On 22 March 2024, the CAC published the final version of the Provisions on Promoting and Regulating Cross-Border Data Flows which took effect immediately and follows the draft published for consultation in September 2023. On...more
China’s CAC and Hong Kong’s ITIB jointly released GBA SCCs, which may be adopted to transfer personal information between entities within the GBA.
On December 13, 2023, the People’s Republic of China’s (PRC’s) Cyberspace...more
China’s CAC publishes guidance on cross-border data transfers, including draft standard contractual clauses and regulatory guidance on certification and security assessment.
Key Points:
..Security Assessment:...more
8/9/2022
/ Certification Requirements ,
China ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Security ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Standard Contractual Clauses
Under the new rules Chinese NPOs holding more than 1 million individuals’ personal information must apply for a cybersecurity review prior to listing abroad.
Key Points:
..Chinese network platform operators (NPOs) holding...more
The Personal Information Protection Law, or PIPL, imposes stringent obligations of a similar standard to the GDPR and will take effect on November 1, 2021.
Key Points:
..Extraterritorial effect: PIPL applies to those who...more
The Data Security Law will enhance an increasingly comprehensive legal framework for information and data security in the PRC.
Key Points:
Notably, the DSL:
..Applies to a wide range of data and data activities, with...more
7/22/2021
/ China ,
Compliance ,
Countermeasures ,
Cybersecurity ,
Data Security ,
International Data Transfers ,
Jurisdiction ,
New Legislation ,
Popular ,
Regulatory Oversight ,
Statutory Penalties
The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft...more
The current draft grants Chinese regulators broad discretion to prohibit data transfers.
Key Points:
..The draft requires both the consent of the data subjects and/or the permission of the regulators for any...more