China’s Ministry of Industry and Information Technology (MIIT), Cybersecurity Administration of China (CAC) and Ministry of Public Security (MPS) jointly published the Provisions on Administration of Security Vulnerability of Network Products (Provisions), which will be in force as of September 1, 2021. The Provisions have established rules for the detection, collection, publication and other activities in relation to the security vulnerability of network products. We hereby summarize the Provisions as follows:
A few days ago, Cyber Administration of China (CAC) has shaken the online business sector with the cybersecurity review on Didi (world’s biggest online ride-hailing company) and other three online business companies to prevent data security risks, citing the Cybersecurity Review Measures.
Shenzhen, the leading financial and production center for China and home of many Chinese internet and tech giants such as Huawei, Tencent and DJI, enacted its regional data protection law, Data Regulation of the Shenzhen Special Economic Zone (Shenzhen Data Regulation) on June 29, 2021. Shenzhen Data Regulation will become effective as of January 1, 2022.
In June of 2021, the People’s Bank of China (PBOC, China’s central bank and major financial regulator) published the draft version of amended Anti-Money Laundering Law (Amended AML Law) seeking for public opinion. Amended AML Law contains major changes to improve the effectiveness of its legal framework to combat money laundering and terrorist financing and has expanded AML obligations to all individuals and organizations. In this article, we summarized the highlights of the Amended AML Law.
On July 2, 2021, the Cyberspace Administration of China (CAC) announced on its website that it has started a cybersecurity review on Didi (world’s biggest online ride-hailing company), and during the review Didi is not allowed to register new users. CAC did not offer details about this law enforcement action, but said its purpose is to prevent data security risks, citing its Cybersecurity Review Measures. The announcement (see here) was published just two days after Didi’s huge IPO on NYSE. On the same day, Didi’s share fell as much as 10.9% after the open and was closed with a down of 5.30%. On July 4, 2021, CAC further ordered the removal of Didi’s ride-hailing app from the app stores with the reason that the app has “severely violated the laws and regulations when collecting and using personal information”, and On July 5, 2021, CAC further announced cybersecurity review on three other online platform operators providing cargo transportation hiring services and recruitment services.
The new double taxation agreement between Spain and China has now also completed the internal legislative procedure in China, and, thus, has entered into force, according to Announcement (2021) No. 16, which was issued by the State Administration of Taxation (SAT) on June 21, 2021 and made public later.
Chinese Government recently enhanced the regulations on mobile apps’ data processing through new regulations and active law enforcement actions . On March 22, 2021, Cybersecurity Administration of China (CAC) jointly with other government authorities issued Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications, which defined the scope of necessary personal information for 39 common types of apps and prohibited the operators of the apps from collecting “unnecessary” personal information from the users. Since the Regulations come into effective as of May 1, 2021, CAC has released four announcements on a total number of 351 apps with irregularities in personal information processing activities. In this articles, we summarized the trends reflected in those recent law enforcement actions of CAC and provided several key points on the compliance works for personal information protection in the development and operation of Apps.
On June 10, 2021, China's National People’s Congress Standing Committee passed the Data Security Law (DSL). The DSL will become effective as of September 1, 2021, leaving less than three months for companies to adapt to the new data security regime. Garrigues has been closely following the legislative process of such law and we hope this article will help you to better understand the key contents of the DSL and its major implications on your business.
On June 10, 2021, China’s National People’s Congress Standing Committee passed the Anti-Foreign Sanction Law which comes into effective immediately. Similar to the EU’s “Blocking Statute”, the Law created a legal framework that will block the impact of the foreign sanctions on Chinese persons, prohibited relevant persons from following specific foreign sanctions, authorized the Chinese government authorities to launch retaliations and allowed relevant Chinese persons subject to the foreign sanctions to claim damages.
China’s data protection authorities have strengthened the regulations on personal information processing activities of mobile internet applications (App). Since May 1, 2021, in the law enforcement campaigns against over collection and coercive collection of personal information by Apps, a total number of 222 Apps have been ordered to be removed from App stores. On April 26, 2021, Communications Administration of Ministry of Industry and Information Technology of China released the Interim Provisions on Administration of Personal Information Protection of Mobile Internet Applications (Draft for Public Comment) (Provisions) seeking for public opinions. The Provisions detailed the compliance requirements on the personal data protection for Apps and provided policies and standards reflected in the recent law enforcement proceedings comprehensively for the first time.