The requirements of the internationally widely discussed Data Security Law (DSL, effective since Sep 1, 2021) are a challenge for many companies operating in China. To establish a hierarchical protection system for data classification, China’s National Information Security Standardization Technical Committee has issued the National Standard – Guide for Important Data Identification (Draft, hereinafter referred… Continue reading National Standard Provides Insight into Future Data Requirements
Category: Data Protection
Legal Requirements for Vulnerability Management
For some time now, CIOs around the world have been busy fixing the Log4j2 vulnerability. From a technical perspective, there are solutions such as patches and system upgrades. However, vulnerability management is not just a technical issue in China; there are also legal requirements that companies must meet. For example, service providers are required by… Continue reading Legal Requirements for Vulnerability Management
Measures of the Cyber Security Review
China continues to strengthen its control of operators of large Internet platforms. In addition to the regulation on the use of algorithms to influence user behavior, such as recommendation algorithms, which will come into force on March 1, 2022, the Cybersecurity Review Measures will come into force on February 15, 2022. In addition to operators… Continue reading Measures of the Cyber Security Review
China’s New Algorithm Regulations Challenge Tech Companies
China’s efforts to strictly regulate the tech sector continue to move forward. On 1 March 2022, new regulations will come into force governing the use of algorithms by companies. Abusive and manipulative use of algorithms, such as price manipulation, should thus be made much more difficult and personal user data protected. The central subject matter… Continue reading China’s New Algorithm Regulations Challenge Tech Companies
Cyber Security and Data Protection: What’s in Store for 2022?
The year 2021 was – not only, but also – a turbulent year in the areas of cyber security and data protection in China. In addition to increased enforcement of the Multi-Level Protection Scheme (MLPS) in China, the implementation of which has been legally binding for companies in China since 2017 (see our webinars), many… Continue reading Cyber Security and Data Protection: What’s in Store for 2022?
Important Data: More Duties for Processing
China is fleshing out its data protection rules. The Network Data Security Management Regulation (Draft for Comments), published in November 2021, provides more detailed guidance regarding the obligations of processors of important data. Data is divided into general data, important data, and national core data. Important data refers to data that may jeopardize national security… Continue reading Important Data: More Duties for Processing
Information on Important Data in China
According to the Measures on Data Export Security Assessment (Draft for Comments) and Network Data Security Management Regulation (Draft for Comments), important data and the obligations of important data processors are explained as follows:China defines critical data very broadly. Important data is data that may jeopardise national security or the public interest if it is… Continue reading Information on Important Data in China
Data Export Security Assessment: All Data Processors Are Involved
With the enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL), security management and assessment of cross-border data transfer became a key issue. Following these three laws, China’s Cyberspace Administration (CAC) published the Measures on Data Export Security Assessment (Draft for Comments) on October 29, 2021, which provides… Continue reading Data Export Security Assessment: All Data Processors Are Involved
Patents and Data: Extraterritorial Effect of Chinese Laws
China’s Five-Year Plan calls for the development of a Chinese-style socialist rule of law that also has an impact abroad. The country is to distinguish itself as a first-choice jurisdiction for resolving cross-border disputes and promote the application of Chinese law abroad. International legal and regulatory norms should be amended and the Chinese legal system… Continue reading Patents and Data: Extraterritorial Effect of Chinese Laws
The PIPL Requires Data Mapping of Personal Information
With the new Personal Information Protection Law (PIPL), the assessment of the impact on data subjects through the Personal Information Security Impact Assessment (PISIA) becomes the center of attention. PISIA assesses the legal compliance of current personal data processing, identifies the risks to data subjects, and evaluates the effectiveness of the data protection measures taken.… Continue reading The PIPL Requires Data Mapping of Personal Information
China Intellectual Property Blog 