On September 9, 2025, Dior (Shanghai) Co., Ltd. (“Dior Shanghai”) was publicly sanctioned in China for unlawfully transferring personal information (“PI”) overseas. This marks the first administrative penalty in China for...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
China’s stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China’s Cybersecurity Law, and the passage of the Data Security Law...more
The Cyberspace Administration of China (“CAC”) on August 3, 2023 published the draft Administrative Measures for Personal Information Protection Compliance Audits (“draft Measures”) for public comment through September 2,...more
The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement. As of September 2022, all...more