The Secretariat of the National Information Security Standardisation Technical Committee (TC260) released a draft revision of the Technical Specification for Certification of Cross-Border Transfers of Personal Information (Certification Specification V2.0) on 8 November 2022, nearly five months after it issued the finalised specification of the same name (Certification Specification V1.0) (see our previous Legal Update
Gabriela Kennedy is a partner of Mayer Brown and head of the Asia IP and TMT group. She is also co-leader of Mayer Brown’s global Intellectual Property practice and a member of the firm’s global Cybersecurity & Data Privacy and Technology & IP Transactions practices. She is based in Hong Kong, practising intellectual property, media, information technology and telecommunications law. She handles the full spectrum of intellectual property work from litigation to licensing, strategic advice and portfolio management. Gabriela advises extensively on technology and data protection issues in Hong Kong and throughout Asia, particularly in relation to business processing outsourcing, the cross-border transfer of data, data compliance, data breaches and cybersecurity issues. She has handled a number of data breach complaints filed with the Privacy Commissioner in Hong Kong and has conducted in-depth data audits and drafted/devised privacy manuals and procedures for the Asia operations of a number of multi-national companies. On the information technology side, Gabriela's particular expertise includes advising on complex IT transactions and projects, IT outsourcing, cloud-computing, mobile payments, smart card projects, the regulation of encryption technology, software licensing, and disputes stemming from failed IT projects. She has been involved with a number of international organisations in discussions involving standard setting for the cross-border transfer of data and the formulation of strategies to deal with cyber-security.
New Draft Rules for Human Genetic Resources Management Issued by China
New ‘Draft Rules for the Regulations on the Management of Human Genetic Resources’ (Draft Rules) were issued by the Ministry of Science and Technology of the PRC (MOST) on 14 March 2022.
Issued pursuant to the Biosecurity Law and the Data Security Law, the Draft Rules are a response from the government to the growing…
Specification for Certification of Cross-border Transfers of Personal Information Released by China – Key Provisions and Takeaways
On 24 June 2022, the Secretariat of the National Information Security Standardisation Technical Committee (TC260) issued the Technical Specification for Certification of Cross-Border Transfers of Personal Information (the Certification Specification), eight weeks after it first issued the draft of the same name (the Draft). The relatively speedy finalisation of the Certification Specification is a reflection…
(Not So) Standard Contracts? Draft Standard Contracts Finally Released in China
More than nine months after the Personal Information Protection Law (PIPL) came into force in the PRC, the Cyberspace Administration of China (CAC) issued the long-awaited Draft Provisions on Standard Contracts for the Export of Personal Information (Draft Provisions) on 30 June 2022.
The Draft Provisions supplement Article 38(3) of the PIPL, which provides that…
Hong Kong’s 2022 Guidance on Cross-border Data Transfers – Implications for Data Users and Processors
On 12 May 2022, the Hong Kong Privacy Commissioner for Personal Data (PCPD) issued a Guidance Note on the Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data (2022 Guidance).
The 2022 Guidance is split into three “parts”:
- Part 1 is an introduction of the 2022 Guidance and the rationale underpinning it;
- Part 2
Minor(s) Regulation, Major Consequences? Cyberspace Administration of China’s New Draft Regulations for Online Protection of Minors
New draft Regulations on the Online Protection of Minors (Draft Regulations) were released by the Cyberspace Administration of China (CAC) on 14 March 2022. They update the 2016 Draft Regulations of the same name which were released for public comment but never adopted.
The latest Draft Regulations have been issued pursuant to the PRC Law…
Pushing the Envelope? The CAC’s Draft Regulations on Push Notifications
On 2 March 2022, the Cyberspace Administration of China (“CAC”) issued draft regulations on the administration of internet pop-up push notifications (the “Draft Regulations”). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law.
The Draft Regulations bid to further tighten government control over the news followed a…
Cyber Spotlight: Cybersecurity Developments in Europe, the UK and China
In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:
- The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination
Dawning of a New Era: China’s Personal Information Protection Law
On 20 August 2021, China’s much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling…
Full Steam Ahead: Second Draft of China’s Personal Information Protection Law and Data Security Law
On 29 April 2021, the second drafts of China’s Personal Information Protection Law (Second Draft PIPL) and the Data Security Law (Second Draft DSL) were released. Once passed, the Second Draft PIPL will become China’s first comprehensive law that protects personal information, and the Second Draft DSL will further regulate data processing activities that could…