Two Chinese information security laws, the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”), are creating difficulties for parties involved in litigation in the United States seeking discovery materials stored in China.

Both the DSL and the PIPL require data processors to obtain approval from the Chinese government before transferring any data stored in China to a foreign court or law enforcement authority, or otherwise face significant penalties such as fines in the millions of dollars.

Litigants in the U.S. should be aware that the DSL and PIPL may impose significant costs and delays in the discovery process, and may be used to avoid turning over certain materials.Continue Reading Chinese data security laws increasingly create roadblocks for litigants seeking discovery in U.S. courts

On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further

The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public

After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet,

China’s National Information Security Standardization Technical Committee issued draft amendments (Amendments) to the standards that govern the protection of personal information, “Information Security Technology – Personal Information Security Specification” (Standards, effective May 1, 2018) on February 1, 2019. The Standards provide guidance on interpreting China’s Cybersecurity Law (CSL) and set out best practices for the

China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad

In July 2015, China released its new draft cybersecurity law (the ‘Law’), which will potentially have far-reaching consequences for network operators and companies doing business in China.

The Law regulates cross-border data transfers and gives individuals greater protection over their personal data, including granting them increased rights to access and amend their personal information. The Law also imposes a range of stringent new obligations, while awarding the government added powers to access and block dissemination of private information which would be deemed illegal under Chinese law.

Under the Law, the PRC government will be able to:

  • Restrict the transmission of information over the Internet to certain places where privacy incidents have occurred previously in order to protect national security
  • Introduce a new ‘localization law’ which will oblige certain entities to store any information deemed by the government as “important” or “critical” within China. If there is a legitimate business reason to store or otherwise transfer such data abroad, the transferring organisation will be required to complete a security evaluation which meets government requirements before any such data can be transferred. This obligation is intended to apply only to organisations in “key information infrastructure sectors,” but it is unclear exactly how this term will be interpreted.

Continue Reading New challenges created by China’s new draft cybersecurity law

In May, the Intermediate People’s Court of Nanjing City, Jiangsu Province, published its civil judgment ruling that the search engine Baidu’s use of cookies, used to personalise advertisements aimed at consumers when they enter onto certain third-party websites, does not infringe an individual’s right to privacy.

The case involved Internet user Ms. Zhu Ye, who

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015.

These Measures flesh out China’s Consumer Rights Protection Law (CRPL) which was amended in March 2014 and provides guidance as to