Photo of Ashwin Kaja

Ashwin Kaja

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices and, outside of Covington, serves as the General Counsel of the American Chamber of Commerce in China.

Ashwin helps clients solve acute problems that arise in the course of doing business in China and position themselves for longer-term success in the country’s rapidly evolving legal and policy environment. He is an expert on Chinese industrial policy and has worked on matters related to a wide range of sectors including technology, financial services, life sciences, and the social sector. Ashwin has also counseled a range of clients on data privacy and cybersecurity-related matters.

As the General Counsel of the American Chamber of Commerce in China (AmCham China), Ashwin serves as a senior officer of the organization and as an ex officio member of its Board of Governors, supporting nearly one thousand member companies in developing their businesses in China and advocating for their needs with China’s central and local governments.

China has set out on an ambitious agenda of aiming to become the world leader in artificial intelligence by 2030. Policy experiments for a critical part of China’s AI development strategy, and to that end multiple government think tanks have set out formulating standards that may impact AI innovation in China.

The China Electronics Standardization

Artificial intelligence promises to be a paradigm shift for many applications from manufacturing to finance, and from defense to education.  Given the vast potential, focus on AI has sharpened around the world, including in China.  Decision makers in Beijing and around the country are paying attention and have begun shaping a legal and policy regime

China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the Regulations on the Protection of Minors in Cyberspace (“Draft Regulations”), which contain significant provisions addressing minors’ data privacy. Note that the scope of this new regulation is broader than the US’s Children’s Online Privacy Protection Act (“COPPA”), which focuses primarily on children’s privacy issues.
Continue Reading China Issues Draft Regulations on Protecting Minors in Cyberspace

China’s State Administration of Industry and Commerce (“SAIC”) has released for public comment a draft regulation implementing recent amendments to a consumer protection law that would, among other things, supplement existing privacy obligations for businesses operating in China.

The “Regulations on the Implementation of the Law on the Protection of the Rights and Interests of Consumers” (“Draft Implementing Regulations”) implement certain provisions of the Law on the Protection of the Rights and Interests of Consumers (“Consumer Rights Protection Law” or “CRPL”; unofficial English translation by Chinalawtranslate.com available here), which underwent significant revisions in October 2013. The Draft Implementing Regulations reiterate and supplement data privacy and security obligations imposed in the CRPL and in the Measures on Penalties for Infringing Upon the Rights and Interests of Consumers (“CRPL Penalty Measures”; unofficial English translation by Covington available here), which was promulgated in January 2015 and discussed in our previous article here.
Continue Reading China Releases Draft Implementing Regulations for Consumer Rights Protection Law

The Cyberspace Administration of China (“CAC”) has issued new rules regulating apps for smartphone/mobile devices, the Rules on the Management of Mobile App Information Services (“App Rules,” available here, preceded by a Q&A section, all in Chinese), that will come into effect on August 1, 2016. The App Rules are aimed primarily at regulating the rapidly growing app market and addressing corresponding data privacy issues. Among other things, they impose data privacy, cybersecurity, and content monitoring requirements on app and app store providers.
Continue Reading China Issues New Rules for Mobile Apps

This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and the Cyberspace Administration of China. In addition to the government agencies, several Chinese research institutions and Internet companies (including Tencent and Alibaba) will also participate in the working group.
Continue Reading China Formulating Standards for Personal Information Security and Data Protection

On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here, and an unofficial English translation here), which took effect on January 1, 2016.  The adoption of this law, a year after the first draft was released for public comment, followed closely the adoption of a new National Security Law and a draft Network Security Law.

The Counter-Terrorism Law reinforces the government’s broad powers to investigate and prevent incidents of terrorism and requires citizens and companies to assist and cooperate with the government in such matters.  The law imposes additional and specific obligations on companies in certain sectors, including those providing telecommunications, Internet, and financial services.  Non-compliance or non-cooperation can lead to significant penalties, including fines on companies and criminal charges or detention for responsible individuals. In some respects, the new law provides greater, higher-level legal authority to pre-existing regulations and practice. In others, it imposes new obligations or makes existing obligations more specific (e.g., penalties).

The law’s broadly-worded requirements create some uncertainty as to their implications for companies’ data protection and security policies.
Continue Reading China Enacts New Counter-Terrorism Law

On August 29, 2015, China’s legislature, the National People’s Congress, amended the Criminal Law, effective November 1, 2015. Among other things, the amendments modify and add several provisions related to data privacy and cybersecurity. We discuss some of these key amendments below.
Continue Reading China Amends Criminal Law Related to Data Privacy and Cybersecurity

On July 6, 2015, China’s National People’s Congress (NPC) released a draft of the Network Security Law  (“Draft Law,” referred to in some press articles as the draft Cybersecurity Law) for public comment.  Comments can be submitted through the NPC website or by mail before August 5, 2015. The release of the Draft Law follows closely on the heels of the new National Security Law that was enacted last week (see Covington blog post here).

This Draft Law, initially reviewed by the NPC in June, would apply broadly to entities or individuals that construct, operate, maintain, and use networks within the territory of China, as well as those who are responsible for supervising and managing network security. A number of the provisions in this Draft Law, if enacted in their current form, are likely to significantly impact information and communications technology (“ICT”) and other companies with business operations or interests in China.

Those that most merit the close attention of companies are those that relate to (1) the “secure” operations of networks and “critical information infrastructure,” and (2) data protection. This post focuses on the latter.
Continue Reading China Releases Draft of New Network Security Law: Implications for Data Privacy & Security

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry