On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
10/14/2024
/ China ,
Consent ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Personal Information ,
Sensitive Personal Information
On March 22, 2024, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Provisions on the Promotion and Regulation of Cross-Border Data Flows (the “Final Provisions”), bringing to conclusion the...more
3/27/2024
/ China ,
Compliance ,
Consultation ,
Corporate Counsel ,
Cybersecurity ,
Exemptions ,
Filing Requirements ,
Free Trade Zone ,
International Data Transfers ,
Multinationals ,
Personal Information ,
Security Risk Assessments ,
Standard Contractual Clauses ,
Threshold Requirements
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
10/13/2023
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Popular ,
Standard Contractual Clauses
The Cyberspace Administration of China (“CAC”) on August 3, 2023 published the draft Administrative Measures for Personal Information Protection Compliance Audits (“draft Measures”) for public comment through September 2,...more
On February 24, 2023, the Cyberspace Administration of China (“CAC”) officially promulgated the Standard Contract Measures for the Export of Personal Information (the “SCC Measures”), which will come into effect on June 1,...more
Article 38 of China’s Personal Information Protection Law (“PIPL”) enacted in 2021, which is more demanding than GDPR in Europe, provides three channels to conduct the outbound transfer or export of personal information...more
2/24/2023
/ Certification Requirements ,
China ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Security ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Standard Contractual Clauses
On December 16, 2022 – less than six months after the initial version (“V1.0”) was released in June 2022, and within six weeks after the draft revision was issued on November 8 – the National Information Security...more
Outbound Data Transfer Security Review Measures -
On July 7, 2022, the Cybersecurity Administration of China (“CAC”) issued the Outbound Data Transfer Security Assessment Measures (“Security Assessment Measures”) effective...more
7/27/2022
/ China ,
Contract Terms ,
Cybersecurity ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Popular ,
Public Comment ,
Sensitive Personal Information ,
Standard Contractual Clauses
The Ministry of Industry and Information Technology (“MIIT”), following the first round of public comments which concluded on October 30, 2021, published a new draft of the Administrative Measures on Data Security in the...more
The Cyberspace Administration of China (“CAC”) on November 14, 2021 published the draft Regulations on the Administration of Network Data Security (“Draft Regulations”) for comment through December 13, 2021.1 The Draft...more
12/7/2021
/ China ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Extraterritoriality Rules ,
International Data Transfers ,
National Security ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Proposed Regulation ,
Regulatory Requirements
The Cyberspace Administration of China (“CAC”) on October 29, 2021 published the draft Measures on Security Assessment of Cross-Border Data Transfer (“Draft Measures”) for comment through November 28, 2021. The Draft Measures...more
11/3/2021
/ China ,
Cross-Border ,
Cybersecurity ,
Data Security ,
Data Transfers ,
International Data Transfers ,
Personal Information ,
PIPA ,
Popular ,
Proposed Regulation ,
Regulatory Authority
China’s Personal Information Protection Law (PIPL or the final version), following the first two readings in October 2020 and April 2021, was adopted on August 20, 2021 and will become effective on November 1, 2021. The final...more
8/31/2021
/ China ,
Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Employee Privacy Rights ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Treaties ,
New Legislation ,
Personal Data
The Standing Committee of China's National People’s Congress (NPC) on June 10 enacted the Data Security Law (DSL) which will come into effect on September 1. The NPC reviewed two earlier drafts of the DSL in July 2020 and...more
6/16/2021
/ Blocking Statutes ,
China ,
Countermeasures ,
Cybersecurity ,
Data Security ,
Extraterritoriality Rules ,
International Data Transfers ,
Multinationals ,
National Security ,
New Legislation ,
Personal Information ,
Proposed Legislation
The Cyberspace Administration of China (CAC) on May 12 issued the Draft Provisions on the Management of Automobile Data Security (Draft Provisions) for public comment through June 11. The Draft Provisions aim to regulate the...more
On April 26, the second draft of the Data Security Law was submitted to the Standing Committee of the National People’s Congress for deliberation through May 28, 2021. Compared to the first draft submitted in July last year,...more
5/10/2021
/ China ,
Corporate Counsel ,
Data Protection ,
Data Security ,
Document Productions ,
International Data Transfers ,
Legislative Agendas ,
Multinationals ,
Personally Identifiable Information ,
Regulatory Agencies ,
Regulatory Agenda
The State Administration for Market Regulation (SAMR) and Standardization Administration of China (SAC) jointly published the Information Security Technology – Personal Information Security Specification (GB/T 35273-2020) (PI...more