Exam CIPP-A topic 1 question 71 discussion

Outsourced Data India amendments were brought in the information Technology Act, 2000 to provide the measures for data protection in India which may assuage the fears of misuse of data / information being dealt with by the outsourcing industry or the IT Sector or during the e-commerce for the time being.. Hongkong The Personal Data (Privacy) (Amendment) Ordinance 2012 provides enhanced protection in this respect by introducing, with effect from 1 October 2012, additional obligations on data users to use contractual or other means to monitor their data processors' compliance with data protection requirements. Singapore the relevant obligations under the Personal Data Protection Act (PDPA) and key considerations for organisations (i.e., Data Controllers) which outsource data processing activities to other entities (i.e., Data Intermediaries). Data Controllers (DC) that ensure accountability1 through their management of Data Intermediaries (DI) provide greater assurance for customers and enhance their business competitiveness.

Children's data India Section 9 of the PDPA specifically deals with the processing of the personal data of a child. It states that before any such processing takes place, verifiable consent needs to be taken from the parent of the child. Hongkong The Special Needs of Children Children are often identified as a vulnerable group who have special requirements in privacy protection, particularly in the context of online activities. When interacting with children, data users should bear in mind children’s vulnerability and consider adopting the following age-appropriate approaches to make sure that they protect and respect children’s personal data. Singapore's Personal Data Protection Commission released an advisory guide on how to comply with the children's privacy rules in the Personal Data Protection Act of 2012.

Extraterritorial effect SINGAPORE The Act has extraterritorial effect, meaning it applies to organizations collecting, using or disclosing personal data in Singapore whether or not the organization itself has a physical presence or is registered as a company in Singapore. India While the DPDP Act is applicable to Indian entities which engage in the processing of personal data, it also has extra-territorial applicability, applying to foreign entities who offer goods and services to Data Principals (as defined below) located within the territory of India and process personal data in connection to such activities. Hongkong The PDPO does not have extraterritorial effect and only applies to data users who control the collection, holding, processing or use of PI

Should be D. Extraterritorial data refers to data that is stored or processed outside the jurisdiction where the privacy laws apply. These laws often focus on data within their own territorial boundaries rather than data stored or processed abroad. Therefore, the protection of extraterritorial data is not explicitly mentioned in the privacy laws of these countries.