In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…
In Brief On March 7, 2023, China’s State Council unveiled plans to consolidate the country’s data protection functions into a single National Data Bureau to address the inconsistencies around the administration of China’s data and security laws. Background The privacy and security legal landscape in China has quickly evolved in recent years. The Cybersecurity Law (CSL) was adopted in 2017, and modified in 2022. The Personal Information Protection Law (PIPL) and the Data Security Law…
In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…
In Brief China has strengthened its commitment to protect personal information by adopting the new Personal Information Protection Law (PIPL 《中华人民共和国个人信息保护法》) which gives data subjects the power to control and determine how, with whom and for what purposes their personal information can be shared, analyzed or handled. Our Firm has previously released a more detailed discussion on the PIPL, which took effect on 1 November 2021. In the context of compliance investigations, typical activities can include accessing and…
Executive Summary On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (“PIPL”), after deliberating two draft versions and seeking for public comment in a ten month’s span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, generally-applicable legislation, as EU does with the aid of the General Data…
Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…
TMT Talk continues to identify issues relevant to the Technology, Media, and Telecommunications sector, as companies determine their next steps and strategies around COVID-19. In this episode, Raffaele Giarda, Howard Wu and Derek Liu tackle the M&A developments and trends that have emerged as tech companies find ways to adjust in the new world created in the aftermath of the pandemic. This insightful discussion features perspectives from the West Coast and China, with increased M&A activity in gaming and content…
Robots are now writing our daily news instead of journalists. No wonder, artifical intelligence (AI) is considered one of the most transformative technologies of our times. Much has been written about how AI will affect copyright and patent laws and change established concepts such as “author” and “inventor”. Decisions on those topics are now emerging, and without surprise, mostly from China where tech and AI are already used on a daily basis in shopping, the…
As part of the Cyberspace Administration of China (CAC)’s recent push to accelerate formulation of the implementation rules of the China Cybersecurity Law (CSL), it published the draft Measures for Security Assessment of Export of Personal Information (for public consultations) on 13 June 2019 (“Draft Security Assessment Measures”). As the CAC appears to propose adopting two separate sets of rules and requirements on the security assessment of outbound provision of personal information and important data,…
What does 2019 hold for businesses in the Technology, Media and Telecommunications sector and what legal and regulatory trends should be on their radar? A complex question in a world in which the boundaries between areas are blurring to an extent that car manufacturers are becoming tech companies, traditional content producers are launching their own direct-to-consumer streaming services, and telecommunications providers are moving into adjacent industries to make up for declines in traditional revenues. Everywhere,…