As the digital economy continues to thrive and remote work becomes increasingly mainstream, an “offshore model” of business operation has emerged. Under this model, companies may provide services to users in a given...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
Article 38 of China’s Personal Information Protection Law (“PIPL”) enacted in 2021, which is more demanding than GDPR in Europe, provides three channels to conduct the outbound transfer or export of personal information...more
Editor’s Note: On January 18, 2023, HaystackID shared an educational webcast on China’s emerging statutes and regulations governing the processing, disclosure, and transfer of data. As Chinese entities increasingly become...more
As part of a new Asia-Pacific (APAC) Life Sciences and Health Care webinar program designed both for companies with commercial interests in APAC and for companies based in the region, Hogan Lovells is hosting a special...more
China’s CAC publishes guidance on cross-border data transfers, including draft standard contractual clauses and regulatory guidance on certification and security assessment. Key Points: ..Security Assessment:...more
In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review...more
While everyone hoped that 2021 would be less tumultuous than 2020, it certainly did not turn out that way in the end. The same was true in the world of data privacy – with sweeping new data protection regulations and guidance...more
As drafted the new measures specify security assessment and contract requirements but leave ample room for Chinese authorities to heavily restrict cross-border data transfers. At the end of October, China’s top privacy...more
On November 1, 2021, the new Chinese Personal Information Protection Law (PIPL) will come into effect. This law is modeled after the well-known European General Data Protection Regulation (GDPR). Like the GDPR, the PIPL will...more
Keypoint: China’s Personal Information Protection Law is a complicated regulatory regime that will require U.S. entities subject to its requirements to undertake substantial compliance efforts. Effective November 1, 2021,...more
On August 20, 2021, the People’s Republic of China (PRC) passed a sweeping data protection law, the Personal Information Protection Law (PIPL), set to take effect on November 1, 2021. Although the PIPL appears to borrow...more
The Personal Information Protection Law, or PIPL, imposes stringent obligations of a similar standard to the GDPR and will take effect on November 1, 2021. Key Points: ..Extraterritorial effect: PIPL applies to those who...more