On 18 July 2025, China’s Cyberspace Administration (CAC) officially launched its online portal (Portal) for registration of China Data Protection Officers (China DPO). This operationalizes the requirements under Article 52 of...more
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
The Cyberspace Administration of China (“CAC”) on August 3, 2023 published the draft Administrative Measures for Personal Information Protection Compliance Audits (“draft Measures”) for public comment through September 2,...more
As part of our Spotlight series, we welcome Todd Liao, a partner in our Shanghai office who works with clients on a wide range of complex commercial and financial transactions and legal issues involving China. Todd is a...more
As the data protection regime in China continues to evolve, so do the individual privacy rights of employees. A Beijing appellate court recently rejected an employer’s ability to use—without the employee’s informed...more
On February 24, 2023, the Cyberspace Administration of China ("CAC") issued the long-awaited Measures on the Standard Contract for Outbound Cross-Border Transfer of Personal Information ("Measures")....more
The Cybersecurity Administration of China (the "CAC") has published guidelines concerning outbound data transfers of personal information and "important data" from China to other jurisdictions. Businesses must comply with...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
The Chinese regulatory authorities have published several new regulations and proposals in the past two months seeking to clarify the requirements of the Chinese Personal Information Protection Law (the PIPL) that came into...more
In our second installment of what privacy professionals should know before they start the summer, we provide you with highlights from the draft regulations from the California Privacy Protection Agency (“CPPA”) and...more
Multinational companies often encounter questions regarding if and when they can transfer personal information across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new...more
The Personal Information Protection Law (PIPL), which is considered the first comprehensive law on personal information protection in People’s Republic of China (PRC or China), came into effect on 1 November 2021. Prior to...more
Two new Chinese laws dealing with data security and privacy came into force in the fall of 2021 that are likely to have an impact on many multinational companies operating in China or whose operations touch China. These two...more
China has recently joined the list of countries that have adopted the world’s strictest data-privacy laws. Given China’s desirability as both a market for and a source of data, companies worldwide have started making early...more
China’s long-waited Personal Information Protection Law (“PIPL”) was finally enacted on August 20, 2021, and will take effect on November 1, 2021. PIPL, which supplements the existing privacy rules established by the...more
China recently has passed its Personal Information Protection Law. The law will take effect on 1 November 2021....more
On August 20, 2021, the People’s Republic of China (PRC) passed a sweeping data protection law, the Personal Information Protection Law (PIPL), set to take effect on November 1, 2021. Although the PIPL appears to borrow...more