China’s Cybersecurity Law (the “Cybersecurity Law”) took effect on June 1, 2017. The Cybersecurity Law consists of 79 articles in total. According to Article 2 thereof, the Cybersecurity Law would apply to the construction, operation, maintenance and use of cyberspace within the territory of China, as well as to the supervision and administration of cybersecurity within the territory of China. This blog post will discuss those provisions of the Cybersecurity Law that would be most relevant to the protection of personal information. Any company which collects, stores, or processes personal information within the territory of China may find it useful to get familiar with such provisions.
Continue Reading Cross-Border Transfer of Personal Information under China’s Cybersecurity Law

Recently, thirteen relevant Chinese government agencies (e.g. Cyberspace Administration of China, National Development and Reform Commission of China, China Securities Regulatory Commission, etc.) jointly released amended Cybersecurity Review Measures (the “New Measures”) to amend and supersede the prior version of such measures issued on April 13, 2020. The New Measures will become effective on February 15, 2022.
Continue Reading China Issued Amended Cybersecurity Review Measures

On August 20, 2021, the Standing Committee of the National People’s Congress adopted the Personal Information Protection Law of the People’s Republic of China (the “Personal Information Protection Law”).  The Personal Information Protection Law will become effective on November 1, 2021, and will then, together with  the Cybersecurity Law of the People’s Republic of China (the “Cybersecurity Law”) and the Data Security Law of the People’s Republic of China (which will become effective on September 1, 2021, the “Data Security Law”), form the foundation of the data security legal regime of China.
Continue Reading Highlights of China’s Recently Adopted Personal Information Protection Law