Measures of the Cyber Security Review

China continues to strengthen its control of operators of large Internet platforms. In addition to the regulation on the use of algorithms to influence user behavior, such as recommendation algorithms, which will come into force on March 1, 2022, the Cybersecurity Review Measures will come into force on February 15, 2022. In addition to operators… Continue reading Measures of the Cyber Security Review

Cyber Security and Data Protection: What’s in Store for 2022?

The year 2021 was – not only, but also – a turbulent year in the areas of cyber security and data protection in China. In addition to increased enforcement of the Multi-Level Protection Scheme (MLPS) in China, the implementation of which has been legally binding for companies in China since 2017 (see our webinars), many… Continue reading Cyber Security and Data Protection: What’s in Store for 2022?

Important Data: More Duties for Processing

China is fleshing out its data protection rules. The Network Data Security Management Regulation (Draft for Comments), published in November 2021, provides more detailed guidance regarding the obligations of processors of important data. Data is divided into general data, important data, and national core data. Important data refers to data that may jeopardize national security… Continue reading Important Data: More Duties for Processing

Data Export Security Assessment: All Data Processors Are Involved

With the enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL), security management and assessment of cross-border data transfer became a key issue. Following these three laws, China’s Cyberspace Administration (CAC) published the Measures on Data Export Security Assessment (Draft for Comments) on October 29, 2021, which provides… Continue reading Data Export Security Assessment: All Data Processors Are Involved

Who Is Operator of Critical Information Infrastructure?

Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?

Cybersecurity Review: Didi Is Not the Last Company

In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street. One of the bases of this review is the Measures for Cybersecurity Review 2020,… Continue reading Cybersecurity Review: Didi Is Not the Last Company

Chinese GDPR: On the Safe Side

China has taken another step toward data protection with the release of the second draft revision of the Personal Information Protection Law (PIPL). Although not the final law, it appears that personal data protection legislation has entered the final stages, and it is believed that the PIPL will soon be formally enacted. It is not… Continue reading Chinese GDPR: On the Safe Side

China Restricts Tesla Driving Permits for Civil Servants

After Tesla was first targeted by the Chinese government earlier this year over allegations of quality shortcomings, the successful e-car manufacturer is now in the spotlight over espionage allegations and threats to national security. According to recent reports, military personnel, government officials, and employees of large state-owned enterprises are no longer allowed to use Tesla-branded… Continue reading China Restricts Tesla Driving Permits for Civil Servants

The Obligation to Localize Data Affects More Companies

When it comes to data protection in China, data localization is inevitable for foreign companies. The basic requirements are currently mainly set out in the Cyber Security Law, and many service providers such as the financial sector, providers of public health information, and online cab booking services have issued their own data localization requirements. The… Continue reading The Obligation to Localize Data Affects More Companies

The Long Arm of the Law: New Draft Law on the Protection of Personal Data

China continues to improve data protection with the Personal Information Protection Law (PIPL). The law, along with the Cyber Security Law and the Data Security Law (still in draft form), will further strengthen personal data protection and have a profound impact on companies inside and outside China.  Foreign companies need to pay particular attention to… Continue reading The Long Arm of the Law: New Draft Law on the Protection of Personal Data