Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To It’s now the time to focus on the steps that data controllers need to take to legitimize overseas processing of China personal information via the CAC certification route. Background: While most PRC data controllers should have already identified whether to follow the CAC assessment/approval route …
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to: sign the China SCCs with overseas recipients of …
CHINA: Final China SCCs for CBDT published – What you need to know Read More »
Authors: Carolyn Bigg, Venus Cheung and Fangfang Song Second drafts of the new overarching national personal data protection and data security laws have just been published, and give a clearer picture of the impending new national frameworks in China. 1. Draft Personal Information Protection Law The Draft Personal Information Protection Law (“Draft PIPL”) will – …
The new PRC Encryption Law will come into force on 1 January 2020. It will bring fundamental changes to the sale, import and use of encryption technologies in China by foreign and domestic organizations. The changes specifically bring out the following: Broader scope: the new law now governs encryption products, technologies and services, aligning more …
China: Navigating China: New China encryption law passed Read More »
An updated draft of China’s Amended Personal Information Security Specification (Amended PIS Specification) and proposed new amendments to the privacy specification for mobile apps (App Privacy Specification) were published this week, alongside brand new draft privacy regulations for the banking sector. These drafts will, if implemented, introduce some significant changes to current data protection practices …
China: Navigating China: Further developments in PRC data privacy regulations Read More »
An updated draft of China’s Amended Personal Information Security Specification (“Amended PIS Specification”) and proposed new amendments to the privacy specification for mobile apps (“App Privacy Specification”) were published this week, alongside brand new draft privacy regulations for the banking sector. These drafts will, if implemented, introduce some significant changes to current data protection practices …
CHINA: important new developments in PRC data privacy regulations Read More »
In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …
CHINA: Data and cyber – New guidelines you need to know Read More »
The long awaited new National Standards on Information Security Technology – Personal Information Security Specification GB/T 35273-2017 (“PI Specification”) has now been released, and will come into force on 1 May 2018. This represents the new de facto standard for practical data protection handling, in effect complementing and clarifying the various existing data protection laws …
CHINA: new data protection standard – what you need to know Read More »
Further amendments to the proposed China e-commerce law have been announced which will require e-commerce platform and marketplace providers to provide users with practical mechanisms to access their users’ information, make corrections or deletions of their information, and close their accounts. E-commerce operators will also be prevented from circumventing these requirements though onerous contractual conditions …
CHINA: More changes to China’s looming e-commerce law – it is time to make changes Read More »
The PRC Cybersecurity Law is three weeks old, and non-compliant international businesses are already facing severe consequences. Since 1 June, twenty-two people engaged by a global technology giant have been arrested, and sixty online entertainment news sites have been shut down. The law continues to evolve. The latest guidance provides practical answers to previous areas …
The final countdown is on. The PRC Cybersecurity Law comes into force on 1 June 2017. This date marks a significant evolution in both the legal and enforcement environment for data protection in China, and organisations can no longer afford to ignore it. Indeed, there have been important new developments in the last few weeks …
CHINA: PRC Cybersecurity Law – one week to go, and there are still new developments Read More »
After a third deliberation, the Chinese government passed the new PRC Cybersecurity Law on 7 November 2016. The new law will come into force on 1 June 2017 and has significant implications for the data privacy and cybersecurity practices of both Chinese companies and international organisations doing business in China. The new PRC Cybersecurity Law …
Foreign companies operating in China, or looking to enter the Chinese market, are increasingly concerned as to whether Chinese law restricts cross-border transfers of personal data collected in China. In light of recent developments, is there a growing trend in China towards data localisation? As is generally the case with China’s data privacy framework, there …
