On December 29, 2017, the Standardization Administration of China, jointly with the PRC General Administration of Quality Supervision, Inspection and Quarantine, issued the Information Security Technology – Personal Information Security Specification, which officially came into effect on May 1, 2018. The Specification has, in very practical terms, become an important point of reference in evaluating the complex overlay of data protection compliance requirements found in the Cyber Security Law, the Law on the Protection of Consumer Rights and Interests, the e-Commerce Law and other enactments and measures.
On 19 May 2017, the Cyberspace Administration of China released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures. The draft emerged just over a week after public comments closed on the first draft of the measures. the Second Draft Export Review Measures do, to an extent, relax some of the more stringent requirements stated in the First Draft Export Review Measures and originally due to become law on 1 June, 2017 when China’s Cyber Security Law takes effect. However, the revised draft measures as set out in the Second Draft Export Review Measures still leave a significant compliance challenge for multi-national businesses operating in China . We explore the Second Draft Export Review Measures below.
A new law in China taking affect in March of this year will provide businesses with a clearer understanding of what types of information are protected as consumer personal information in China. This new definition will clarify companies’ obligations with respect to the use and processing of that information under other Chinese laws and regulations. A failure by businesses to recognise these new requirements can lead to onerous penalties including fines.
China’s Supreme People’s Court on November 21, 2013 issued a new regulation “Provisions on the Online Issuance of Judgment Documents by People’s Courts,” effective since January 1, 2014, requiring that all court judgements in China be published online in a searchable public database specially set up for that purpose.
On October 25, 2013, the Standing Committee of China’s National People’s Congress passed an amendment (“Amendment”) to the 1993 Law of Protection of Consumer Rights and Interests, which addresses longstanding issues related to e-commerce fraud and illegal disclosures of consumers’ personal information. The Amendment, which takes effect on March 15, 2014, reforms China’s 20-year-old consumer protection law by providing more robust protections to consumers, including provisions that restrict the collection, use, and disclosure of consumers’ personal information and require consent to send commercial communications.
On September 1, China’s Provisions on the Protection of the Personal Information of Telecommunications and Internet Users will come into force, affecting a wide range of consumer-facing websites, including corporate sites, product information sites, and social media pages. This post examines some of the requirements of the Provisions, and provides a link to a comprehensive Hogan Lovells Corporate Alert describing recent privacy-related legislative developments in China.