Tag archives: china

PIPL: A game changer for companies in China

By Anna Gamvros and Lianying Wang (CN) on August 24, 2021 Posted in Compliance and risk management, Cybersecurity

Data Protection Report - Norton Rose Fulbright

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add … Continue reading

China passes the Personal Information Protection Law

By Anna Gamvros and Lianying Wang (CN) on August 20, 2021 Posted in Compliance and risk management, Cybersecurity

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet. In addition, China published the Provisions on the Administration of Security of Automobile Data (For … Continue reading

New Chinese Measures for Personal Data Cross-Border Transfer Security Assessments

By Barbara Li (CN) and Bohua Yao (CN) on July 1, 2019 Posted in Cybersecurity, Data breach

On June 13, 2019 Measures for Personal Data Cross-Border Transfer Security Assessments were issued by the Cyberspace Administration of China.… Continue reading

New China Guideline for Internet Personal Information Security Protection

By Barbara Li (CN) and Bohua Yao (CN) on December 5, 2018 Posted in Compliance and risk management, Data breach, Regulatory response

On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments.… Continue reading

China issues Personal Information Security Specification

By Barbara Li (CN) on February 5, 2018 Posted in Regulatory response

The Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification, which will come into effect on 1 May 2018.… Continue reading

China Amends Draft Regulation on Cross-Border Data Transfer

By Barbara Li (CN) on May 23, 2017 Posted in Compliance and risk management, Regulatory response

We have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures). Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is … Continue reading

Cross-border data transfers: China issues new measures to strengthen data localisation

By Barbara Li (CN), Anna Gamvros and Ruby Kwok (HK) on May 3, 2017 Posted in Compliance and risk management, Regulatory response

Norton Rose Fulbright - Data Protection Report blog

The Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.… Continue reading

China Cybersecurity: New Law Increases Security Regulation Over Cyberspace

By Anna Gamvros and Barbara Li (CN) on November 17, 2016 Posted in Compliance and risk management, Regulatory response

On November 7, 2016, the Standing Committee of China’s National People’s Congress (NPC) voted to pass the Cyber Security Law (unofficial English translation). Its draft has gone through three rounds of readings and it will become effective from June 1, 2017. This legislation provides for the Chinese government’s supervisory jurisdiction over cyberspace, defines security obligations for … Continue reading

China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country

By Barbara Li (CN) on July 16, 2015 Posted in Regulatory response

On July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China. The draft expressly provides that the law will apply equally to both Chinese and international businesses.… Continue reading

China requires providers to enforce real-name registration and ban on “harmful” usernames

By Barbara Li (CN) on February 6, 2015 Posted in Compliance and risk management, General, Regulatory response

The Cyberspace Administration of China announced on February 4, 2015 new regulations requiring Internet users to register accounts under their real names for social network sites like blogs, discussion forums, comment sections, instant messaging, and related services. The rules impose the obligation to enforce the restrictions on affected businesses, including Western companies operating in China. The new regulations come … Continue reading