Photo of Lindsay Zhu

Lindsay Zhu

Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, with its draft regulations proposing to ease outbound data transfers from China (Draft Regulations) (see our article at China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers | Privacy World), the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024 (New Regulations). The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.

Meanwhile, on the same day, the CAC also released the Guide to the Application for Security Assessment of Data Exports (Second Edition) and the Guide to the Filing of the Standard Contract for Personal Data Exports (Second Edition) (collectively, the Second Edition Guides) which make corresponding adjustments pursuant to the New Regulations.Continue Reading China Finalizes New Regulations to Relax Personal Data Exports from China

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

On September 28, 2023, the Cyberspace Administration of China proposed draft regulations, the Regulations on Regulating and Facilitating Cross-border Data Flow (Draft Regulations), seeking public comment. If adopted, it will significantly reduce the restrictions on cross-border data transfers from China. This is a material effort by China to improve free data flows and an implementation of the “whitelist” mentioned under the 24 provisions for attracting foreign investment published in August 2023.Continue Reading China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers

Recently, the Cyberspace Administration of China issued new comprehensive provisional measures, which went into effect on August 15, 2023, and govern the development and use of generative AI (GAI) in China. The measures cover “GAI services” (including foreign-invested GAI services) provided within the PRC, including the text, pictures, audios, videos and other content they generate.

Our global data team has prepared a practical guide that compares three standard contracts, as a means of facilitating international data transfers, namely:

  • The EU’s standard contractual clauses (effective since June 2021)
  • The People’s Republic of China’s (PRC) standard contract (issued in March 2023)
  • The Association of Southeast Asian Nations’ (ASEAN) model contractual clauses (published in January 2021).

Continue Reading A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers

At long last, China has issued the Standard Contract terms and the Measures for implementing them. Click here for more detailed analysis, but, in short:

  1. They apply to any personal information data export from China, except those of a heightened concern (i.e. critical information or large volume and/or sensitive data transfers) or where a voluntary

The past week witnessed two major developments relating to data export from China. On one hand, the data export-related regulation was officially adopted which expands the scope of government assessment. On the other hand, the long-awaited draft personal data export standard contract and the rules relating to the application of the contract were released for

China Publishes New Draft Measure on Cross-Border Data Transfer

On October 29, 2021, China released the Draft Measures on Data Cross-Border Security Assessment (the “Draft Measures”) for public comments. Following its two previous versions in 2017 and 2019, this new draft is developed based on the very recent adoption of the Personal Information Protection Law

As reported in our recent post, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China passed the Personal Information Protection Law (the “PIPL”). The implementation date is set for November 1, 2021, though we await some additional detail via promulgation orders on a number of important provisions, as set forth below, from the regulatory authorities.
Continue Reading New PRC Personal Information Protection Law Passed: A Deeper Dive into the Provisions