Introducing The Crypto Exchange Podcast
Episode #7 - It's All About Latency: The Future of Data Processing and Storage
Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
Compliance Perspectives: Compliance, GDPR and Brexit
The CCPA for the Land Title Industry: Who Does the CCPA Apply To?
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
China's Cybersecurity Law ("CSL"), Personal Information Protection Law ("PIPL") and Data Security Law ("DSL") set a series of rules and requirements for the cross-border transfer of personal information located in China....more
On February 24, 2023, the Cyberspace Administration of China (“CAC”) released its final version of the Standard Contract Measures for Exporting Personal Information (“Standard Contract Measures”), accompanied by a template...more
In recent years, alongside the rapid development of the digital economy and the concomitant increase in data generation, collection, processing and monitoring in the People’s Republic of China (PRC or China), the Chinese...more
The Personal Information Protection (PIP) Law of the People’s Republic of China (PRC) provides three legal mechanisms for a personal information processor (data controller) in the mainland PRC to transfer personal information...more
Article 38 of China’s Personal Information Protection Law (“PIPL”) enacted in 2021, which is more demanding than GDPR in Europe, provides three channels to conduct the outbound transfer or export of personal information...more
CFIUS reviewed a record number of transactions in 2021 according to its most recent annual report – and shows no signs of slowing down. High technology (including quantum computing), life sciences, and green energy...more
On December 16, 2022 – less than six months after the initial version (“V1.0”) was released in June 2022, and within six weeks after the draft revision was issued on November 8 – the National Information Security...more
In a recent alert, we painted the big picture of the security assessment conducted by the Cyberspace Administration of China (CAC) to data exporting activities from China (CAC Assessment), highlighting what data export...more
Under the PRC Cybersecurity Law, PRC Personal Information Protection Law and PRC Data Security Law, certain organisations (as well as individuals) are now required to conduct a security assessment of outbound transfers of...more
The much-anticipated Security Assessment Measures for Outbound Data Transfers (hereinafter referred to as "the Measures") of China has already come into effect on September 1, 2022, and on the eve of the effective date, the...more
China’s CAC publishes guidance on cross-border data transfers, including draft standard contractual clauses and regulatory guidance on certification and security assessment. Key Points: ..Security Assessment:...more
The Cyberspace Administration of China (CAC) announced on July 21 that it fined China’s ride-hailing giant Didi 8.026 billion yuan ($1.2 billion) for illegally collecting customer information since 2015 and handling data in a...more
The Cyberspace Administration of China (CAC), the country’s internet watchdog, began collecting feedback on the draft provisions with respect to the release of its Standard Contract for Outbound Cross-border Transfer of...more
The transfer mechanisms drive home China’s focus on data localization, as the measures all set forth cumbersome procedures and requirements, including security assessments and required contractual considerations. Despite...more
The Cyberspace Administration of China released for public consultation its long-awaited template for the cross-border data transfer agreement on June 30, 2022, under the draft Provisions on the Prescribed Agreement on...more
In China, personal information (“PI”) may be transferred overseas when it is essential for business operations, subject to a number of conditions as stipulated under the Personal Information Protection Law (2021) (“PIPL”),...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
The Cyberspace Administration of China (the "CAC"), in conjunction with 12 other government departments (collectively, the "Working Mechanism"), issued the New Measures for Cybersecurity Review (the "New Measures") on January...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
China passed its new Data Security Law ("DSL") in June 2021 and its new Personal Information Protection Law ("PIPL") in August 2021. Both new laws impact every business operating in or doing business with China, coupling...more
Multinational entities with operations in or having business with the People’s Republic of China (PRC) should take note of the PRC’s new Personal Information Protection Law (PIPL), which took effect on 1 November 2021 and is...more
Last week’s blog detailed the wave of state legislation that occurred in the U.S. during 2021. It is no surprise that there were also many data privacy developments abroad. It is crucial that organizations affected by...more
The Cyberspace Administration of China (“CAC”) on November 14, 2021 published the draft Regulations on the Administration of Network Data Security (“Draft Regulations”) for comment through December 13, 2021.1 The Draft...more