FUTURE PRIVACY COMPLIANCE SERVICES FOR UPCOMING DATA LEGISLATION
CHINA
​
China has been addressing data privacy and security they are raising critical questions for businesses operating inside and outside of China, some of the main laws in force are:
THE PERSONAL INFORMATION PROTECTION LAW (PIPL)
The PIPL (effective from November 1, 2021) is similar to the EU’s General Data Protection Regulation (GDPR) in that it gives Chinese consumers the right to access, correct and delete their personal data gathered by businesses. It also impacts offshore data processors that deliver goods and services or analyse individuals in China. The law includes stringent penalties.
​
Under the PIPL and recent administrative rules introduced since June 2022, personal information can only be transferred outside of China once certain requisite steps are completed and regulatory approval obtained, including:
​
(i) clearing a security assessment approved by Cyberspace Administration of China (CAC);
(ii) obtaining a personal information protection certification from a professional institution designated by the CAC, or
(iii) entering into a standard format data transfer agreement with the overseas recipient of such data.
​
The overall process for facilitating the transfer of personal information out of China is complex and there is a lack of clear guidance provided under the existing rules.
DATA SECURITY LAW (DSL)
​
The DSL was effective from 1 September 2021 it requires that business data be classified according to its relevance to national security and the public interest. Organisations looking to transfer “important” data outside of China must perform an internal security review before applying for a security assessment and approval from the Cyberspace Administration of China (CAC) and other relevant authorities.
​
Organisations that mishandle data under the DSL face severe penalties.
CYBERSECURITY LAW (CSL)
​
On 1 June 2017, the CSL came into effect this was the first national-level law to address cybersecurity and data privacy protection. The CSL regulates the construction, operation, maintenance and use of network-by-network operators within the territory of China. On 14 September 2022, the Cyberspace Administration of China (“CAC”) released the draft decision on amending the Cybersecurity Law for public consultation. If the CAC adopts the decision, it will become the first time that the Cybersecurity Law (“CSL”) has been amended since its enactment in 2016.