Cross-border investigations are rarely straightforward. Legal obligations vary by country, and cultural expectations can shape both access and cooperation. By the time counsel gets involved, the investigation is already...more
On December 6 2025, the CAC released the draft Network Data Security Risk Assessment Measures (Draft for Comments) for public consultation. The measures aim to standardize network data security risk assessment activities,...more
This monthly report outlines key developments in China’s data protection sector for December. The following events merit special attention: On November 22, CAC and the MPS jointly released the Provisions on the Protection of...more
On September 9, 2025, Dior (Shanghai) Co., Ltd. (“Dior Shanghai”) was publicly sanctioned in China for unlawfully transferring personal information (“PI”) overseas. This marks the first administrative penalty in China for...more
On September 9, 2025, China announced the landmark administrative penalty against Dior (Shanghai) over unlawful cross-border transfers of personal information, with the primary violation being the failure to satisfy the...more
As the digital economy continues to thrive and remote work becomes increasingly mainstream, an “offshore model” of business operation has emerged. Under this model, companies may provide services to users in a given...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
Editor’s Note: On January 18, 2023, HaystackID shared an educational webcast on China’s emerging statutes and regulations governing the processing, disclosure, and transfer of data. As Chinese entities increasingly become...more