Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Sherry Gong

Posts by Sherry Gong
Posted in International/EU Privacy

China’s First Data Protection Measures Lifting Its Veils

On May 28, 2019, the Cyberspace Administration of China released the draft Measures on the Administration of Data Security for public consultation. This Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces of legislations and standards, such as the Cyber Security Law, the E-Commerce Law, the Consumer Rights Protection Law as well as the Personal Information Security Specification, the most comprehensive yet non-binding national standard with respect to data protection. The Data Security Measures, once officially promulgated, will be the first binding administrative regulation in China to specifically and systematically set out explicit protection for personal data and important data collected and processed through the use of cyber technologies, following the effectiveness of the Cyber Security Law in 2017.

Posted in International/EU Privacy

Busting the Myth: Compliance with the ‘Gold Standard’ of the GDPR Does Not Buy You a ‘Free Pass’ Under China’s New Personal Information Guidelines

On December 29, 2017, the Standardization Administration of China, jointly with the PRC General Administration of Quality Supervision, Inspection and Quarantine, issued the Information Security Technology – Personal Information Security Specification, which officially came into effect on May 1, 2018. The Specification has, in very practical terms, become an important point of reference in evaluating the complex overlay of data protection compliance requirements found in the Cyber Security Law, the Law on the Protection of Consumer Rights and Interests, the e-Commerce Law and other enactments and measures.

Posted in International/EU Privacy

Chinese Appellate Court Provides Guidance for Lawful Use of Cookies

On 6 May 2015, the Intermediate People’s Court of Nanjing City, Jiangsu Province, issued a civil judgment ruling that the search engine giant Baidu’s use of cookies to personalize advertisements directed at consumers on partner third party websites does not infringe consumer rights of privacy. The court based its decision on findings that the information collected by the Baidu cookies did not amount to “personal information” under Chinese law, the complainant did not suffer cognizable injury by receiving targeted ads on other sites, and Baidu afforded consumers mechanisms to opt-out.

Although not binding on other courts, this judgment has significant implications. It provides insight into how other courts in China are likely to handle similar challenges to the use of cookies in the future, and its detailed analysis of Baidu’s cookie policy sheds light on what policies and practices companies in China would be prudent to adopt in order to best balance industry and consumer interests in compliance with the law.

Posted in Consumer Privacy

China Clarifies Requirements for Companies Regarding Consumers’ Personal Information

A new law in China taking affect in March of this year will provide businesses with a clearer understanding of what types of information are protected as consumer personal information in China. This new definition will clarify companies’ obligations with respect to the use and processing of that information under other Chinese laws and regulations. A failure by businesses to recognise these new requirements can lead to onerous penalties including fines.