China Justice Observer

中司观察

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China Regulates Network Data Security

Tue, 19 Nov 2024
Categories: China Legal Trends

On 24 Sept. 2024, China’s State Council published the “Regulation on Network Data Security Management” (网络数据安全管理条例, hereinafter the “Regulation”), which shall come into force on 1 Jan. 2025.

In China, three laws have been enacted as the pillars in the fields of network governance and data security: the “Cybersecurity Law”, the “Data Security Law”, and the “Personal Information Protection Law”. The purpose of the Regulation is to standardize network data processing activities, with a focus on personal information, important data, and cross-border data flow, and to refine and supplement compliance requirements for network data protection in existing laws.

The highlights of the Regulation are as follows.

  • It clarifies the requirements for the exercise of rights such as access, copy, modification, supplementation, and deletion of personal information, as well as the conditions for the transfer of personal information.
  • It requires processors of important data to conduct annual risk assessments of their network data processing activities, with clear reporting requirements for these assessments.
  • It addresses issues related to the difficulty of opting-out of personalized recommendation services, the variety of personal information collected, and the misuse of personalized profiling data, by requiring the network platform service providers to set up opt-out options for personalized recommendations that are easy to understand, access, and use, and to provide users with such functions as refusing to receive pushed information and deleting user tags that are targeted to their personal characteristics.

 

 

Photo by Bells Mayer on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

You might also like

SPC Regulates Online Judicial Auctions

In November 2024, China’s Supreme People’s Court (SPC) issued new guidelines to regulate online judicial auctions, emphasizing transparency in property disclosures, enhanced mechanisms for judgment debtors to self-dispose of auctioned assets, and improved supervision across all auction stages to protect parties' rights and streamline enforcement procedures.

China’s First Tribunal-Ordered Interim Measure Issued in Beijing

In October 2024, an arbitral tribunal at the Beijing Arbitration Commission (BAC/BIAC) issued an interim measure based on the applicant’s request, which was later confirmed and enforced by the court through a preservation order. This is the first of its kind in China, confirming the validity of tribunal-issued interim measures and highlighting the pro-arbitration stance of Chinese courts.

SPC Releases IP Protection Cases in Seed Industry

In October 2024, China's Supreme People's Court (SPC) released key judicial protection cases to strengthen intellectual property rights in the seed industry, focusing on plant variety and breeding material disputes.

China Defines Rules for Calculating Trademark Infringement Gains

In October 2024, the China National Intellectual Property Administration (CNIPA) and the State Administration for Market Regulation (SAMR) jointly issued the “Measures for Calculating Illegal Business Revenue in Trademark Infringement Cases”, which provide detailed operational guidelines for trademark enforcement authorities to calculate illegal business revenue.

SPC Releases Typical Cases on Tourism Disputes

In September 2024, China's Supreme People's Court (SPC) released five typical tourism dispute cases, including health rights disputes caused by wild monkey attacks in Mount Emei, to guide courts in resolving common tourism conflicts and safeguarding tourists' legitimate rights and interests.

China Regulates Network Data Security

China's newly adopted “Regulation on Network Data Security Management”, effective January 1, 2025, seeks to standardize data processing, strengthen personal information protection, and tackle issues such as data security, risk assessments, and personalized profiling.