Global Updates – October 2022
Global updates – a quick glance
Australia: Superannuation guarantee contributions rate increased from 10% to 10.5% and minimum earnings threshold of AUD 450 removed with effect from July 1, 2022.
Canada: Bill C-19 mandates reporting the details of individuals with significant control (“ISC”) to authorities.
Croatia: Amendment to the Maternity and Parental Support Act, introduced paternity leaves of 10 days effective from September 1, 2022.
- Beneficial Owners Registration Act (“UBO Act”) amended with effect from October 1, 2022, mainly to extend the scope of UBO definition.
- Czech government increases meal allowances and compensation for work trips with effect from August 20, 2022.
Denmark: Family care leave introduced from August 2, 2022; Changes made to maternity, paternity leave.
France: Covid sick leave without a waiting day extended until December 31, 2022.
Germany: From August 1, 2022, limited liability companies can be formed/incorporated digitally.
Hong Kong: Hong Kong’s Companies Registry revises 26 forms and introduces new Form AD for the correction of typographical errors in registered information.
Hungary: New requirement to provide transfer pricing information as a part of Annual Corporate Income Tax introduced.
- Effective from October 1, 2022, the e-invoicing turnover threshold lowered to INR 100 million.
- India withdraws the Personal Data Protection Bill, 2019 on August 3, 2022, with an intent to have a more comprehensive law in future.
- Effective from September 15, 2022, Small Company definition amended by raising the paid-up capital and turnover limit to INR 40 million and 400 million, respectively.
- Ministry of Corporate Affairs introduces rules for physical verification of company’s registered office.
Indonesia: Indonesia’s Personal Data Protection Law is effective from October 17, 2022, with a transition period of 2 years.
- Parental leave extended from 5 weeks to 7 weeks, effective from July 2, 2022.
- Ireland’s budget announced for the year 2023. The Budget introduces changes in federal income tax slab thresholds for 2023; Key tax rates remain unchanged.
Israel: Three-tiered transfer pricing documentation requirement under Base erosion and profit shifting (BEPS) introduced.
- Implementation of EU Working Conditions Directive with effect from August 13, 2022.
- Parental leave changes effective from August 13, 2022.
Lithuania: Labor code amended affecting employment policies to maintain a healthy work-life balance, protection of employee rights, new leave policies, etc., with effect from August 1, 2022.
- Malaysia’s budget announced for the year 2023 with following proposals:
- Corporate tax rate for taxable income up to RM 100,000 proposed to be reduced from 17% to 15%; Changes to personal tax rates announced.
- E-invoicing to be introduced in a phased manner starting from 2023.
- Employment Act applicable to all employees irrespective of their salaries effective from September 1, 2022.
- Lower house passed legislation making working from home lawful; Senate approval pending.
- Tax Plan 2023 containing the changes to Personal Income Tax, Corporate Tax, Tax Credits etc. presented to Lower House.
- The Transparent and Predictable Employment Conditions Act becomes effective on August 1, 2022.
Peru: Regulations on teleworking/ remote working amended in Peru, to include detailed provisions on remote working for employees.
Philippines: Reporting deadlines of annual security incident reports announced for the years of 2018 to 2022.
- Amendments to Law on Personal Data (Law No. 152-FZ On Personal Data) effective from September 1, 2022.
- Russia relaxes conditions for “ultra-low tax regime” applicable to the qualifying Information Technology (“IT”) companies.
Singapore: Amendments to Country-by-Country (“CbC”) reporting notification requirement for financial years beginning on or after January 1, 2022.
Slovakia: Fathers to get 2-week paid leave after childbirth regardless of maternity benefit received by the mother, with effect from November 1, 2022.
South Korea: Effective from July 1, 2022, South Korea revises maximum and minimum salary ceilings for contributions to national pension.
Spain: The business to business (“B2B”) e-invoicing will be mandatory for all companies gradually over a period of 2 years starting from 2024.
Switzerland: Revised Federal act on data protection 1992 (‘Revised FADP’) to be effective from September 1, 2023.
Taiwan: Maximum insured amount for universal health insurance (part of social security contribution) has been revised to TWD 219,500 effective from July 1, 2022.
Thailand: Thailand enacts subordinate regulations under Personal Data Protection Act laying down rules for maintenance of records for data processing activity, data security measures and exemptions from recordkeeping obligations.
