🇨🇳 China
Informations
Extracts :
Extract :
"The PIPL does not explicity refers to the nationality of data subjects."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"The PIPL does not explicity refers to the nationality of data subjects."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"Article 20(1): The controlling entity shall notify the competent authority as soon as it becomes aware of a data security breach."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SAU
Extract :
"Article 4: Personal information is all kinds of information, recorded by electronic or other means, related to identified or identifiable natural persons, not including anonymised information."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extract :
No mention of the subject rignt related to Legal entities
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Personal information handler (data controller): There is no definition of data controller under the PIPL. However, personal information handler refers to organizations and individuals that, in personal information handling activities, autonomously decide handling purposes.
Personal information handler under the PIPL is similar to the concept of a 'data controller' in other privacy laws (such as the General Data Protection Regulation (EU) 2016/679) ('GDPR')). While the GDPR distinguishes between a data controller, who determines the means and purposes of processing personal data, and a personal information processor, who processes personal data on behalf of the controller, the PIPL does not formally define the concept of a personal information processor. Under the PIPL, when a personal information handler entrusts a third party (i.e., a personal information processor under the GDPR) to process personal information on behalf of the personal information handler, such third party will be referred to as the 'entrusted party' or the 'contracting party'."
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
The PIPL applies to any processing of personal information in China.
In addition, processing activities outside of China relating to personal information of individuals in China
if the purpose of the processing is to:
• offer goods or services to individuals in China; or
• monitor and evaluate the activities of individuals in China.
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"If the processing of personal information violates the requirements in the PIPL, personal information protection authorities may issue an order for rectification, issue warnings and confiscate any unlawful income. Those refusing to rectify shall be liable to a fine up to RMB 1,000,000. The person in-charge and other personnel who bear direct responsibility shall be liable to a fine between RMB 10,000 and RMB 100,000.
For cases of serious nature, personal information protection authorities may issue an order of rectification, confiscate any unlawful income, and impose a fine up to RMB 50,000,000 or 5% of annual turnover for the previous year. The personal information protection authorities may also issue an order of suspension of business or operation for rectification, notify authorities in-charge for cancellation of business permits or licenses. The person in-charge and other personnel who bear direct responsibility shall be liable to a fine between RMB 100,000 and RMB 1,000,000, and may be barred from serving as directors, supervisors, senior officers and personal information protection officers in corporations within a certain period of time. "
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Article 66: Where the circumstances of the unlawful acts mentioned in Paragraph 1 of Article of the PIPL are serious, the provincialor higher-level departments responsible for the protection of personal information shall impose a fine of not more than RMB 50 million (approx. €6.5 million) or not more than 5% of annual revenue […]"
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"Article 66: Where the circumstances of the unlawful acts mentioned in Paragraph 1 of Article of the PIPL are serious, the provincialor higher-level departments responsible for the protection of personal information shall impose a fine of not more than RMB 50 million (approx. €6.5 million) or not more than 5% of annual revenue […]"
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The penalties are a fixed-term imprisonment of not more than three years or criminal detention and concurrently or separately, sentenced to a fine. Where the violation is very serious, the person shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and concurrently sentenced to a fine. Where the violator is an entity, the entity shall be sentenced to the fine, while its directly responsible person shall be subject to imprisonment as mentioned before.
A range of factors, including the degree of harm caused by the crime, the amount of illegal gains derived from the crime, the criminal record of the defendant, and the defendant's attitude toward the admission of guilt and repentance, are to be considered when determining the amount of penalty. In general, the amount of penalty shall be equal to not less than one times but not more than five times the illegal gains (if any)."
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Article 50: Where a personal information handler rejects an individual's request to exercise their rights, the individual may file a lawsuit with a People's Court according to the law.
Article 70: Where personal information handlers handle personal information in violation of the provisions of the PIPL, infringing on the rights and benefits of many individuals, the People's Procuratorates, statutorily designated consumer organisations, and organisations designated by the CAC may file a lawsuit with a People's Court according to the law."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The penalties are a fixed-term imprisonment of not more than three years or criminal detention and concurrently or separately, sentenced to a fine. Where the violation is very serious, the person shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and concurrently sentenced to a fine. Where the violator is an entity, the entity shall be sentenced to the fine, while its directly responsible person shall be subject to imprisonment as mentioned before.
A range of factors, including the degree of harm caused by the crime, the amount of illegal gains derived from the crime, the criminal record of the defendant, and the defendant's attitude toward the admission of guilt and repentance, are to be considered when determining the amount of penalty. In general, the amount of penalty shall be equal to not less than one times but not more than five times the illegal gains (if any)."
