On July 7, 2022, the Cyberspace Affairs Commission (“CAC”) of China issued the Measures on Security Assessment of Cross-Border Data Transfer (the “Security Assessment Measures”), which sets out the security assessment framework for cross-border data transfers. The Security Assessment Measures will become effective on September 1, 2022. In conjunction with the
On August 20, 2021, the Standing Committee of the National People’s Congress promulgated the Personal Information Protection Law (PIPL), which will become effective on November 1, 2021. The PIPL is the first comprehensive national level personal information protection law in China, which systematically regulates the processing of personal information by entities and individuals. The PIPL, together with the Cybersecurity Law, which was promulgated in 2017, and the Data Security Law, which was promulgated earlier this year, form the three pillars of China’s comprehensive data protection legal regime.
This Alert provides a summary of the highlights of the PIPL, discusses the implications on domestic and foreign businesses operating in China, and compares the PIPL with the European Union (EU) General Data Protection Regulation (GDPR), which has greatly influenced many of the concepts included in the PIPL.
Continue Reading China Passes Personal Information Protection Law