEye said in its M-Trends 2021 report that the Asia Pacific (APAC) region is the “most-targeted” region in the world for ransomware. Ransomware is a form of malware that encrypts a victim’s computer files. The attacker then demands a ransom to restore access to the data. Users are shown instructions for how to pay a fee to get the decryption key. FireEye’s report said on average, APAC organizations are attacked by ransomware roughly 51 times per week in 2021. But it’s not just ransomware that is rising. Between May 2020 and May 2021, recorded instances of all types of cyberattacks on APAC-based companies rose 168%. And in just one month – April-May of this year – the entire region saw a whopping 58% increase in cyberattacks, year-on-year. Image: Ransomware on the rise. ‘Dwell time’ indicates the time an attacker or malware variant sits on...
September 24, 2021
In the recent case of Primeo Fund v Bank of Bermuda (Cayman) Ltd & Anor (Cayman Islands) [2021] UKPC 22, the Judicial Committee of the Privy Council (the “Board”) further clarified the scope of the reflective loss rule. This is the rule that exists under both English and Cayman Islands law which operates to prevent a shareholder recovering loss which reflects loss suffered by the company in which they are invested. The rule has long been the source of controversy and confusion. This decision of the Board provides some welcome clarification on two aspects of the rules, being the relevant time for determining whether the reflective loss rule should apply (the “Timing Issue”) and the definition of a ‘common wrongdoer’ for the purposes of the reflective loss rule (the “Common Wrongdoer Issue”). Primeo Fund (the appellant) was a Cayman Islands company in official liquidation. It made claims against its two former professional service providers R1 and R2 in relation to loss suffered by its direct investments into BLMIS, the vehicle by which Bernard Madoff carried out his Ponzi scheme. The appeal to the Privy Council from the Court of Appeal of the Cayman Islands concerned the operation of the reflective loss rule in company law. The parties were agreed that Cayman Islands law in this aspect was the same as English law. Nature of the Reflective Loss Rule The Board considered the UK Supreme Court’s recent majority judgment in Marex Financial Ltd v Sevilleja (All Party Parliamentary Group on Fair Business Banking intervening) [2020] UKSC 31 as a starting point. It restated the law in Marex that the reflective...
September 24, 2021
CNN in New York recently fired three employees who violated company policy by reporting for work unvaccinated against the Covid-19 virus. [1] CNN chief Jeff Zucker reportedly said the media outlet has a zero-tolerance policy on requiring employees reporting onsite to be vaccinated. In other news, United Airlines will also require its more than 67,000 US-based employees to be vaccinated by no later than October 25 of this year or risk termination. [2] Unlike gender or race, a person’s vaccination status is not presently a legally-protected characteristic or classification under US Federal or State laws. Yet, the prevailing sentiment in the US is that employers can legally make employment decisions based on the vaccination status of their employees. The Equal Employment Opportunity Commission (EEOC) of the US has, in fact, issued guidelines providing that businesses generally may require workers who report onsite to be vaccinated without running afoul of the country’s anti-discrimination laws. However, due consideration and reasonable accommodations must be afforded to employees who refuse a vaccine for religious or medical reasons. To address this conundrum, some States have already proposed legislation prohibiting discrimination in the workplace and elsewhere based on vaccination status. In contrast, the Philippine government, through the Department of Labour and Employment (DoLE), issued on March 12, Labour Advisory No. 03, Series of 2021 (Guidelines on the Administration of Covid-19 Vaccines in the Workplaces) proscribing the adoption and implementation of a “no vaccine, no work” policy. In the advisory, “covered establishments and employers shall endeavor to encourage their employees to get vaccinated. However, any employee refusing or failing to be vaccinated shall not be discriminated...
September 21, 2021
Singapore has overtaken London as the “global upstart” of international arbitration and is well-placed to deal with the emerging technology trends in dispute resolution, according to observers. In the latest White & Case and Queen Mary University of London 2021 International Arbitration Survey, Singapore tied with London as the most popular seat of arbitration, ahead of Hong Kong, Paris and Geneva. Given that the Singapore International Arbitration Centre (SIAC) has only existed for 30 years, its meteoric rise is an “amazing achievement”, said 39 Essex Chambers barrister Karen Gough. “London has been a hub for international trade for centuries and a global center for arbitration. But while London has an excellent reputation – not least because of its legal infrastructure and facilities to accommodate arbitration hearings – there have been no new developments lately to encourage arbitration in London,” she said. London’s institutional rules were formed a long time ago. For example, the London Court of International Arbitration (LCIA) was established in 1982 while the International Chamber of Commerce (ICC) began in 1919 and its rules first published in 1922. On the other hand, SIAC’s arbitration rules were produced in 1991 and are now in their sixth edition. These rules are, as with all things Singaporean, leading the way with an inclusion of provisions embracing recent legal developments and the practice of international commercial arbitration. The Singaporean courts are also well equipped to deal with arbitration matters, Gough said.   As Singapore’s arbitration environment continues to upgrade both its technological and procedural systems, it will be in a good spot to fix some lagging inefficiencies in arbitration. National University of Singapore...