This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and the Cyberspace Administration of China. In addition to the government agencies, several Chinese research institutions and Internet companies (including Tencent and Alibaba) will also participate in the working group.

According to one report, an NISSTC official explained that the PIS Standard would be a non-binding guideline serving as a bottom line for the data privacy and security practices of companies, including internet companies, operating in China. The official said that the PIS Standard would limit the kinds of information companies are permitted to collect, and that certain data protection-related conditions would be imposed on providers of information services and the design of relevant software. This official indicated that the PIS Standard would cover both data privacy and security; another official, according to a NISSTC press release, stated the hope that it would serve as the foundational standard for personal information protection practices in China. It is not currently clear whether the greater emphasis would be on data security or on privacy.

Although the contemplated PIS Standard would not be legally binding, its content may influence the future trajectory of data privacy and security-related legislation amid calls for a more comprehensive legal regime governing the protection of personal information. Further, as Chinese regulators generally wield significant discretion in the interpretation and application of often vaguely worded laws and regulations, such a standard could serve as a barometer for assessing legal compliance.

Steven Zhu of Covington & Burling LLP assisted with the research and preparation of this article.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashwin Kaja Ashwin Kaja

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices…

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices and, outside of Covington, serves as the General Counsel of the American Chamber of Commerce in China.

Ashwin helps clients solve acute problems that arise in the course of doing business in China and position themselves for longer-term success in the country’s rapidly evolving legal and policy environment. He is an expert on Chinese industrial policy and has worked on matters related to a wide range of sectors including technology, financial services, life sciences, and the social sector. Ashwin has also counseled a range of clients on data privacy and cybersecurity-related matters.

As the General Counsel of the American Chamber of Commerce in China (AmCham China), Ashwin serves as a senior officer of the organization and as an ex officio member of its Board of Governors, supporting nearly one thousand member companies in developing their businesses in China and advocating for their needs with China’s central and local governments.