On March 22, 2024, following nearly six months after the publication of the Provisions on Promoting and Regulating Cross-border Data Flows (Draft for Solicitation of Comments), the Cyberspace Administration of China (“CAC”)...more
Under China’s data protection regulatory framework, data processors are required to pass a security assessment conducted by the cybersecurity regulator before transferring certain categories or volumes of data out of China....more
The regulatory landscape in China around data protection and flows continues to develop. Since the 2017 Cybersecurity Law, China has been refining the legal and regulatory framework for data protection—it has implemented new...more
On October 29, 2021, the Cyberspace Administration of China ("CAC") published the "Draft Measures on Security Assessment of Cross-Border Data Transfer" ("Draft Measures") for public comment, which outlines the requirements...more
On April 29, 2021, the national legislator in China released the second draft of the Personal Information Protection Law (“PIPL”) to collect public comments until May 28, 2021. The updated draft substantially follows the...more
All enterprises in China may soon be subject to a new rule governing how they export personal information and important data. Under the draft rules, companies that export data will have to undergo regular self-assessments of...more