- VAT Flat Rate Scheme (“FRS”) introduced to reduce administrative burden on small businesses.
- National Insurance Contribution (“NIC”) to be reduced by 1.25% for both employee and employer from November 2022, National Social and Health Care levy repealed; Full Fiscal statement to be announced on November 17, 2022.
Vietnam: Implementing Law on Cybersecurity effective from October 1, 2022, in Vietnam.
|Data Protection Fines Table|
|Country||Authority Name||Fine imposed on||Reason For Fine Related to Data Protection Failure||Amount of Fine|
|China||Cyberspace Administration of China (“CAC”)||A mobile transportation company that offers app-based transportation services, namely Didi Chuxing Technology Co., Ltd.||Fine was imposed for illegally collecting personal information and undertaking data practices that threatened the country’s national security.||CNY 8 billion|
|Croatia||The Personal Data Protection Agency (“AZOP”)||Unnamed telecommunications service provider||Fine was imposed for the following reasons:|
Failure to implement appropriate safeguards for the protection of personal information
Failure to properly design the processing system;
Failure to execute prescribed organizational measures contained in internal policy.
|HRK 2.15 million|
|France||The French Data Protection Authority (Commission nationale de l’informatique’et des libertés/CNIL)||A multinational company engaged in the hospitality sector, namely Accor S.A.||Fine was imposed for failure to obtain consent from data subjects, failure to respond to the requests from data subjects within the specified time frame, failure to secure data through adequate security measures, etc.||EUR 600,000|
|France||The French Data Protection Authority (Commission nationale de l’informatique et des libertés/CNIL)||A Company primarily engaged in providing legal and official information publishing service, namely Infogreffe||The fine was imposed for failure to implement adequate data security measures in relation to processing of personal data and data retention violation||EUR 250,000|
|Ireland||The Data Protection Commission (“DPC”)||Meta Platforms Ireland Limited, a multinational Information Technology company.||Fine was imposed for failure to protect children’s privacy on the company’s social media site of Instagram.||EUR 405 million|
|Russia||The Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskmonadzor’)||Apple Inc., an American multinational technology company specializing in consumer electronics, software, and online services.||Fine was imposed for refusal by the company to provide details and documents confirming about the storage and processing of personal data of Russian users.||RUB 2 million|
|Russia||The Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskmonadzor’)||WhatsApp LLC, a company in the social media service industry.||Fine was imposed for repeated failure to comply with the data localisation rules under the Law on Personal Data.||RUB 18 million|
|Russia||The Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskmonadzor’)||Snap Inc., an American camera and social media company and Hotels.com L.P., a multinational company which is a part of the Expedia Group of travel companies.||Fine was imposed for failure to provide documents confirming about the storage and processing of personal data of Russian users.||RUB 1 million each|
|Russia||Match Group, LLC., a multinational technology company.||Fine was imposed for failure to provide documents confirming about the storage and processing of personal data of Russian users.||RUB 2 million|
|Russia||Spotify AB, an audio streaming, and media service provider company||Fine was imposed for failure to provide documents confirming about the storage and processing of personal data of Russian users.||RUB 500,000|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Cut and Sew Apparel Manufacturing company, namely Andar Co., Ltd.||Fine was imposed for the following reasons:|
Unlawfully used the “Resident Registration Numbers”
failed to notify the leakage of personal information.
|KRW 11 million|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Cheongju City Hall, town hall in the city of Cheongju, South Korea||Failure to delete personal data after the expiry of the retention period.||KRW 9.6 million|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Yescall.com, a software development and online advertising company.||Failure to implement appropriate safeguards for the protection of personal information.||KRW 6 million|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Sportswear and shoes manufacturing company, namely Adidas Korea Co. Ltd||Fine was imposed for the following reasons:|
failure to implement appropriate safeguards for the protection of personal information.
Delayed reporting of the breach i.e. leaked personal data.
|KRW 10 million|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Balan Co., Ltd., operating online luxury shopping mall||Fine was imposed for the following reasons:|
violated the requirements associated with personal information leakage notification.
failure to implement appropriate safeguards for the protection of personal information.
|KRW 527 million|
|South Korea||The Personal Information Protection Commission (“PIPC”)||Google LLC (a search engine technology) and Meta Platforms Inc (builds technologies that help in connecting people and growing businesses).||Fine was imposed for the collection and analysis of personal behavioural information without users’ prior consent.||KRW 100 billion|