Photo of Scott Warren

Scott Warren

Contact:Read more about Scott Warren

On November 13, 2025, the Government of India formally brought into effect the much-awaited Digital Personal Data Protection Rules, 2025 (Rules). The Rules enforce the Digital Personal Data Protection Act, 2023 (DPDP Act) and provide practical guidance on how to comply with certain provisions of the DPDP Act. Together, they implement binding legislation that regulates the management of digital personal data[1] in and from India.Continue Reading India Passes the Digital Personal Data Protection Rules, Ushering in a New Digital Age in India 

On October 6, 2025, the “Preventing Access to U.S. Sensitive Personal Data and Government Related Data by Countries or Concern or Covered Persons” Rule released by the U.S. Department of Justice (DOJ) (DOJ Rule) will be fully in force. Is your organization ready?

During the first half of 2025, numerous clients reached out to find out if they are in scope for the DOJ Rule. Therefore, we developed, refined and applied a step-by-step process for assessing whether and when the DOJ Rule applies. As we applied this process, we learned that many clients operating only in the U.S. were surprised to learn that the DOJ Rule applies to their operations. U.S. clients operating internationally were less surprised, and many had started compliance efforts and/or were planning steps to modify their business operations to minimize or eliminate prohibited transactions.  Clearly, businesses operating in both “countries of concern” and in the U.S. face the biggest compliance uplift and have been the most active.Continue Reading Countdown to October 6th: Fewer than 60 days until the DOJ’s Bulk Sensitive Data and Government Related Data Rule is fully in force

The Asia Data Privacy Team were privileged to attend the IAPP Asia 2025 Privacy Forum and AI Governance Global event. Alongside friends and colleagues – and against the beautiful backdrop of the Marina Bay Sands Expo and Conference Centre – we developed our knowledge on the latest regional developments across privacy and AI. The key theme coming out of the event is that AI is here to stay – and developing a compliance approach, including one which is based off any existing privacy program, is critical to effective and trustworthy use of any technology (including AI). All sessions at the IAPP were invaluable, but we particularly enjoyed the opening session from Denise Wong, Deputy Commissioner of Singapore’s PDPC, and her overview of the Commission’s pragmatic approach to privacy, including the recent launch of a Global AI Assurance Sandbox and adoption guide for Privacy Enhancing Technologies. We appreciated the deep insights taken from presentations on children’s privacy (moderated by Claire Tan Chu Wen at Lenovo) and AI cybersecurity (with excellent input from Jun Chu at Google and Hailun Ying at Roblox in particular). We would be remiss not to mention the wonderful session on South Korea’s new AI law and global AI implementation moderated by our APAC Head of Data Privacy, Scott Warren, in conversation with Sun Hee Kim from Yulchon – participants came away with a clear understanding of how to comply with South Korea’s fascinating new regulations and to implement AI in a global setting. Continue Reading IAPP Singapore Squire Patton Boggs Events – APAC Data Protection: A focus for clients and our firm

The Ministry of Electronics and Information Technology (MeitY) has recently released the much-awaited draft of the Digital Personal Data Protection Rules, 2025 (Rules) for public consultation. These proposed Rules provide important insights into the upcoming implementation of India’s new data protection law, which has been under development for some time.

The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) marks a significant shift in India’s data privacy landscape, laying the foundation for a comprehensive framework governing the collection, use and management of personal data.Continue Reading The Impact of India’s New Digital Personal Data Protection Rules

In September 2024, the Guangzhou Internet Court released its ruling on a civil dispute that was originally issued in September 2023, involving the transfer of personal data outside mainland China. This judgment is reportedly the first judicial judgment on cross-border data transfers.

In this case, an international hotel group based in France, as the defendant, was found liable for illegally transferring the personal data of the plaintiff, an individual Chinese customer, to third parties outside of China for the purpose of marketing, without obtaining the customer’s separate consent prior to providing the data.Continue Reading Court Ruling in China on Personal Data Transfer by International Hotel Chain

Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, with its draft regulations proposing to ease outbound data transfers from China (Draft Regulations) (see our article at China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers | Privacy World), the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024 (New Regulations). The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.

Meanwhile, on the same day, the CAC also released the Guide to the Application for Security Assessment of Data Exports (Second Edition) and the Guide to the Filing of the Standard Contract for Personal Data Exports (Second Edition) (collectively, the Second Edition Guides) which make corresponding adjustments pursuant to the New Regulations.Continue Reading China Finalizes New Regulations to Relax Personal Data Exports from China

On January 23, 2024, the Japan Agency for Cultural Affairs (ACA) released its draft “Approach to AI and Copyright” for public comment, to clarify how ingestion and output of copyrighted materials in Japan should be considered. On February 29, 2024, after considering nearly 25,000 comments, additional changes were made. This document, created by an ACA

Scott Warren, a Partner in our Japan and China offices, will chair and speak at the Thailand & SE Asia 5th International Arbitration & Corporate Crime Summit on March 14, 2024 at the Rembrandt Hotel & Suites in Bangkok. 

Scott’s presentation is entitled Everything, Everywhere, All the Time: How Digital Data Regulations Affect

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready