Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
On April 8, the National Security Division of the U.S. Department of Justice’s (DOJ) new rule on cross-border data transfers takes effect. It restricts U.S. businesses from transferring certain bulk sensitive personal data to...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
In Part I of our alert about China’s new safe harbor rules, we discussed key developments between the draft Provisions on Regulating and Facilitating Cross-Border Data Flow (Chinese version only) and the Provisions on...more
Six months after the Cyberspace Administration of China (the CAC) sought public consultation on the draft Provisions on Regulating and Facilitating Cross-Border Data Flow (the Draft Provisions, Chinese version only), the...more
A data controller that is not a critical information infrastructure operator that cumulatively exports personal information (excluding any sensitive personal information) of less than 100,000 individuals since January 1 of...more
Chinese government data privacy officials recently implemented Guidelines for Filing of Standard Contracts for Export of Personal Information that carry significant consequences for non-compliance – which means organizations...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more
In our previous posts, we discussed what data export activities are subject to scrutiny assessment (CAC Assessment) conducted by the Cyberspace Administration of China (CAC) (see Part 1) and examined what companies must do...more
With the rapid development of the global digital economy, multinational companies (MNCs) have been forced to find legally compliant ways to transfer data across borders. In the past, many MNCs relied on data transfer...more
The transfer mechanisms drive home China’s focus on data localization, as the measures all set forth cumbersome procedures and requirements, including security assessments and required contractual considerations. Despite...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
Last week’s blog detailed the wave of state legislation that occurred in the U.S. during 2021. It is no surprise that there were also many data privacy developments abroad. It is crucial that organizations affected by...more
Multinational pharmaceutical companies, by nature of their business, handle a great deal of data, often transferred across borders, whether based on research, clinical trial data, and employee personal data....more