Blog
Privacy Alert | Vietnam’s Personal Data Protection Law (PDPL) Officially Enacted
Vietnam’s Personal Data Protection Law (PDPL), enacted in June 2025 and effective from January 1, 2026, establishes a comprehensive national framework for personal data protection, replacing the 2023 Decree No. 13/2023/NĐ-CP. Applicable to both domestic and foreign entities processing Vietnamese citizens’ or residents’ data, the PDPL introduces strict penalties (up to 10 times illegal proceeds for data trading or 5% of annual revenue for cross-border violations), a narrow “legitimate rights and interests” processing basis, and exemptions for micro-enterprises. It mandates explicit consent, data processing and transfer impact assessments (DPIA and TIA), and robust data subject rights, including access, correction, and deletion. Enterprises must implement consent mechanisms, data security measures, and compliance with data localization under the Cybersecurity Law, with specific rules for sensitive data like children’s or health information, and a 72-hour breach reporting requirement.
Privacy Bulletin: SHEIN SMS Violates Do-Not-Call Directive, Faces Class Action Lawsuit
On July 12, 2025, a class action lawsuit was filed against SHEIN for allegedly violating the Telephone Consumer Protection Act (TCPA) by sending marketing text messages to numbers listed on the National Do-Not-Call Registry without prior consent. The plaintiff, whose number was registered in April 2025, continued receiving promotional texts in June, well past the required 31-day buffer. The case emphasizes that TCPA rules apply not only to calls but also to automated SMS marketing, requiring companies to prove consent, honor opt-outs, and now comply within 10 business days following an FCC order in April 2025. This lawsuit highlights stricter enforcement of consumer privacy protections against unsolicited marketing communications.
Avoiding GDPR Cookie Policy Violations: A Guide for Enterprises
The Mirror’s cookie banner, which charges £1.99/month to reject non-essential cookies, violates GDPR’s requirement for freely given consent, risking fines and reputational damage. GDPR mandates transparent, opt-in cookie policies with easy withdrawal, and tools like Kaamel’s Risk Management solution help enterprises ensure compliance through automated audits and developer-friendly workflows. Enterprises must prioritize user-friendly consent mechanisms to avoid legal and trust issues.
South Korea Fines Meta for Violating Personal Data Laws
South Korea's Personal Information Protection Commission fined Meta 21.6232 billion KRW for improperly collecting and processing sensitive user information, denying access requests, and causing a data leak. The Commission ordered Meta to implement stronger data protections and ensure lawful handling of sensitive data.
FTC Enforces New "Click to Cancel" Rule for Subscription Cancellations
The FTC's new “Click to Cancel” rule mandates businesses to simplify subscription cancellations, making them as straightforward as the sign-up process.
DOJ Issues Proposed Rule to Restrict Foreign Access to Americans' Sensitive Data
The U.S. Department of Justice has issued a proposed rule to restrict data access by specific foreign countries, following an executive order by President Biden.
- Prev
- 1
- 2
- 3
- 4
- 5
- 11
- Next
- 1
- 2
- 3
- 4
- 5
- 11
