Network Operators
Subscribe to Network Operators's Posts

The GDPR’s Effects in China: Comparison with Local Rules and Considerations for Implementation

As Europe’s General Data Protection Regulation (GDPR) takes effect, companies around the world are racing to implement compliance measures. In parallel with the GDPR’s development, China’s new data protection framework has emerged over the past year and is in the final stages of implementing the remaining details. With similar and often overlapping obligations, full compliance with the GDPR and China’s data protection framework presents a significant new challenge for companies with operations in China. Does the GDPR Apply to Companies in China? The GDPR applies to the processing of personal data of people who are in the European Union, even for a controller or processor in China, where the processing of the data is related to: The offering of goods or services to the data subjects in the European Union, regardless of whether a payment is required; or The monitoring of people’s behavior in the European Union. As a result, even if a Chinese company does not...

Continue Reading

Transferring Data from China: Who Must First Pass a Pre-Export Security Assessment?

China’s new data protection framework clearly creates a requirement for local storage and conducting a security assessment before personal information or important data is shared with other jurisdictions, but it is currently much less clear what types of entities fall under this requirement. Localization and Transfer Assessment Requirements Related to CII Operators Under the People’s Republic of China Network Security Law, also known as the Cybersecurity Law, personal information and important data collected and generated in the operation of critical information infrastructure operators (CII operators) is required to be stored in China and, before providing that information abroad, a security assessment is required to be passed. This new requirement caused a significant amount of concern for entities that fall within the category of CII operators because of the need to potentially restructure their data systems, but there was also a general appearance of...

Continue Reading

China Data Protection Enforcement Update – A Focus on Platform Content

Following the first enforcement actions by local authorities in Shantou and Chongqing for violations of the new Network Security Law that came into effect this year, authorities in China have recently shown a clear initial focus with several new cases targeting provisions of the law that require monitoring of platform content. As of the start of October 2017, enforcement actions by authorities in China have targeted platform content violations in nearly 70 percent of all actions under the new provisions of the data protection rules.   A smaller but notable percentage of the actions have also targeted violations related to security failures under the “graded protection system monitoring” requirements, which include issues such as failing to resolve security vulnerabilities, not saving users’ login information, or connecting to known problematic websites. Other enforcement actions related to this field have targeted types of crimes that existed before the...

Continue Reading

China’s Network Security Law Comes into Effect: What It Means for Your Company

Today, China’s much anticipated Network Security Law comes into effect after two years of review, revisions over three drafts and a public commenting process. The law is a historical development for China’s legislative coverage of information security and data protections. It also represents one of the strictest approaches in any jurisdiction worldwide, and a continuation of a broader effort at demonstrating the government’s cyber-sovereignty goals through control and regulation of data and the internet. Overview of the Network Security Law Commonly referred to as the “Cybersecurity Law,” the new piece of legislation has a broad scope and covers a range of issues related to data privacy, security and cross-border transfers, including: Increasing security measures and strengthening data security through a variety of specific obligations Ensuring consent for collection of personal information through the principles of legality, proper justification and...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES