On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3.
Although not legally binding, the Standard has been highly influential since becoming effective in May 2018, as it set out the best practices expected by Chinese regulators (see our previous blogpost on the Standard here). The Standard has been widely used by companies to benchmark their compliance efforts in China.
The draft amendments reflect Chinese regulators’ evolved thinking on a number of important topics that are hotly debated around the world, such as enhanced notice and consent requirements and requirements for target advertising. The draft amendments would also introduce new requirements for third party access to data and revise notification requirements for data beaches, among other proposed changes.
Continue Reading China Releases Draft Amendments to the Personal Information Protection Standard