Tag: China
China Issues Network Data Security Management Regulations
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through the network” (covering personal information, “important data” and all other types of electronic data) and provide implementing […]
China Loosens Cross-Border Data Transfer Controls
On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public comments. The commenting period ends on October 15, 2023. While this draft is subject to change after the commenting […]
China Issues Measures on Generative Artificial Intelligence Services
On July 13, 2023, the Cyberspace Administration of China (CAC) and six other Chinese government agencies jointly released the final version of the Interim Administrative Measures for Generative Artificial Intelligence Services (see the Chinese version here). These measures will enter into force on August 15, 2023. For background, the CAC […]
China Releases Standard Contract for Cross-Border Transfer of Personal Information
On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract as a schedule. The measures will take effect on June 1, 2023, and provide a six-month grace […]
Cooley Privacy Talks: Key Things to Know About Data Protection Laws in China
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data […]
Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies
Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]
Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set out further compliance obligations on the cross-border transfer of personal information.[1] Before controllers (under the GDPR) […]
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as: Can employers in the China store their Chinese employees’ personal information on databases hosted in foreign […]
PRC’s New Efforts to Facilitate Data Trading: Shanghai Data Exchange Kicks Off Trading
The new year ushered in a new way to commoditize personal data: the Shanghai Data Exchange (SDE). With the Personal Information Protection Law (PIPL) becoming effective on November 1, 2021 – as well as the Data Security Law (DSL) effective September 1, 2021, and the Cybersecurity Law (CSL) effective June […]