Privacy and Data Security in China

With its growing complexity of network security and data privacy legislation and standards, China has become a critical part of our global practice. Our China Privacy and Data Security team advises clients on a host of issues both within China and affecting their cross-border data flows and cross-border network operations.

Our China team monitors developments relating to the Personal Information Protection Law (PIPL), the Cybersecurity Law (CSL), the Data Security Law (DSL) and the raft of other data privacy and security legislation and standards affecting clients across a broad range of industries. We help multinational companies ensure compliance with their obligations under the PIPL, CSL, and DSL by working closely with them to review policies, contracts, and data transfer and localization arrangements. We also help clients negotiate and renegotiate agreements with service providers and customers in order to ensure compliance.

We bring to our client work a sophisticated understanding of industry-specific privacy and data security obligations in mainland PRC. The local team is able to leverage our global privacy expertise to ensure that revised policies and arrangements properly address offshore privacy laws such as the GDPR and Hong Kong’s Personal Data Privacy Ordinance in addition to mainland Chinese laws.

Sign up in our “China Privacy and Data Security Resources Center” to receive up-to-the-minute legal and business analyses related to the latest China privacy and data security topics.

Featured Webinars

China’s PIPL One Year On: What You Need to Know Now

The PIPL was issued on August 20, 2021 and came into effect on November 1, 2021. A year later, PIPL remains a work in progress, with many implementing rules and administrative processes still being worked out by regulators. However, many aspects of PIPL are starting to take shape. Most notable are the now available details of PIPL’s cross-border data transfer regime. Regulatory enforcement since last year, including monetary fines against market leaders of unprecedented size, also offers important guidance for compliance. Join MoFo speakers Paul McKenzie, Gordon Milner, Chuan Sun, and Tingting Gao for a review of the PIPL developments you need to know about to navigate China’s increasingly complex data landscape.

All You Need to Know About China’s Personal Information Protection Law

Following a lengthy legislative process, China’s first comprehensive data privacy law, the Personal Information Protection Law (“PIPL”), was finally adopted on August 20, 2021 and took effect on November 1, 2021. Many aspects of the PIPL were modeled on EU’s General Data Protection Regulation (GDPR) but the PIPL departs from, and in many cases is stricter than, the GDPR in a number of respects. Join MoFo speakers Paul McKenzie, Gordon Milner, and Chuan Sun for a webinar where they provide an overview of some of the PIPL’s key requirements and discuss how companies should be compliant with this law.