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The GDPR and PIPL contain similar provisions regarding DPIAs and PIPIAs, respectively. In particular, both legislations outline requirements for when an assessment must be conducted and the content of such assessments."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"Article 51: Personal information handlers shall take the following measures to ensure that personal information handling activities comply with the provisions of laws and administrative regulations and to prevent unauthorised access, disclosure, tampering with, or loss of personal information, according to the purpose and manner of handling, the type of personal information, and the impact on individuals' rights and interests:
!"formulating internal management structures and operating rules;
!"implementing categorised management of personal information;
!"adopting corresponding technical security measures such as encryption, deidentification, etc.; ...."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"Article 57: Where a personal information leak, distortion, or loss occurs or might have occurred, personal information handlers shall immediately adopt remedial measures, and notify the departments responsible for the protection of personal information and the individuals."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"Article 57: Where a personal information leak, distortion, or loss occurs or might have occurred, personal information handlers shall immediately adopt remedial measures, and notify the departments responsible for the protection of personal information and the individuals."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
Essentially, there is no concept of a "data processor" and therefore such duties do not exist.
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Essentially, there is no concept of a "data processor" and therefore such duties do not exist.
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Essentially, there is no concept of a "data processor" and therefore such duties do not exist.
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Pursuant to the PIPL, the individual is entitled to object to personal information processing."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"Pursuant to the PIPL, the individuals may request the personal information handler to transfer their personal information to the designated personal information handler.
"
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.7. Right not to be subject to automated decision-making
Pursuant to the PIPL, data processors must ensure the transparency and the fairness of automated
decision-making. It is prohibited from placing discriminated treatment on the price and other transaction
conditions to the individuals. In the event that individuals consider the automated decision-making
to have significant impact on their interests, the individuals are entitled to request the personal information
handler to explain the reason and may reject the decision made only relied on automated
means. If the personal information handler adopts automated decision-making to conduct marketing
and messaging, the option not directed against personal features or the option of rejection of automated
decision making will also be provided."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
Prior to processing personal information, a personal information handler must provide notice to individuals
on how their personal information will be processed."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"8.2. Right to access
Pursuant to the PIPL, the individuals are entitled to make a request to the personal information handler
to access to their personal data lawfully"
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.3. Right to rectification
Pursuant to the PIPL, in cases of any error or incompleteness of the personal information, the individual
is entitled to make a request to the personal information handler for rectification."
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.4. Right to erasure
Pursuant to the PIPL, the individuals are entitled to request the personal information handler to delete their personal information on any of the following conditions"
2021
Reference :
China Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"In terms of transfers of personal information to third parties, the PIPL requires the consent of data subjects, provided that there is no non-consent basis for processing.
The PIPL provides three methods for personal information handlers to transfer personal information out of China:
passing a security assessment administered by the CAC;
undertaking a personal information protection certification conducted by recognized institutions in accordance with relevant regulations of the CAC; or
executing a standard contract for cross-border transfer provided by the CAC.
Security assessment
If the cross-border data transfer satisfies any of the following circumstances, personal information handlers shall, through the local cyberspace administration at the provincial level, apply for mandatory security assessment for such transfer:
transfer of important data outside of China;
transfer of personal information outside of China by a CII operator, or a personal information processor, processing more than one million individuals' personal information;
cumulative transfer of personal information of more than 100,000 individuals from 1 Jan of the preceding calendar year or cumulative transfer of 'sensitive' personal information of more than 10,000 individuals from 1 Jan of the preceding calendar year; or
other circumstances that require the security assessment of cross-border transfer provided by the CAC.
In terms of mandatory security assessment, the cyberspace administration at the provincial level must complete the formality review within five business days upon receipt of the application documents. If such documents satisfy the formality requirements, the cyberspace administration at the provincial level would submit such documents to the CAC. The CAC shall notify the applicant in writing whether it accepts the application within seven business days upon receipt of application documents. The CAC shall complete the security assessment within 45 business days after issuing the written notification of acceptance. In cases of complexity or supplementing/amending application documents, appropriate extensions are allowed. In general, most applications would not fall into the extension scenario. The estimated time for the completion of the security assessment by the CAC is approximately 57 business days. If the relevant personal information handlers object to the result of the security assessment, they may apply for re-assessment within 15 business days upon receipt of such result. The re-assessment would be final and binding.
For non-CII operators or personal information handlers that process personal information below the aforementioned threshold amount prescribed by the CAC, there are two other options for cross-border data transfers. One option is to obtain a personal information protection certification awarded by a recognized institution by the CAC. The other option, and the most likely to be used, is to execute a data transfer agreement with the recipient located outside of China, in compliance with a standard contract to be provided by the CAC.
For cross-border transfers of personal information, in addition to the above requirements, a personal information handler must also inform individuals of:
the identity and contact information of the data recipient(s);
the purpose(s) and method(s) of data processing;
the type(s) of personal information to be transferred; and
how individuals can exercise their rights under the PIPL with respect to the data recipient(s).
Personal information handlers must also obtain separate consent from individuals for the cross-border transfer of their personal information unless there is a legal basis for such transfer.
Additionally, cross-border transfers of personal information made for the purpose of providing international judicial and law enforcement assistance must first be approved by a competent Chinese authority."
