China Privacy and Data Security
Privacy and Data Security in China
With its growing complexity of network security and data privacy legislation and standards, China has become a critical part of our global practice. Our China Privacy and Data Security team advises clients on a host of issues both within China and affecting their cross-border data flows and cross-border network operations.
Our China team monitors developments relating to the Personal Information Protection Law (PIPL), the Cybersecurity Law (CSL), the Data Security Law (DSL) and the raft of other data privacy and security legislation and standards affecting clients across a broad range of industries. We help multinational companies ensure compliance with their obligations under the PIPL, CSL, and DSL by working closely with them to review policies, contracts, and data transfer and localization arrangements. We also help clients negotiate and renegotiate agreements with service providers and customers in order to ensure compliance.
We bring to our client work a sophisticated understanding of industry-specific privacy and data security obligations in mainland PRC. The local team is able to leverage our global privacy expertise to ensure that revised policies and arrangements properly address offshore privacy laws such as the GDPR and Hong Kong’s Personal Data Privacy Ordinance in addition to mainland Chinese laws.
Sign up in our “China Privacy and Data Security Resources Center” to receive up-to-the-minute legal and business analyses related to the latest China privacy and data security topics.
Featured Webinars
China’s PIPL One Year On: What You Need to Know Now
The PIPL was issued on August 20, 2021 and came into effect on November 1, 2021. A year later, PIPL remains a work in progress, with many implementing rules and administrative processes still being worked out by regulators. However, many aspects of PIPL are starting to take shape. Most notable are the now available details of PIPL’s cross-border data transfer regime. Regulatory enforcement since last year, including monetary fines against market leaders of unprecedented size, also offers important guidance for compliance. Join MoFo speakers Paul McKenzie, Gordon Milner, Chuan Sun, and Tingting Gao for a review of the PIPL developments you need to know about to navigate China’s increasingly complex data landscape.
All You Need to Know About China’s Personal Information Protection Law
Following a lengthy legislative process, China’s first comprehensive data privacy law, the Personal Information Protection Law (“PIPL”), was finally adopted on August 20, 2021 and took effect on November 1, 2021. Many aspects of the PIPL were modeled on EU’s General Data Protection Regulation (GDPR) but the PIPL departs from, and in many cases is stricter than, the GDPR in a number of respects. Join MoFo speakers Paul McKenzie, Gordon Milner, and Chuan Sun for a webinar where they provide an overview of some of the PIPL’s key requirements and discuss how companies should be compliant with this law.
- Article
China’s Personal Information Protection Law – FAQs
An overview of some of the key requirements of the PIPL, and on how companies should prepare for the new law.
- Client Alert
China’s Personal Information Protection Law (PIPL): Key Questions Answered
Review on a number of questions often asked about China’s PIPL.
- Client Alert
China: Interim Measures Governing Generative AI Issued, AI Law on the Way
An overview of the notable obligations under the Interim Administrative Measures for Generative Artificial Intelligence Services, its cross-border impacts, and the prospect of AI law.
Related Insights
- Article
A MoFo Privacy Minute Q&A: China PIPL Edition (Issue 2)
Under PIPL, can data be pseudonymized or even anonymized to avoid export control or to mitigate associated compliance risks?
- ArticleA MoFo Privacy Minute Q&A: China PIPL Edition (Issue 3)
Has China’s Standard Contract been finalized and what should I know about it?
- Article
A MoFo Privacy Minute Q&A: China PIPL Edition (Issue 4)
What does a PI export certification involve and have implementing rules been issued?