The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
On 22 March 2024, the CAC published the final version of the Provisions on Promoting and Regulating Cross-Border Data Flows which took effect immediately and follows the draft published for consultation in September 2023. On...more
The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
Cross-border transfer of evidence in litigation or arbitration proceedings is no longer innocuous in today’s world, with countries frequently at odds with each other over data security regulations. This was unexpected a...more
China is seeking to take a significant step to relax the compliance burden on multinational corporations (MNCs) regarding data export from China by allowing: (i) certain routine data exports for daily business operation or...more
At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of...more
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
China’s stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China’s Cybersecurity Law, and the passage of the Data Security Law...more
The Cyberspace Administration of China (“CAC”) on August 3, 2023 published the draft Administrative Measures for Personal Information Protection Compliance Audits (“draft Measures”) for public comment through September 2,...more
On 1 June 2023, new measures explaining the requirements for using the standard contract (China Standard Contract) mechanism to legally export personal information from China as well as the form of the “standard contract”...more
On June 29, 2023, the Cyberspace Administration of China ("CAC") and the Innovation, Technology and Industry Bureau of the Hong Kong Special Administrative Region ("Hong Kong") Government ("HKITIB") signed the Memorandum of...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
On 30 May 2023, the Cyberspace Administration of China (the “CAC”) published guidance for the use of the Standard Contractual Clauses applicable to international transfers of personal information from mainland China (the...more
In February 2023 Cyberspace Administration of China (the “Cyberspace Administration”) published rules on Standard Contractual Clauses for transfer of personal information to third countries pursuant to China’s Personal...more
On April 11, 2023, the Cyberspace Administration of China (CAC) issued draft Administrative Measures for Generative Artificial Intelligence Services (“Draft AI Measures”)....more
As part of our Spotlight series, we welcome Todd Liao, a partner in our Shanghai office who works with clients on a wide range of complex commercial and financial transactions and legal issues involving China. Todd is a...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more
As the data protection regime in China continues to evolve, so do the individual privacy rights of employees. A Beijing appellate court recently rejected an employer’s ability to use—without the employee’s informed...more
On February 24, the Cyberspace Administration of China (CAC) released the final version of the Standard Contract Clauses for Cross-Border Transfer of Personal Information (the SCCs) and the Measures for the SCCs (the...more
On February 24, 2023, the Cyberspace Administration of China ("CAC") released the final version of the Measures on the Standard Contract for the Cross-border Transfer of Personal Information ("SCCs Measures") along with the...more
On February 24, 2023, the Cyberspace Administration of China ("CAC") issued the long-awaited Measures on the Standard Contract for Outbound Cross-Border Transfer of Personal Information ("Measures")....more