![]() ![]() However, there are some reporting requirements under the PIPL that may be applicable to certain organisations’ data processing activities in the PRC. There is currently no general notification or registration obligation triggered by the collection of personal data. Notification or registration scheme and timing In practice, these authorities typically include the MIIT, the MPS, the SAMR and their respective local branches. In addition, there are also competent authorities in some industries monitoring the enforcement of the Personal Data Protection Regulations in their respective areas. However, the CAC is responsible for the overall planning and co-ordination of personal data protection work and related supervision and administration, so is generally regarded as the leading data protection authority. There is no independent data protection authority. _ Topĭetails of the competent national supervisory authority The Personal Data Protection Regulations have varying dates on which they entered into force. The DSL came into force on 1 September 2021. The Personal Data Protection Guidelines came into effect on 1 October 2020. The PIPL came into force on 1 November 2021. References to China or the PRC in this summary are references to the People’s Republic of China excluding Taiwan and the Hong Kong and Macau Special Administrative Regions. ![]() Following release of the App Rectification Announcement, various implementing rules have been issued and apps generally remain under scrutiny by the relevant Chinese authorities. Although the Personal Data Protection Guidelines do not have force of law, they are considered by market participants to set out the best practice that is likely to be expected by Chinese regulators.įinally, in January 2019, the Ministry of Industry and Information Technology (the “ MIIT”), the Cyberspace Administration of China (the “ CAC”), the Ministry of Public Security (the “ MPS”) and the State Administration of Market Supervision (the “ SAMR”) jointly announced a rectification programme targeting the misuse of personal data by operators of mobile internet applications in China (the “ App Rectification Announcement”). There are also national and local guidelines on protection of personal data, such as the guidelines on protection of personal data jointly issued by the General Administration of Quality Supervision, Inspection and Quarantine and the State Standardisation Administration (the “ TC260”) in 2017 and amended in 2020 (the “ Personal Data Protection Guidelines”). In addition, there are principles and rules relating to data protection that can be found in other laws, regulations and local provisions, including: (i) general principles and provisions relating to privacy in the Chinese Constitution, the Civil Code, the Tort Liability Law and the Criminal Law (ii) sector-specific provisions, such as laws and regulations relating to the credit reference, internet, financial, telecommunications, automotive, e-commerce and consumer protection sectors (iii) legislation in connection with personal data protection at the local level, such as the Shenzhen Special Economic Zone Data Regulations and the Shanghai Municipal Data Regulations and (iv) various implementing rules under the CSL, DSL and PIPL (together, the “ Personal Data Protection Regulations”). The majority of important data and core data is non-personal data. While the DSL applies to data generally, it focuses on protection of “important data” and “core data” that are relevant to the PRC’s national security, national economy, and public interest. The PRC Data Security Law (the “ DSL”) regulates data processing activities, particularly seeking to enhance the security of data and facilitates the development and utilisation of data. Most of these provisions are repeated in or supplemented by PIPL. ![]() Despite its focus on cybersecurity, the CSL also contains general provisions relating to personal data protection. The PRC Cybersecurity Law (the “ CSL”) regulates cybersecurity in China. Other sector-specific laws and regulations relating to data protection This summary mainly focuses on requirements under the PIPL, rather than other sector-specific laws and regulations. The Personal Information Protection Law of the People’s Republic of China (the “ PIPL”) is the primary personal data protection legislation in the People’s Republic of China (the “ PRC” or “ China”). Transfer of Personal Data to Third Countries Accountability and Privacy Impact Assessments ![]()
0 Comments
Leave a Reply. |