Tag Archives: China

National Cybersecurity Awareness Month Q&A with Yan Luo

Yan Luo advises clients on a broad array of regulatory matters in connection with cybersecurity and data protection rules in China. With previous work experience in Washington, DC and Brussels before relocating to Beijing, Yan has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on … Continue Reading

China Revises Proposals on Regulation of Commercial Encryption

In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be … Continue Reading

Chinese Agencies Announce Plan to Audit Privacy Policies of Ten Popular Online Services

On July 26, four Chinese agencies, the Cyberspace Administration of China (“CAC”), the Ministry of Industry and Information Technology (“MIIT”), the Ministry of Public Security (“MoPS”), and the National Standards Committee, announced their plan to begin the government’s campaign to improve the protection of personal information, according to Xinhua News Agency (link is in Chinese).  … Continue Reading

China Releases Final Regulation on Cybersecurity Review of Network Products and Services

Today, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here).  The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law (“the … Continue Reading

China Seeks Public Comments on Draft Regulation on Cross-Border Data Transfer

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here).  The comment period ends on May 11, 2017. The issuance of the long-anticipated Draft Measures … Continue Reading

Cross-Border Data Transfer: A China Perspective

When China’s new Cybersecurity Law takes effect on June 1, 2017, China will become another important jurisdiction to watch in the international data transfer space. Before the new Cybersecurity  Law officially was promulgated on November 7, 2016, cross-border data transfer of data from China was largely unregulated by the government.  While many Chinese laws and … Continue Reading

China’s New Draft National Standards on Personal Information Protection

In our previous post, we discussed seven draft cybersecurity and data protection national standards released by China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), on December 21, 2016. “Information Security Technology – Personal Information Security Specification” … Continue Reading

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period … Continue Reading

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach.  … Continue Reading

Fraud Investigators Imprisoned for Illegally Collecting Personal Data in China

By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information.  Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu … Continue Reading

British Fraud Investigator Admits on Chinese State TV to Illegally Purchasing and Selling Personal Information

By Eric Carlson & Scott Livingston On August 27, 2013, state-run China Central Television broadcast a taped confession of detained British fraud investigator Peter Humphrey confessing to having used “illegal means” to obtain the personal information of Chinese citizens.  This highly unusual broadcast of a confession made by a foreigner in China, along with other … Continue Reading

China Issues Comprehensive Regulation on Collection and Use of Personal Information by Websites and Telecommunication Service Providers

On July 16, 2013, China’s Ministry of Industry and Information Technology (“MIIT”) promulgated the Provisions on Protecting the Personal Information of Telecommunication and Internet Users (“Internet Provisions”).  The Internet Provisions, which take effect September 1, 2013, provide specific implementation rules for telecommunication and internet information service provider’s (“TSPs” and “IISPs,” respectively) collection and use of … Continue Reading

China Regulates Smart Device Manufacturers’ Use of Pre-installed Apps

China’s Ministry of Internet and Information Technology (“MIIT”) has promulgated a new regulation targeting manufacturers of mobile smart devices (such as smart phones) that prohibits them from preinstalling certain apps that raise privacy, security, or prohibited content concerns.  Entitled “Notice Regarding Strengthening the Management of Network Access for Mobile Smart Terminals,” the new regulation forbids … Continue Reading

China Releases Draft Regulation for Online Collection and Use of Personal Information

On April 10, 2013, China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), issued a draft regulation for public comment entitled Provisions on Protecting the Personal Information of Telecommunication and Internet Users  (“Draft Provisions”).  The Draft Provisions would impose additional requirements when telecommunication service providers (“TSPs”) and internet information service providers (“IISPs”) collect … Continue Reading

Report Links Cyberattacks on U.S. Companies to Chinese Military

On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006. Mandiant claims the activity—carried out by a group called the … Continue Reading

China Releases National Standard for Personal Information Collected Over Information Systems; Industry Self-Regulatory Organization Established

China’s Standardization Administration recently released a long-awaited national standard related to personal information.  Entitled Information Security Technology — Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems (信息安全技术公共及商用服务信息系统个人信息保护指南) (“Guidelines”), the new standard will take effect February 1, 2013.  The Guidelines are voluntary and lack the force of law.  They nevertheless clarify key … Continue Reading

Dun & Bradstreet Reportedly Fined RMB $1 Million for Illegally Obtaining Personal Information in China; Four Employees Imprisoned

A recent decision by a Shanghai court sheds new light onto a vague provision of the PRC Criminal Law and highlights the challenges faced by foreign companies overseeing local operations in China. On September 28, 2012, Dun & Bradstreet’s local operating subsidiary Shanghai Roadway D&B Marketing Services Co., Ltd. (“Roadway”) was charged by the Shanghai … Continue Reading

China’s New Data Privacy Legislation Targets “Personal Electronic Information” And Implements Real Name Registration for Certain Websites

On December 28, 2012, China’s national legislature enacted a new law to further regulate the collection and use of online personal information and to require certain network service providers to implement real name registration for all users.  As described below, the new law may affect all businesses handling an individual’s “personal electronic information” in China, … Continue Reading

Data Privacy Regulation for Websites in China Takes Effect, National Standards for Commercial Industries Forthcoming

On March 15, 2012, new provisions governing the online collection, use, and storage of personal information went into effect in China.  Promulgated by China’s Ministry of Industry and Information Technology (“MIIT”), the Several Provisions on Regulating the Market Order of Internet Information Services (“Provisions”) govern the competition-related activities of Internet Information Services Providers (“IISP”) in … Continue Reading

China’s Local Data Privacy Regulations Foreshadow National Efforts in 2012

As China’s central regulators finalize several national laws with data privacy components, provincial and municipal authorities are filling in the current legislative gap by passing local regulations governing the collection of personal information. Currently at the national level, sector-specific laws target various aspects of personal information collection but no single comprehensive law exists to govern … Continue Reading

Release of China’s First Personal Information Protection Standards Imminent

China’s Internet regulator, the Ministry of Information and Industry Technology, or MIIT,  is close to releasing the final version of China’s first national standards for personal information protection.  Drafted with the assistance of two other government departments, the release of  “Information Security Technology – Guidelines for Personal Information Protection” (信息安全技术个人信息保护指南) represents China’s first foray into … Continue Reading
LexBlog