Photo of Katherine Wang

On September 28, 2023, the Cyberspace Administration of China (“CAC”) issued a Draft Rule on the Regulation and Facilitation of Cross-Border Transfer of Personal Information (the “Draft Rule”). The Draft Rule seeks to streamline the security requirements pertaining to cross-border transfer of personal information under certain circumstances. The Draft Rule is open for comments from the public until October 15, 2023.

Continue Reading China Proposes to Ease Oversight of Cross-Border Transfer of Personal Information

On February 22, 2023, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Measures for the Standard Contract for Cross-Border Transfer of Personal Information (the “Measures”), along with the final version of the standard contractual clauses for cross-border transfer of personal information stipulated under the Personal Information Protection Law (the “PIPL SCCs”).

Artificial intelligence-enabled technology tools are capable of dissecting large quantities of data faster than ever before and in some cases, in real time. However, the increasingly widespread use of AI challenges regulators to balance the benefits of innovation while protecting patient safety, health and privacy rights. An Intellectual Property & Technology Law Journal article on

On July 7, 2022, the Cyberspace Affairs Commission (“CAC”) of China issued the Measures on Security Assessment of Cross-Border Data Transfer (the “Security Assessment Measures”), which sets out the security assessment framework for cross-border data transfers. The Security Assessment Measures will become effective on September 1, 2022. In conjunction with the

On August 20, 2021, the Standing Committee of the National People’s Congress promulgated the Personal Information Protection Law (PIPL), which will become effective on November 1, 2021. The PIPL is the first comprehensive national level personal information protection law in China, which systematically regulates the processing of personal information by entities and individuals. The PIPL, together with the Cybersecurity Law, which was promulgated in 2017, and the Data Security Law, which was promulgated earlier this year, form the three pillars of China’s comprehensive data protection legal regime.

This Alert provides a summary of the highlights of the PIPL, discusses the implications on domestic and foreign businesses operating in China, and compares the PIPL with the European Union (EU) General Data Protection Regulation (GDPR), which has greatly influenced many of the concepts included in the PIPL.
Continue Reading China Passes Personal Information Protection Law