On 14 March 2025, the Measures for the Labelling of Artificial Intelligence-Generated and Synthetic Content (Measures) was jointly released by four Chinese government agencies, namely the Cyberspace Administration of China,...more
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data...more
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our...more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
2/20/2025
/ China ,
Compliance ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management
On 3 January 2025, the Cyberspace Administration of China (“CAC“) released for public consultation the draft Measures for Certification of Personal Information Protection for Cross-Border Transfer of Personal Information...more
At the Legislative Council Panel on Constitutional Affairs held on 19 February 2024, the Privacy Commissioner (“Commissioner“) reported that the Office of the Privacy Commissioner for Personal Data was working with the...more
It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data...more
Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is...more
We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September...more
On September 9, 2024, China’s National Technical Committee 260 on Cybersecurity released the first version of its AI Safety Governance Framework (the Framework), which was formulated to implement the Global AI Governance...more
9/13/2024
/ Artificial Intelligence ,
China ,
Cybersecurity ,
Data Collection ,
Ethics ,
Innovative Technology ,
Machine Learning ,
Regulatory Oversight ,
Risk Assessment ,
Risk Mitigation ,
Technology Sector ,
Transparency
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
9/3/2024
/ Audits ,
China ,
Compliance ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements
Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI“). While the proposed...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more