Tag archives: china

PIPL: A game changer for companies in China

Data Protection Report - Norton Rose Fulbright

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add another layer of complexity with respect to compliance with China’s security and data laws and regulations.

As is usual with all China laws, many of the concepts and requirements are high-level and we expect that some further details will be provided in regulations and practical … Continue Reading

China passes the Personal Information Protection Law

Data Protection Report - Norton Rose Fulbright

China passed its Personal Information Protection Law (PIPL) on 20 August 2021.  The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet.

In addition, China published the Provisions on the Administration of Security of Automobile Data (For Trial Implementation) (Automobile Data Regulation) today, which will take effect on 1 October 2021.

With respect to the PIPL, it is reported that the final version will include some new rules on the processing of personal information, such as:

  • If information push or
Continue Reading

New Chinese Measures for Personal Data Cross-Border Transfer Security Assessments

Introduction

On June 13, 2019 Measures for Personal Data Cross-Border Transfer Security Assessments (Draft for Comment) (Measures) were issued by the Cyberspace Administration of China, along with an invitation for submissions to be made as part of a public consultation. The Measures lay down stricter requirements in relation to cross-border transfers of personal data with the intention to better safeguard internet users’ rights, public interests and national security.

The Measures set out a number of general requirements and implementing provisions for aspects of a network operator’s assessment obligation, assessment standards and reporting procedures. They also introduce specific requirements for contracts … Continue Reading

New China Guideline for Internet Personal Information Security Protection

On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments.… Continue Reading

China Amends Draft Regulation on Cross-Border Data Transfer

Data Protection Report - Norton Rose Fulbright

We have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures).  Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is likely to be the final version of the Measures.  The Measures are to take effect on the same day as China’s Cyber Security Law (Cyber Security Law) on 1 June 2017.… Continue Reading

Cross-border data transfers: China issues new measures to strengthen data localisation

Norton Rose Fulbright - Data Protection Report blog

The Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.… Continue Reading

China Cybersecurity: New Law Increases Security Regulation Over Cyberspace

Data Protection Report - Norton Rose Fulbright

On November 7, 2016, the Standing Committee of China’s National People’s Congress (NPC) voted to pass the Cyber Security Law (unofficial English translation). Its draft has gone through three rounds of readings and it will become effective from June 1, 2017. This legislation provides for the Chinese government’s supervisory jurisdiction over cyberspace, defines security obligations for network operators and enhances the protection over personal information. It also establishes a regulation regime in respect of critical information infrastructure and imposes data localization requirements for certain industries.

In this post, we outline the key changes it will bring about and … Continue Reading

China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country

Data Protection Report - Norton Rose Fulbright

On July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China.

The draft expressly provides that the law will apply equally to both Chinese and international businesses.… Continue Reading

China requires providers to enforce real-name registration and ban on “harmful” usernames

Data Protection Report - Norton Rose Fulbright

The Cyberspace Administration of China announced on February 4, 2015 new regulations requiring Internet users to register accounts under their real names for social network sites like blogs, discussion forums, comment sections, instant messaging, and related services. The rules impose the obligation to enforce the restrictions on affected businesses, including Western companies operating in China.

The new regulations come after a raft of earlier proposals that have tried with limited success to impose real-name registration requirements on users for a broader scope of Internet services, which included e-commerce, microblogs, video hosting websites, news websites, apps developer portals, online payment systems, … Continue Reading

LexBlog