Amendments to China’s Anti-Monopoly Law are due to go into effect, South Korea and the UK reach a data adequacy agreement, and Apple and Google face market abuse class actions in Australia – plus other key updates.
Lexology PRO looks at some of the most useful updates covering the Asia-Pacific region published on Lexology in the last fortnight for compliance teams to stay up-to-date on compliance issues, including data protection, competition and antitrust, anti-corruption and anti-money laundering.
China
Amendments to China's Anti-Monopoly Law 2008 (Chinese language only) will take effect on 1 August 2022 which significantly increases maximum fines for misconduct and introduces a new merger notification regime. Gun-jumping fines are increasing to 5 million yuan, up from 500,000 yuan, and businesses that fail to implement anticompetitive remediation agreements risk fines of up to 3 million yuan. Other amendments largely align with EU counterparts and a detailed analysis of all the changes is available here.
On 21 July 2022, the Cyberspace Administration of China (CAC) imposed an RMB 8.026 billion fine (approximately US$1.19 billion) on ride-hailing business Didi Global (Chinese language only), finding that the company violated China’s Network Security Law 2016, Data Security Law 2021 and Personal Information Protection Law 2021. The fine concludes a year-long investigation into Didi Global’s data practices, which found the business excessively collected data, including using facial recognition technology, and failed to implement reforms when its failings were identified.
Businesses both in China and overseas need to prepare for upcoming compliance deadlines following the release of further measures clarifying requirements for cross-border data transfers. Read Lexology PRO’s analysis of the new measures here.
China is continuing its antitrust crackdown against technology companies as the State Administration for Market Regulation issued fines for 21 companies (Chinese language only) for failing to notify relevant acquisitions and joint ventures. This includes fines for technology giants Alibaba and Tencent.
Singapore
Singapore’s Personal Data Protection Commission (PDPC) has published a guide on personal data protection considerations for blockchain design. The guide highlights that some of the benefits of using blockchain technology, such as the difficulty of changing data stored on the blockchain, can pose unique challenges for complying with data protection laws.
The PDPC and The Infocomm Media Development Authority have together launched a Privacy Enhancing Technologies (PETs) Sandbox to support businesses who wish to pilot PET projects that address common business challenges. PETs allow the extraction and sharing of insights, while protecting personal data and commercially sensitive information. The PET Sandbox will match-make use case owners to solution providers and provide grants and regulatory support.
South Korea
South Korea has reached an agreement with the UK which means businesses can transfer data between the two jurisdictions without contractual safeguards. The aim of the agreement is to “unleash digital trade between the UK and Republic of Korea, already worth more than £1.3 billion” according to the UK government news release.
Six logistics companies are being fined €4.9 million for a bid-rigging scheme in South Korea in which the companies colluded to provide the country’s largest steelmaker with logistics services. The Korean competition authority found that the companies agreed on which of them would win bids to prevent a drop in contract prices that would have resulted from a competitive market.
Australia
Apple and Google are facing parallel class action claims in Australia over allegations that the companies are abusing their market power by imposing supercompetitive commission rates for in-app purchases.
New requirements for mandatory reporting of cybersecurity incidents have come into force in Australia which apply to regulated entities under Part 2b of the Security of Critical Infrastructure Act 2018 (SOCI Act). The SOCI Act came into force on 8 April 2022 with a grace period of three months which ended on 8 July 2022. Critical cybersecurity incidents need to be reported within 12 hours and other cybersecurity incidents must be reported within 72 hours of becoming aware of them.
The Office of the Australian Information Commissioner is investigating Bunnings Group and Kmart Australia in response to a report from consumer advocacy group CHOICE about the retailers’ use of facial recognition technology.
Japan
On 30 June 2022, Japan’s Fair Trade Commission issued guidelines for the promotion of competition in the telecommunications sector (Japanese language only).
Malaysia
Malaysia’s competition watchdog has accepted commitments by two of the country’s largest mobile service providers following their proposed €11.6 billion merger. The merging companies have committed to divesting 70MHz of spectrum across three bands and will be selling off one of the company’s prepaid Yoodo brands within 18 months of the merger closing (Malay language only).
Hong Kong
The Competition Commission has welcomed the orders granted by the Competition Tribunal in proceedings concerning price-fixing tourist attractions and transportation services ticket sales at hotels in Hong Kong. The companies involved had been issued pecuniary penalty orders but these were reduced due to “their admissions of the infringing conduct, cooperation during the investigation process and the savings to public funds resulting from their cooperation”. The case serves as a good example of the benefits of cooperating early with authorities on cartel conduct and price fixing.
The data protection authorities of Hong Kong and Singapore renewed their Memorandum of Understanding (MOU) governing the authorities’ cooperation on data protection issues on 13 July 2022. Under the MOU, the authorities commit to collaborating across a range of areas including:
- information sharing on best practices involving data protection policies and enforcement actions;
- coordination and mutual assistance in joint investigations into cross-border personal data incidents; and
- education and training.
Check out this article which looks at the rules on cross-border data transfers between Hong Kong and mainland China.