Archives: China

Subscribe to China RSS Feed

National Cybersecurity Awareness Month Q&A with Yan Luo

Yan Luo advises clients on a broad array of regulatory matters in connection with cybersecurity and data protection rules in China. With previous work experience in Washington, DC and Brussels before relocating to Beijing, Yan has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on … Continue Reading

China Revises Proposals on Regulation of Commercial Encryption

In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be … Continue Reading

Chinese Agencies Announce Plan to Audit Privacy Policies of Ten Popular Online Services

On July 26, four Chinese agencies, the Cyberspace Administration of China (“CAC”), the Ministry of Industry and Information Technology (“MIIT”), the Ministry of Public Security (“MoPS”), and the National Standards Committee, announced their plan to begin the government’s campaign to improve the protection of personal information, according to Xinhua News Agency (link is in Chinese).  … Continue Reading

China Seeks Public Comments on Draft Regulation on the Protection of Critical Information Infrastructure

On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation on the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017. Aiming to add greater clarification to the Cybersecurity Law, which took effect on June 1, … Continue Reading

Chinese Authorities Release Catalog of Network and Cybersecurity Products Subject to Pre-Sale Inspection

On June 9, 2017, the Cyberspace Administration of China (“CAC”), together with three other agencies, released a Catalog of Critical Network Equipment and Network Security Products (First Batch) (“the Catalog,” original Chinese version available here).  It specifies network products that must be certified before they can be marketed in China. China’s Cybersecurity Law (see our … Continue Reading

Three Weeks On: What We Know about The Enforcement of China’s Cybersecurity Law – Part 3

Part 3 of this three-part entry discusses a separate, but equally important, legal development in China’s data protection environment. On May 8, 2017, the Supreme People’s Court and the Supreme People’s Procuratorate issued an interpretation of criminal law regarding infringement of citizens’ personal information (the “Interpretation”).  The Interpretation examines the provision in China’s Criminal Law, … Continue Reading

Three Weeks On: What We Know about The Enforcement of China’s Cybersecurity Law – Part 2

Part 1 of this post clarified which parts of China’s latest Cybersecurity Law (the “Law”) are currently ready to be enforced and which parts are awaiting clarification in the form of implementing regulations or standards. In this post, we will discuss latest landscape of implementing regulations and national standards that supplement the Law.   Implementing … Continue Reading

Three Weeks On: What We Know about The Enforcement of China’s Cybersecurity Law – Part 1

On June 1, 2017, China’s new Cybersecurity Law (the “Law”) finally went into effect. It is the first Chinese law that systematically lays out the regulatory requirements on data privacy and cybersecurity, subjecting to government scrutiny many activities in cyberspace that were previously unregulated or addressed in a sector-by-sector fashion. Three weeks after the Law … Continue Reading

New Proposed Standard Sheds Light on Cross-Border Security Assessment in China

On May 27, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment (Draft Version) (the “draft Standard”) for public comments.  The official Chinese version of … Continue Reading

China Releases Final Regulation on Cybersecurity Review of Network Products and Services

Today, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here).  The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law (“the … Continue Reading

China Seeks Public Comments on Draft Regulation on Cross-Border Data Transfer

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here).  The comment period ends on May 11, 2017. The issuance of the long-anticipated Draft Measures … Continue Reading

Cross-Border Data Transfer: A China Perspective

When China’s new Cybersecurity Law takes effect on June 1, 2017, China will become another important jurisdiction to watch in the international data transfer space. Before the new Cybersecurity  Law officially was promulgated on November 7, 2016, cross-border data transfer of data from China was largely unregulated by the government.  While many Chinese laws and … Continue Reading

“Cybersecurity Review” Takes Shape in China

When China’s Cybersecurity Law was enacted last November, one question (among many) that surfaced was how the government would implement the “national security review” that the law requires for certain network products and services.  The law, which takes effect this June, provides that any network products and services that might affect national security procured by … Continue Reading

China’s New Draft National Standards on Personal Information Protection

In our previous post, we discussed seven draft cybersecurity and data protection national standards released by China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), on December 21, 2016. “Information Security Technology – Personal Information Security Specification” … Continue Reading

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period … Continue Reading

China Issues Draft Regulations on Protecting Minors in Cyberspace

China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the … Continue Reading

China Releases Draft Implementing Regulations for Consumer Rights Protection Law

China’s State Administration of Industry and Commerce (“SAIC”) has released for public comment a draft regulation implementing recent amendments to a consumer protection law that would, among other things, supplement existing privacy obligations for businesses operating in China. The “Regulations on the Implementation of the Law on the Protection of the Rights and Interests of … Continue Reading

China Issues New Rules for Mobile Apps

The Cyberspace Administration of China (“CAC”) has issued new rules regulating apps for smartphone/mobile devices, the Rules on the Management of Mobile App Information Services (“App Rules,” available here, preceded by a Q&A section, all in Chinese), that will come into effect on August 1, 2016. The App Rules are aimed primarily at regulating the rapidly … Continue Reading

China Formulating Standards for Personal Information Security and Data Protection

This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and the Cyberspace Administration of China. In addition to the government agencies, several Chinese … Continue Reading

China Likely to Impose New Cybersecurity Regulations in 2016

As readers of this blog know, China has been increasingly active in proposing new cybersecurity and privacy regulations. In late 2015, China enacted a new counter-terrorism law.  In August 2015, it issued a draft network security law.  Also last summer, China issued new draft regulations on Internet advertising and clarified requirements for text marketing.  And, … Continue Reading

China Enacts New Counter-Terrorism Law

On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here, and an unofficial English translation here), which took effect on January 1, 2016.  The adoption of this law, a year after the first draft was released for public comment, … Continue Reading

Draft Regulations in China Preview Stricter Rules on Internet Advertising

On July 1, 2015, China’s State Administration for Industry and Commerce published a draft of the Interim Measures on Supervision of Internet Advertising (“Draft Internet Advertising Measures”; original Chinese here) for public comment. If adopted as drafted, the Draft Internet Advertising Measures would (1) require advertisements in email and instant messaging to contain conspicuous options … Continue Reading
LexBlog