On March 22, 2024, the Cyberspace Administration of China issued the Provisions on Facilitation and Regulation of Cross-Border Data Flows, which were effective the same day. The CAC also held a press conference to introduce and explain the Provisions. This blog entry provides a summary of the Provisions.
Continue Reading New Era of Regulation for Cross-Border Transfers in China
China
House Passes the Protecting Americans’ Data from Foreign Adversaries Act
On March 20, 2024, the U.S. House of Representatives passed legislation that will prohibit data brokers from transferring U.S. residents’ sensitive personal data to foreign adversaries, including China and Russia. The Protecting Americans’ Data from Foreign Adversaries Act of 2024 marks a significant development in executive and legislative action related to foreign access to U.S. data.
Continue Reading House Passes the Protecting Americans’ Data from Foreign Adversaries Act
China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone
Recent developments in the Shanghai Pilot Free Trade Zone to facilitate cross-border data transfers are expected to provide greater flexibility in exporting data from China, which has been stymied by the Cyberspace Administration of China’s strict cross-border data transfer regulations proposed in December 2023. …
Continue Reading China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone
29 Countries Reach Agreement On AI Risks and Opportunities
On November 1, 2023, 29 nations, including the U.S., the UK, the EU and China, reached a ground-breaking agreement, known as the Bletchley Declaration. …
Continue Reading 29 Countries Reach Agreement On AI Risks and Opportunities
China Proposes New Rules for Data Transfers
On September 28, 2023, the Cyberspace Administration of China released the “Provisions on Regulating and Facilitating Cross-Border Data Flows” for public comment. …
Continue Reading China Proposes New Rules for Data Transfers
China Issues Guidelines regarding Filing Standard Contracts for Cross-Border Transfer of Personal Information
On May 30, 2023, the Cyberspace Administration of China issued the Guideline for Filing the Standard Contract for Cross-border Transfer of Personal Information. …
Continue Reading China Issues Guidelines regarding Filing Standard Contracts for Cross-Border Transfer of Personal Information
Basic Security Requirements for Smartphone Pre-installed Apps in China
TC260 of China recently issued the Information Security Technology-Basic Security Requirements for Pre-installed App of Smartphones for public comments ending December 6, 2022.
Continue Reading Basic Security Requirements for Smartphone Pre-installed Apps in China
Government Security Assessment on Cross-Border Transfer in China
On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).Continue Reading Government Security Assessment on Cross-Border Transfer in China
China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information
On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information
China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities