On January 7, 2024, China’s Cyberspace Administration (“CAC”) closed the public consultation period for its new cybersecurity incident reporting rules, which were released in December. If the draft rules are adopted as written, companies would be required to report certain cybersecurity incidents to the relevant Chinese regulator within one hour. The relevant regulator depends on the nature of the IT system compromised, the industry, and other factors and may be the local CAC, the public…
On October 17, 2023, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) released two interim final rules (collectively, the “October 2023 IFRs” available here and here) amending the Export Administration Regulations (the “EAR”) to further strengthen export controls on advanced computing items, semiconductor manufacturing equipment, and items that can support end uses related to the development and production of supercomputers, advanced-node integrated circuits and semiconductor manufacturing equipment. The long-awaited October 2023 IFRs come more than one…
In Brief On September 29, 2023, China’s primary data protection regulator, the Cyberspace Administration of China (“CAC”), proposed new rules for cross-border data transfers from China (the “Draft Rules”). If implemented as written, the Draft Rules, which are currently subject to public comment through mid-October, will significantly roll back requirements for many US and multinational organizations. There is no specific deadline for adoption, but it is expected prior to November 30, 2023, which is the…
In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…
In Brief On March 7, 2023, China’s State Council unveiled plans to consolidate the country’s data protection functions into a single National Data Bureau to address the inconsistencies around the administration of China’s data and security laws. Background The privacy and security legal landscape in China has quickly evolved in recent years. The Cybersecurity Law (CSL) was adopted in 2017, and modified in 2022. The Personal Information Protection Law (PIPL) and the Data Security Law…
In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…
In Brief China has strengthened its commitment to protect personal information by adopting the new Personal Information Protection Law (PIPL 《中华人民共和国个人信息保护法》) which gives data subjects the power to control and determine how, with whom and for what purposes their personal information can be shared, analyzed or handled. Our Firm has previously released a more detailed discussion on the PIPL, which took effect on 1 November 2021. In the context of compliance investigations, typical activities can include accessing and…
Executive Summary On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (“PIPL”), after deliberating two draft versions and seeking for public comment in a ten month’s span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, generally-applicable legislation, as EU does with the aid of the General Data…
Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…
TMT Talk continues to identify issues relevant to the Technology, Media, and Telecommunications sector, as companies determine their next steps and strategies around COVID-19. In this episode, Raffaele Giarda, Howard Wu and Derek Liu tackle the M&A developments and trends that have emerged as tech companies find ways to adjust in the new world created in the aftermath of the pandemic. This insightful discussion features perspectives from the West Coast and China, with increased M&A activity in gaming and content…