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"In terms of transfers of personal information to third parties, the PIPL requires the consent of data subjects, provided that there is no non-consent basis for processing.
The PIPL provides three methods for personal information handlers to transfer personal information out of China:
passing a security assessment administered by the CAC;
undertaking a personal information protection certification conducted by recognized institutions in accordance with relevant regulations of the CAC; or
executing a standard contract for cross-border transfer provided by the CAC."
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"In terms of transfers of personal information to third parties, the PIPL requires the consent of data subjects, provided that there is no non-consent basis for processing.
The PIPL provides three methods for personal information handlers to transfer personal information out of China:
passing a security assessment administered by the CAC;
undertaking a personal information protection certification conducted by recognized institutions in accordance with relevant regulations of the CAC; or
executing a standard contract for cross-border transfer provided by the CAC.
Security assessment
If the cross-border data transfer satisfies any of the following circumstances, personal information handlers shall, through the local cyberspace administration at the provincial level, apply for mandatory security assessment for such transfer:
transfer of important data outside of China;
transfer of personal information outside of China by a CII operator, or a personal information processor, processing more than one million individuals' personal information;
cumulative transfer of personal information of more than 100,000 individuals from 1 Jan of the preceding calendar year or cumulative transfer of 'sensitive' personal information of more than 10,000 individuals from 1 Jan of the preceding calendar year; or
other circumstances that require the security assessment of cross-border transfer provided by the CAC.
In terms of mandatory security assessment, the cyberspace administration at the provincial level must complete the formality review within five business days upon receipt of the application documents. If such documents satisfy the formality requirements, the cyberspace administration at the provincial level would submit such documents to the CAC. The CAC shall notify the applicant in writing whether it accepts the application within seven business days upon receipt of application documents. The CAC shall complete the security assessment within 45 business days after issuing the written notification of acceptance. In cases of complexity or supplementing/amending application documents, appropriate extensions are allowed. In general, most applications would not fall into the extension scenario. The estimated time for the completion of the security assessment by the CAC is approximately 57 business days. If the relevant personal information handlers object to the result of the security assessment, they may apply for re-assessment within 15 business days upon receipt of such result. The re-assessment would be final and binding.
For non-CII operators or personal information handlers that process personal information below the aforementioned threshold amount prescribed by the CAC, there are two other options for cross-border data transfers. One option is to obtain a personal information protection certification awarded by a recognized institution by the CAC. The other option, and the most likely to be used, is to execute a data transfer agreement with the recipient located outside of China, in compliance with a standard contract to be provided by the CAC.
For cross-border transfers of personal information, in addition to the above requirements, a personal information handler must also inform individuals of:
the identity and contact information of the data recipient(s);
the purpose(s) and method(s) of data processing;
the type(s) of personal information to be transferred; and
how individuals can exercise their rights under the PIPL with respect to the data recipient(s).
Personal information handlers must also obtain separate consent from individuals for the cross-border transfer of their personal information unless there is a legal basis for such transfer.
Additionally, cross-border transfers of personal information made for the purpose of providing international judicial and law enforcement assistance must first be approved by a competent Chinese authority."
2023
Reference :
China Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The PIPL does not explicitly address consultation with authorities.
However, pursuant to Article 63(2) of the PIPL, departments responsible for the protection of personal information may inspect and copy all relevant materials relating to the handling of personal information (see section 6.2. below for further information)."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The PIPL provides for the appointment of a PIPO, similar to the DPO requirement under the GDPR."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The PIPL does not explicitly address PIPO qualifications."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The PIPL provides for the appointment of a PIPO, similar to the DPO requirement under the GDPR. Specifically, both laws outline the responsibilities of such individuals and requires that DPOs and PIPOs be reported to the relevant authority."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
"The PIPL does not explicitly address group appointments for PIPO."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Under the PIPL, yes. The personal information processor shall make public the contact information of the person charge of personal information protection and submit their name and contact information to the authorities."
Reference :
ICLG Website
Link to reference Extracts :
Extract :
"….the PIPL similar to the GDPR, provides exceptions to data breach notification requirements where the personal information handler is able to adopt measures that are able to effectively avoid harm created by information leak, distortion, or loss."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The PIPL does not explicitly address exemptions for record-keeping requirements."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - CHN
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Cyberspace Administration of China (CAC) | CAC | Regulator | Under the government authority | 2014 |
| State Administration for Market Regulation (SAMR) | Regulator | Ministry | 2018 | |
| Ministry of Industry and Information Technology (MIIT) | Regulator | Ministry | 2008 | |
| National Copyright Administration of China (NCAC) | Regulator | Under the government authority | 1985 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|---|---|---|---|---|---|---|---|
| Updates to CSL, DSL and PIPL | Resident Identity Law Card | General privacy/data protection law | 2004 | Active | 2004 | 2022 | Cross border transfer |