Showing Posts In "China" Category

China Publishes Q&A on Administrative Policies for the Security of Cross-Border Transfers

The Cyberspace Administration of China published a Q&A related to administrative policies on the security of cross-border transfers. One topic involves understanding the necessity of cross-border transfers. Pursuant to Articles 6 and 19 of the Personal Information Protection Law, the considerations for determining “necessity” include whether the processing of personal information is directly related to […]

One Key Take-Away from FAQ on Cross-Border Data Transfers

China’s Cyberspace Administration of China (CAC) released a new FAQ regarding the management of cross-border data transfers. The clarification provides significant relief to enterprises navigating the complex regime of data export compliance under China’s Data Security Law and associated regulations. One of the most notable takeaways is the CAC’s confirmation that companies are not required to classify and report “important data” […]

China Draft Rules on Cross Border Data Transfer

China has released a set of draft rules pertaining to the relaxation of some of the burdensome requirements on data exports, but they have not yet been finalized. The final version is expected to be released in the coming months. Companies should closely assess their position under the draft rules’ proposed thresholds and exemptions to […]

Cross-border Data Transfer Regulation Developments in China – July 2022

On July 7, 2022, the Cyberspace Administration of China issued the Measures for the Security Assessment of Outbound Data Transfers, which will take effect on September 1, 2022. The Measures underwent three rounds of public consultation in 2017, 2019, and 2021 before they were finalized. Read more for a discussion of each article.

Regulatory Alert: Closing the Gap on Cross Border Transfer Of Personal Data

By issuing the draft of Provisions on Standard Contracts for Cross-border Transfers of Personal Data, the Cyberspace Administration of China has given visibility over the missing piece of the Personal Information Protection Law regulatory framework. It provides certainty about the process for cross-border transfer of personal data in lower quantities, where the data processors’ operations […]

Chinese National Fined $7,000 For Practicing TCM On Cancer Patient Although Unqualified

A 62-year-old Chinese national on a long-term visit pass was fined $7,000 for practicing traditional Chinese medicine (TCM) when she was neither qualified nor registered to do so.

The woman, Li Li, had practiced TCM on a 72-year-old cancer patient in 2019. Apart from not being qualified in any prescribed practice of TCM, Li was […]

Briefing On the New Draft Legislation on Exporting Data Out of China

The Cyberspace Administration of China released the draft of Provisions on Standard Contracts for Cross-border Transfers of Personal Information for public comments. As per Article 38 of the PIPL, there are four scenarios for data exporters to transfer personal information outside of China legitimately. What are those four scenarios? And while the Provision is still […]

China Releases Draft Measures on Security Assessment of Cross-Border Data Transfer

The Cyberspace Administration of China recently published the “Draft Measures on Security Assessment of Cross-Border Data Transfer” for public comment, which outlines the requirements for security assessments on cross-border data transfers. The CAC had released previous draft measures specifying the “Security Assessment” requirements and procedures formulated based on the Cybersecurity Law that went into effect […]

China is Entering a New Era in Data Protections

China’s Data Security Law and the Personal Information Protection Law are two key pieces of legislation in the field of information security following the adoption of the Cyber Security Law of the PRC. The Data Security Law provides framework and principles of data protection and sets the tone for administrative rules and regulations, while the […]

New Developments of China’s Restrictions on Cross-Border Transfer of Personal Information Under The PIPL

On July 2, 2021, China’s top ride-hailing platform Didi Chuxing was probed for cybersecurity review two days after its IPO in the US, followed by two similar probes against other Internet companies that were also US-listed. Several speculations spread on why the companies are subject to cybersecurity reviews, and one of them is related to […]