In August 2024, China Judgements Online published a ruling issued by the Guangzhou Internet Court on September 8, 2023, in a case widely regarded as China’s first judicial decision addressing cross-border personal information...more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
The Guangzhou Internet Court (the “Court”) recently issued its first judgment involving the cross-border transfer of personal data under the Personal Information Protection Law (“PIPL”).1 An international hotel group was...more
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through...more
China published the finalized Regulation for the Administration of Network Data Security (Network Data Regulation) on September 30, 2024. This regulation was first released as a draft version dated November 2021. Throughout...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
China is seeking to take a significant step to relax the compliance burden on multinational corporations (MNCs) regarding data export from China by allowing: (i) certain routine data exports for daily business operation or...more
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
China’s stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China’s Cybersecurity Law, and the passage of the Data Security Law...more
On June 29, 2023, the Cyberspace Administration of China ("CAC") and the Innovation, Technology and Industry Bureau of the Hong Kong Special Administrative Region ("Hong Kong") Government ("HKITIB") signed the Memorandum of...more
On 30 May 2023, the Cyberspace Administration of China (the “CAC”) published guidance for the use of the Standard Contractual Clauses applicable to international transfers of personal information from mainland China (the...more
As part of our Spotlight series, we welcome Todd Liao, a partner in our Shanghai office who works with clients on a wide range of complex commercial and financial transactions and legal issues involving China. Todd is a...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more
Introduction - Recent years have brought a dramatic increase in the number of countries that have comprehensive privacy and data security laws. As the world has become increasingly digital, privacy and data protection have...more
The Cybersecurity Administration of China (the "CAC") has published guidelines concerning outbound data transfers of personal information and "important data" from China to other jurisdictions. Businesses must comply with...more
Editor’s Note: On January 18, 2023, HaystackID shared an educational webcast on China’s emerging statutes and regulations governing the processing, disclosure, and transfer of data. As Chinese entities increasingly become...more
China’s emerging statutes and regulations governing the processing, disclosure and transfer of data, under threat of severe penalties, pose significant risks for producing parties. Yet, as Chinese entities increasingly become...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
Hackers allegedly stole the personal data of over 1 billion Chinese residents from a police database in Shanghai earlier this year – and the largest potential data privacy breach in the nation’s history should serve as a...more
As part of a new Asia-Pacific (APAC) Life Sciences and Health Care webinar program designed both for companies with commercial interests in APAC and for companies based in the region, Hogan Lovells is hosting a special...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
We are kicking off Cybersecurity Month early with a masterclass on China’s Personal Information Protection Law (“PIPL”). The PIPL was issued on August 20 and came into effect on November 1, 2021. A year later, PIPL remains...more