Who Is Operator of Critical Information Infrastructure?

Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?

Cybersecurity Review: Didi Is Not the Last Company

In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street. One of the bases of this review is the Measures for Cybersecurity Review 2020,… Continue reading Cybersecurity Review: Didi Is Not the Last Company

Chinese GDPR: On the Safe Side

China has taken another step toward data protection with the release of the second draft revision of the Personal Information Protection Law (PIPL). Although not the final law, it appears that personal data protection legislation has entered the final stages, and it is believed that the PIPL will soon be formally enacted. It is not… Continue reading Chinese GDPR: On the Safe Side

China Restricts Tesla Driving Permits for Civil Servants

After Tesla was first targeted by the Chinese government earlier this year over allegations of quality shortcomings, the successful e-car manufacturer is now in the spotlight over espionage allegations and threats to national security. According to recent reports, military personnel, government officials, and employees of large state-owned enterprises are no longer allowed to use Tesla-branded… Continue reading China Restricts Tesla Driving Permits for Civil Servants

The Obligation to Localize Data Affects More Companies

When it comes to data protection in China, data localization is inevitable for foreign companies. The basic requirements are currently mainly set out in the Cyber Security Law, and many service providers such as the financial sector, providers of public health information, and online cab booking services have issued their own data localization requirements. The… Continue reading The Obligation to Localize Data Affects More Companies

The Long Arm of the Law: New Draft Law on the Protection of Personal Data

China continues to improve data protection with the Personal Information Protection Law (PIPL). The law, along with the Cyber Security Law and the Data Security Law (still in draft form), will further strengthen personal data protection and have a profound impact on companies inside and outside China.  Foreign companies need to pay particular attention to… Continue reading The Long Arm of the Law: New Draft Law on the Protection of Personal Data