On 24 June 2022, the Secretariat of the National Information Security Standardisation Technical Committee (TC260) issued the Technical Specification for Certification of Cross-Border Transfers of Personal Information (the Certification Specification), eight weeks after it first issued the draft of the same name (the Draft). The relatively speedy finalisation of the Certification Specification is a reflection
Cyberspace Administration of China (CAC)
(Not So) Standard Contracts? Draft Standard Contracts Finally Released in China
More than nine months after the Personal Information Protection Law (PIPL) came into force in the PRC, the Cyberspace Administration of China (CAC) issued the long-awaited Draft Provisions on Standard Contracts for the Export of Personal Information (Draft Provisions) on 30 June 2022.
The Draft Provisions supplement Article 38(3) of the PIPL, which provides that…
Minor(s) Regulation, Major Consequences? Cyberspace Administration of China’s New Draft Regulations for Online Protection of Minors
New draft Regulations on the Online Protection of Minors (Draft Regulations) were released by the Cyberspace Administration of China (CAC) on 14 March 2022. They update the 2016 Draft Regulations of the same name which were released for public comment but never adopted.
The latest Draft Regulations have been issued pursuant to the PRC Law…
Pushing the Envelope? The CAC’s Draft Regulations on Push Notifications
On 2 March 2022, the Cyberspace Administration of China (“CAC”) issued draft regulations on the administration of internet pop-up push notifications (the “Draft Regulations”). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law.
The Draft Regulations bid to further tighten government control over the news followed a…
Dawning of a New Era: China’s Personal Information Protection Law
On 20 August 2021, China’s much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling…
Full Steam Ahead: Second Draft of China’s Personal Information Protection Law and Data Security Law
On 29 April 2021, the second drafts of China’s Personal Information Protection Law (Second Draft PIPL) and the Data Security Law (Second Draft DSL) were released. Once passed, the Second Draft PIPL will become China’s first comprehensive law that protects personal information, and the Second Draft DSL will further regulate data processing activities that could…
China Expands the Scope of the Data Localisation Requirement under its Cybersecurity Law
On 11 April 2017, the Cybersecurity Administration of China (CAC) released the draft Security Assessment Measures for Cross-Border Transfer of Personal Information and Important Data (“Draft Measures”). Draft measures and guidelines relating to the Cybersecurity Law (CSL) which was released in November last year, have been expected for a while. The hope has been that…
China Launches Internet App Store Registration Program
On 13 January 2017, the Cyberspace Administration of China (CAC) announced the commencement on 16 January 2017 of the Internet app store registration program in China. The registration requirement was imposed by the mobile apps regulation that became effective in August last year. Specifically, Article 5 of the Administrative Provisions on Information Services of Mobile…