Hui Xu on International Data Transfers

China Finalises Exemptions to Cross-Border Data Transfer Rules and Eases Restrictions

On 22 March 2024, the CAC published the final version of the Provisions on Promoting and Regulating Cross-Border Data Flows which took effect immediately and follows the draft published for consultation in September 2023. On...more

7/10/2024 / China , Data Privacy , Exemptions , Final Rules , International Data Transfers , Personal Information Protection Law (PIPL) , Sensitive Personal Information , Standard Contractual Clauses , Threshold Requirements

China and Hong Kong Publish Standard Contract for Transferring Personal Information Within GBA Area

China’s CAC and Hong Kong’s ITIB jointly released GBA SCCs, which may be adopted to transfer personal information between entities within the GBA. On December 13, 2023, the People’s Republic of China’s (PRC’s) Cyberspace...more

2/2/2024 / China , Cybersecurity , Data Breach , Hong Kong , International Data Transfers

China Unveils Draft Standard Contract and Provides Clarifications on Cross-Border Data Transfer Mechanisms

China’s CAC publishes guidance on cross-border data transfers, including draft standard contractual clauses and regulatory guidance on certification and security assessment. Key Points: ..Security Assessment:...more

8/9/2022 / Certification Requirements , China , Cybersecurity , Data Privacy , Data Processors , Data Security , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Information , Personal Information Protection Law (PIPL) , Standard Contractual Clauses

China Issues New Rules on Cybersecurity Review for Network Platform Operators Listing Abroad

Under the new rules Chinese NPOs holding more than 1 million individuals’ personal information must apply for a cybersecurity review prior to listing abroad. Key Points: ..Chinese network platform operators (NPOs) holding...more

3/4/2022 / China , China Securities Regulatory Commission (CSRC) , Cybersecurity , Data Protection , Data Security , International Data Transfers , New Rules , Popular

China Introduces First Comprehensive Legislation on Personal Information Protection

The Personal Information Protection Law, or PIPL, imposes stringent obligations of a similar standard to the GDPR and will take effect on November 1, 2021. Key Points: ..Extraterritorial effect: PIPL applies to those who...more

9/8/2021 / China , Data Processors , EU , General Data Protection Regulation (GDPR) , International Data Transfers , Jurisdiction , Personal Information , Personal Information Protection Law (PIPL) , Proposed Legislation

China’s New Data Security Law: What to Know

The Data Security Law will enhance an increasingly comprehensive legal framework for information and data security in the PRC. Key Points: Notably, the DSL: ..Applies to a wide range of data and data activities, with...more

7/22/2021 / China , Compliance , Countermeasures , Cybersecurity , Data Security , International Data Transfers , Jurisdiction , New Legislation , Popular , Regulatory Oversight , Statutory Penalties

China Issues Draft Measures to Restrict the Overseas Transmission of Personal Data

The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft...more

4/28/2017 / China , Draft Guidance , International Data Transfers , Personal Data

China Publishes Draft Measures Restricting Outbound Data Transfers

The current draft grants Chinese regulators broad discretion to prohibit data transfers. Key Points: ..The draft requires both the consent of the data subjects and/or the permission of the regulators for any...more

4/17/2017 / China , International Data Transfers , Personal Data , Proposed Regulation

Hui Xu

Latham & Watkins LLP

Popular Topics by This Author

Latest Posts › International Data Transfers