China Privacy and Data Security
The MoFo Data Protection team is phenomenal: knowledgeable, responsive, solution oriented and efficient. They are the best firm I have ever worked with. – Legal 500 China
Privacy and Data Security in China
With its growing complexity of network security and data privacy legislation and standards, China has become a critical part of our global practice. Our China Privacy and Data Security team advises clients on a host of issues both within China and affecting their cross-border data flows and cross-border network operations.
Ranked as Band 1 in Data Protection & Privacy by Chambers Greater China Region 2024 - 2025 and Tier 1 in Data Protection by The Legal 500 China 2024-2025, our China team monitors developments relating to the Personal Information Protection Law (PIPL), the Cybersecurity Law (CSL), the Data Security Law (DSL) and the raft of other data privacy and security legislation and standards affecting clients across a broad range of industries. We help multinational companies ensure compliance with their obligations under the PIPL, CSL, and DSL by working closely with them to review policies, contracts, and data transfer and localization arrangements. We also help clients negotiate and renegotiate agreements with service providers and customers in order to ensure compliance.
We bring to our client work a sophisticated understanding of industry-specific privacy and data security obligations in mainland PRC. The local team is able to leverage our global privacy expertise to ensure that revised policies and arrangements properly address offshore privacy laws such as the GDPR and Hong Kong’s Personal Data Privacy Ordinance in addition to mainland Chinese laws.
Sign up in our “China Privacy and Data Security Resources Center” to receive up-to-the-minute legal and business analyses related to the latest China privacy and data security topics.
Featured Webinars
- Speaking EngagementChina’s Cross-Border Data Transfer Regime: Understanding how CAC New Rules Affect Your China Business
After months of uncertainty, China’s data regulator, the Cyberspace Administration of China (CAC), issued the Provisions on Facilitating and Regulating Cross-Border Data Flows (促进和规范数据跨境流动规定, the Provisions) addressing a range of issues concerning China’s cross-border data transfer (CBDT) regime.
- WebinarCybersecurity Regulations State of Play: EU vs China
This webinar covers the various cybersecurity initiatives underway in the European Union, such as the Cyber Resilience Act, the NIS2 Directive, DORA, and the Cybersecurity Act, and assesses how they match up to what China’s cybersecurity laws have been developing into over the last few years.
- Speaking Engagement
Data Center Investments in Asia Pacific – Planning Ahead for a Successful Transaction
Fueled by the surging demand for data center and compute capacity , data centers are experiencing tremendous growth across many jurisdictions in APAC. The increasing demand by blue chip customers in Asia has sparked significant interest from institutional investors, developers and operators to develop or acquire these assets on an individual or portfolio basis.
Related Insights
- Client Alert
China’s Data Regulator Significantly Relaxes CBDT Regime
The Cyberspace Administration of China has issued the keenly awaited provisions that will significantly relax the regulatory regime concerning cross-border data transfers and also bring new challenges.
- Article
A MoFo Privacy Minute Q&A: China PIPL Edition (Issue 6)
Is the use of cookie banners becoming a common practice to collect consent?
- Article
A MoFo Privacy Minute Q&A: China PIPL Edition (Issue 7)
Am I right to understand that there is no need to obtain consent from employees in China to transfer employee personal information (PI) outside of China (e.g., when HR systems are in the U.S.)? Does a company need to utilize one of the data export mechanisms for such transfer?
