On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation on the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017. Aiming to add greater clarification to the Cybersecurity Law, which took effect on June 1, … Continue Reading
On June 9, 2017, the Cyberspace Administration of China (“CAC”), together with three other agencies, released a Catalog of Critical Network Equipment and Network Security Products (First Batch) (“the Catalog,” original Chinese version available here). It specifies network products that must be certified before they can be marketed in China. China’s Cybersecurity Law (see our … Continue Reading
Part 3 of this three-part entry discusses a separate, but equally important, legal development in China’s data protection environment. On May 8, 2017, the Supreme People’s Court and the Supreme People’s Procuratorate issued an interpretation of criminal law regarding infringement of citizens’ personal information (the “Interpretation”). The Interpretation examines the provision in China’s Criminal Law, … Continue Reading
Part 1 of this post clarified which parts of China’s latest Cybersecurity Law (the “Law”) are currently ready to be enforced and which parts are awaiting clarification in the form of implementing regulations or standards. In this post, we will discuss latest landscape of implementing regulations and national standards that supplement the Law. Implementing … Continue Reading
On June 1, 2017, China’s new Cybersecurity Law (the “Law”) finally went into effect. It is the first Chinese law that systematically lays out the regulatory requirements on data privacy and cybersecurity, subjecting to government scrutiny many activities in cyberspace that were previously unregulated or addressed in a sector-by-sector fashion. Three weeks after the Law … Continue Reading
On May 27, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment (Draft Version) (the “draft Standard”) for public comments. The official Chinese version of … Continue Reading
Today, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law (“the … Continue Reading
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here). The comment period ends on May 11, 2017. The issuance of the long-anticipated Draft Measures … Continue Reading
When China’s new Cybersecurity Law takes effect on June 1, 2017, China will become another important jurisdiction to watch in the international data transfer space. Before the new Cybersecurity Law officially was promulgated on November 7, 2016, cross-border data transfer of data from China was largely unregulated by the government. While many Chinese laws and … Continue Reading
When China’s Cybersecurity Law was enacted last November, one question (among many) that surfaced was how the government would implement the “national security review” that the law requires for certain network products and services. The law, which takes effect this June, provides that any network products and services that might affect national security procured by … Continue Reading
In our previous post, we discussed seven draft cybersecurity and data protection national standards released by China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), on December 21, 2016. “Information Security Technology – Personal Information Security Specification” … Continue Reading
With 2016 in the rear-view mirror, we have been reflecting on the many data privacy and cybersecurity legal developments of the past year, both in the U.S. and internationally, as well as focusing on trends to watch in the new year. With best wishes for a Happy New Year from all of us at InsidePrivacy, … Continue Reading
By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016. The public comment period … Continue Reading
China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the … Continue Reading
China’s State Administration of Industry and Commerce (“SAIC”) has released for public comment a draft regulation implementing recent amendments to a consumer protection law that would, among other things, supplement existing privacy obligations for businesses operating in China. The “Regulations on the Implementation of the Law on the Protection of the Rights and Interests of … Continue Reading
The Cyberspace Administration of China (“CAC”) has issued new rules regulating apps for smartphone/mobile devices, the Rules on the Management of Mobile App Information Services (“App Rules,” available here, preceded by a Q&A section, all in Chinese), that will come into effect on August 1, 2016. The App Rules are aimed primarily at regulating the rapidly … Continue Reading
This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and the Cyberspace Administration of China. In addition to the government agencies, several Chinese … Continue Reading
As readers of this blog know, China has been increasingly active in proposing new cybersecurity and privacy regulations. In late 2015, China enacted a new counter-terrorism law. In August 2015, it issued a draft network security law. Also last summer, China issued new draft regulations on Internet advertising and clarified requirements for text marketing. And, … Continue Reading
On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here, and an unofficial English translation here), which took effect on January 1, 2016. The adoption of this law, a year after the first draft was released for public comment, … Continue Reading
By Ashwin Kaja* and Yan Luo Close on the heels of a sweeping new National Security Law, the Standing Committee of the National People’s Congress released last month for public comment a very significant draft Network Security Law (“Draft Law”), also referred to as the draft Cybersecurity Law. Since it came into power in 2012, … Continue Reading
On July 1, 2015, China’s State Administration for Industry and Commerce published a draft of the Interim Measures on Supervision of Internet Advertising (“Draft Internet Advertising Measures”; original Chinese here) for public comment. If adopted as drafted, the Draft Internet Advertising Measures would (1) require advertisements in email and instant messaging to contain conspicuous options … Continue Reading
New clarifying provisions in China regulating how marketing can be done via short message service (“SMS”) will come into effect on June 30, 2015.… Continue Reading
China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry … Continue Reading
New consumer protection provisions that clarify how companies may collect, use, and protect personal information of consumers will come into effect in China on March 15, 2015. On January 5, 2015, China’s State Administration of Industry and Commerce (“SAIC”) issued measures to implement China’s Consumer Rights Protection Law (“CRPL”), which was amended effective March 2014 … Continue Reading
