China is putting pressure on the implementation of its compliance rules regarding cyber security and data protection. With immediate effect, companies that violate the legal requirements for cyber security and data protection will be recorded and disclosed in the Corporate Social Credit System (CSCS). This applies, for example, to the mandatory certification of network-connected IT… Continue reading Cyber and data compliance now included in the social credit system
Tag: personal information
The audit on personal data protection is coming
The Cyberspace Administration of China (CAC) published the Administrative Measures for the Audit of Personal Information Protection Compliance for Comment in August. The aim is to operationalize the regular compliance audit for processors of personal information in accordance with Article 54 and 64 of the Personal Information Protection Law (PIPL). The administrative measures specify the… Continue reading The audit on personal data protection is coming
Verification of the processing personal information
On August 3, Cyberspace Administration of China (CAC) issued draft administrative guidelines for privacy-compliant reviews of personal information and related reference points for public expression. The goal of the documents is to provide regulatory oversight of data privacy compliance. However, data processors are also expected to self-regulate and increase their awareness of the need to… Continue reading Verification of the processing personal information
New Data Exchanges in China
On April 10, 2022, the Chinese government announced to accelerate the construction of the unified domestic market. Part of this is to also establish a data market to promote Big Data applications and AI development, focusing on data security and control of cross-border data transfer. To be allowed to provide data outside China, data processors… Continue reading New Data Exchanges in China
First Tribunal for Data Resources Established
China continues to forge ahead in the development of the digital economy. For example, on May 18, 2022, China’s first professional court to handle cases related to data resources was established – the Data Resource Tribunal of Wenzhou Ouhai District People’s Court. The background: with the development of the digital economy, the production, storage, use… Continue reading First Tribunal for Data Resources Established
New Specifications: IT Security of Apps in China
On November 1, 2022, the national standard GB/T 41391-2022 “Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) Collecting Personal Information,” published in April, will come into force. It applies to all app operators in China and is intended to regulate personal information collection activities. This standard is relevant to all companies that operate… Continue reading New Specifications: IT Security of Apps in China
The PIPL Requires Data Mapping of Personal Information
With the new Personal Information Protection Law (PIPL), the assessment of the impact on data subjects through the Personal Information Security Impact Assessment (PISIA) becomes the center of attention. PISIA assesses the legal compliance of current personal data processing, identifies the risks to data subjects, and evaluates the effectiveness of the data protection measures taken.… Continue reading The PIPL Requires Data Mapping of Personal Information
Who Is Operator of Critical Information Infrastructure?
Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?
The Personal Information Protection Law (PIPL) Challenges Companies
After three revisions, China’s Personal Information Protection Law (PIPL), which has received much attention abroad, will come into force on November 1, 2021. It comprehensively protects personal data, going beyond the European General Data Protection Regulation (GDPR) – a milestone in Chinese legal history. Take Big Data price discrimination, for example: it refers to the… Continue reading The Personal Information Protection Law (PIPL) Challenges Companies
Cybersecurity Review: Didi Is Not the Last Company
In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street. One of the bases of this review is the Measures for Cybersecurity Review 2020,… Continue reading Cybersecurity Review: Didi Is Not the Last Company
China Intellectual Property Blog 