All data controllers processing personal data under the age of 14 (“minors“) must now submit an annual report to Chinese data regulator, the Cyberspace Administration of China (“CAC“). For 2025, the report must be submitted...more
On September 9, 2025, Dior (Shanghai) Co., Ltd. (“Dior Shanghai”) was publicly sanctioned in China for unlawfully transferring personal information (“PI”) overseas. This marks the first administrative penalty in China for...more
INTRODUCTION - Almost eight years after the Cybersecurity Law (“CSL”) came into force in the PRC in 2017, the Cyberspace Administration of China (“CAC”) issued draft amendments to the CSL (“2025 Draft Amendments”) on 28...more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
China’s stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China’s Cybersecurity Law, and the passage of the Data Security Law...more
The Cyberspace Administration of China (“CAC”) on August 3, 2023 published the draft Administrative Measures for Personal Information Protection Compliance Audits (“draft Measures”) for public comment through September 2,...more