Photo of Scott Warren

Scott Warren

Recently, the Cyberspace Administration of China issued new comprehensive provisional measures, which went into effect on August 15, 2023, and govern the development and use of generative AI (GAI) in China. The measures cover “GAI services” (including foreign-invested GAI services) provided within the PRC, including the text, pictures, audios, videos and other content they generate.

Our global data team has prepared a practical guide that compares three standard contracts, as a means of facilitating international data transfers, namely:

  • The EU’s standard contractual clauses (effective since June 2021)
  • The People’s Republic of China’s (PRC) standard contract (issued in March 2023)
  • The Association of Southeast Asian Nations’ (ASEAN) model contractual clauses (published in January 2021).


Continue Reading A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers

On May 30th, the Cybersecurity Administration of China (CAC) issued details of the format for filing with the government the documentation necessary for the export of Personal Information collected in China.  This guide acts to supplement the requirements set forth in the February 24, 2023 regulations, which came into effect on June 1, 2023 (though there is a 6-month extension allowed for existing data transfers).
Continue Reading China Issues Guidelines for Submitting the Personal Information Protection Impact Assessment for Data Exports

The Philippines’ National Privacy Commission (NPC) has released for public comment two sets of draft guidelines on:

  • Consent as a basis for processing personal data (Consent Guidelines)[1]
  • The issuance and use of identification cards by private organizations (ID Cards Guidelines)[2]

Consent Guidelines

Consent is acknowledged as the most common criterion for processing personal

China recently released its China Standard Contract for Export of Personal Information (China SCs), which are required to export any personal information (unless stricter rules apply such as critical information and/or large volume personal data).  As the template is only in Chinese, we created this bilingual draft to assist in understanding its content and the

At long last, China has issued the Standard Contract terms and the Measures for implementing them. Click here for more detailed analysis, but, in short:

  1. They apply to any personal information data export from China, except those of a heightened concern (i.e. critical information or large volume and/or sensitive data transfers) or where a voluntary

On December 1st, CPW’s Tokyo partner, Scott Warren, will be speaking at the 8th Annual International Arbitration & Corporate Crime Summit, hosted by LegalPlus, in Tokyo, Japan. 

In his topic “Cyber Breach Response, Regulatory Investigations and Disputes,” Scott will discuss top items in preparing for and responding to data incidents, along with effective

CPW’s Kristin BryanScott Warren, and James Brennan will be key speakers at the Global Legal ConfEx on “GRC, Data Privacy & Cyber Security” on Thursday, November 17, 2022, in San Francisco.  

Continue Reading CPW’s Kristin Bryan, Scott Warren, and James Brennan to Speak at Conference on Data Privacy, Cybersecurity, and Governance, Risk & Compliance

Join CPW’s Scott Warren at the 12th International Cybersecurity Symposium as he leads a panel of experts in a  session on “Practical Steps to Creating Real Social, Economic and National Security in Japan” in-person at Keio University in Tokyo, Japan, on October 14, 2022, at 4:00 pm JST.

Squire Patton Boggs partner and chair of

Cross-border data privacy laws have grown much more complicated due to the implementation of so many new and amended laws in jurisdictions globally.  The US and EU are now just the tip of the iceberg.

Here is an article by Allison Grande of Law360 discussing several important ones and quoting our partners Malcolm Dowden (UK)