The past week witnessed two major developments relating to data export from China. On one hand, the data export-related regulation was officially adopted which expands the scope of government assessment. On the other hand, the long-awaited draft personal data export standard contract and the rules relating to the application of the contract were released for

We are pleased to announce that Scott Warren has joined the faculty of PrivSec Global, which brings together leading experts from around the world for a two-day livestream event covering the latest information, guidance and advice on data protection, privacy and security.
Continue Reading Scott Warren to Speak at PrivSec Global on China’s Data Privacy Law

A Brief Analysis of Several Provisions on the Security Management for Automotive Data (Trial Implementation)

Connected vehicles capable of connecting to the internet and sharing data with external parties are experiencing exponential growth in China. Despite the apparent benefits of new technologies, they have also raised significant concerns over personal information protection, data protection and cybersecurity. As they are in many other countries, regulators in China are making tremendous efforts to catch up with these new technologies.

On August 16, 2021, China’s first regulation on automotive data security, Provisions on the Security Management for Automotive Data (Trial Implementation) (hereinafter referred to as the “Provisions”), was unveiled and goes into effect on October 1, 2021. The Provisions establish a preliminary compliance framework for automotive data security in China by defining automotive data and regulated entities, stipulating principles for data processing, specifying obligations of data processors, and setting forth rules for cross-border data transmission.
Continue Reading A New Era of Automotive Data Compliance is Coming

As reported in our recent post, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China passed the Personal Information Protection Law (the “PIPL”). The implementation date is set for November 1, 2021, though we await some additional detail via promulgation orders on a number of important provisions, as set forth below, from the regulatory authorities.
Continue Reading New PRC Personal Information Protection Law Passed: A Deeper Dive into the Provisions

After three rounds of revisions, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China officially passed the Personal Information Protection Law (the “PIPL”).

  • Fundamental Principle. The fundamental principles under the PIPL is that collection and processing PI should be limited only the minimum level as necessary to fulfill the specific purpose of PI processing; or the so-called “as minimum and as necessary” principle. PI processing beyond the level of minimum and necessity may be found a violation of the PIPL, even if individual consent is obtained or other formality is fulfilled. PI processing and compliance program should be set up always with the fundamental principles in mind.

Continue Reading NEW: China’s Personal Information Protection Law

The People’s Republic of China (China), has been active lately in passing several new laws and regulations relating to data privacy and security. Here are 2 of the recent laws which tend to focus more on those handling data national security and/or public interest (ala Critical Information Infrastructure or Important Data).
Continue Reading China Passes New Data Privacy and Security Laws