With the new Personal Information Protection Law (PIPL), the assessment of the impact on data subjects through the Personal Information Security Impact Assessment (PISIA) becomes the center of attention. PISIA assesses the legal compliance of current personal data processing, identifies the risks to data subjects, and evaluates the effectiveness of the data protection measures taken.… Continue reading The PIPL Requires Data Mapping of Personal Information
Chatbots are popular in China and are part of everyday digital life. They can be found in business as well as in society, for example in customer service or as social chatbots, a kind of virtual friend of the user. One example is the app XiaoIce, which now has more than 40 million registered users… Continue reading Is Your Personal Data Safe with Chatbots?
Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?
After three revisions, China’s Personal Information Protection Law (PIPL), which has received much attention abroad, will come into force on November 1, 2021. It comprehensively protects personal data, going beyond the European General Data Protection Regulation (GDPR) – a milestone in Chinese legal history. Take Big Data price discrimination, for example: it refers to the… Continue reading The Personal Information Protection Law (PIPL) Challenges Companies
In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street. One of the bases of this review is the Measures for Cybersecurity Review 2020,… Continue reading Cybersecurity Review: Didi Is Not the Last Company
China has taken another step toward data protection with the release of the second draft revision of the Personal Information Protection Law (PIPL). Although not the final law, it appears that personal data protection legislation has entered the final stages, and it is believed that the PIPL will soon be formally enacted. It is not… Continue reading Chinese GDPR: On the Safe Side
China is increasingly cracking down on illegal deepfakes – fake digital representations of people in image, video or audio formats created using artificial intelligence for the purpose of deception. The counterfeiter usually collects facial or body data of a person in the form of images and uploads them to an AI algorithm. This processes the… Continue reading China Fights Misleading through Deepfakes
When it comes to data protection in China, data localization is inevitable for foreign companies. The basic requirements are currently mainly set out in the Cyber Security Law, and many service providers such as the financial sector, providers of public health information, and online cab booking services have issued their own data localization requirements. The… Continue reading The Obligation to Localize Data Affects More Companies
China continues to improve data protection with the Personal Information Protection Law (PIPL). The law, along with the Cyber Security Law and the Data Security Law (still in draft form), will further strengthen personal data protection and have a profound impact on companies inside and outside China. Foreign companies need to pay particular attention to… Continue reading The Long Arm of the Law: New Draft Law on the Protection of Personal Data