On September 9, 2025, China announced the landmark administrative penalty against Dior (Shanghai) over unlawful cross-border transfers of personal information, with the primary violation being the failure to satisfy the...more
This monthly report outlines key developments in China’s data protection sector for August. The following events merit special attention: CAC Summons NVIDIA Over Cybersecurity Concerns Related to H20 Chip: On July 31, CAC...more
The Guangzhou Internet Court (the “Court”) recently issued its first judgment involving the cross-border transfer of personal data under the Personal Information Protection Law (“PIPL”).1 An international hotel group was...more
The PRC National Technical Committee 260 on Cybersecurity of SAC (“TC260”) published new Guidelines on Identifying Sensitive Personal Information (“Guidelines”) on 18 September 2024, nearly three months after it released the...more
The Guangzhou Internet Court released the first ruling interpreting the requirements for cross-border transfer of personal information under the Personal Information Protection Law (PIPL). This case has significant...more
The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
Cross-border transfer of evidence in litigation or arbitration proceedings is no longer innocuous in today’s world, with countries frequently at odds with each other over data security regulations. This was unexpected a...more
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
China’s stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China’s Cybersecurity Law, and the passage of the Data Security Law...more
On June 29, 2023, the Cyberspace Administration of China ("CAC") and the Innovation, Technology and Industry Bureau of the Hong Kong Special Administrative Region ("Hong Kong") Government ("HKITIB") signed the Memorandum of...more
On 30 May 2023, the Cyberspace Administration of China (the “CAC”) published guidance for the use of the Standard Contractual Clauses applicable to international transfers of personal information from mainland China (the...more
In February 2023 Cyberspace Administration of China (the “Cyberspace Administration”) published rules on Standard Contractual Clauses for transfer of personal information to third countries pursuant to China’s Personal...more
On April 11, 2023, the Cyberspace Administration of China (CAC) issued draft Administrative Measures for Generative Artificial Intelligence Services (“Draft AI Measures”)....more
On February 24, the Cyberspace Administration of China (CAC) released the final version of the Standard Contract Clauses for Cross-Border Transfer of Personal Information (the SCCs) and the Measures for the SCCs (the...more
On February 24, 2023, the Cyberspace Administration of China ("CAC") issued the long-awaited Measures on the Standard Contract for Outbound Cross-Border Transfer of Personal Information ("Measures")....more
Article 38 of China’s Personal Information Protection Law (“PIPL”) enacted in 2021, which is more demanding than GDPR in Europe, provides three channels to conduct the outbound transfer or export of personal information...more
Introduction - Recent years have brought a dramatic increase in the number of countries that have comprehensive privacy and data security laws. As the world has become increasingly digital, privacy and data protection have...more
The Cybersecurity Administration of China (the "CAC") has published guidelines concerning outbound data transfers of personal information and "important data" from China to other jurisdictions. Businesses must comply with...more
China’s emerging statutes and regulations governing the processing, disclosure and transfer of data, under threat of severe penalties, pose significant risks for producing parties. Yet, as Chinese entities increasingly become...more
Under the PRC Cybersecurity Law, PRC Personal Information Protection Law and PRC Data Security Law, certain organisations (as well as individuals) are now required to conduct a security assessment of outbound transfers of...more
The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement. As of September 2022, all...more
As part of a new Asia-Pacific (APAC) Life Sciences and Health Care webinar program designed both for companies with commercial interests in APAC and for companies based in the region, Hogan Lovells is hosting a special...more
We are kicking off Cybersecurity Month early with a masterclass on China’s Personal Information Protection Law (“PIPL”). The PIPL was issued on August 20 and came into effect on November 1, 2021. A year later, PIPL remains...more