China Monthly Data Protection Update - Data Protection

Legislation

Standing Committee of the Tibetan People's Congress Adopts the Regulation on Network Information Security Management in Tibet Autonomous Region

On January 20, 2023, the Tibet People's Congress website announced the full text of the Regulations on Network Information Security Management in the Tibet Autonomous Region, which had been adopted by the 43rd Session of the Standing Committee of the 11th People's Congress of the Tibet Autonomous Region. The regulation was implemented from February 1, 2023. ¹

CBIRC Releases the Measures for the Management of Banking and Insurance Supervision Statistics

On January 9, China Banking and Insurance Regulatory Commission ("CBIRC") issued the Measures for the Management of Banking and Insurance Regulatory Statistics ("Measures"), which came into effect on February 1, 2023. The Measures emphasized that banks and insurance institutions should clarify the responsibility of data quality, pay attention to the protection of data security, match the data governance requirements, and attach importance to data value realization. ²

MIIT and Other Fifteen Departments Jointly Issue the Guiding Opinions on Promoting the Development of Data Security Industry

On January 3, the Ministry of Industry and Information Technology ("MIIT"), the Cyberspace Administration of China ("CAC"), the National Development and Reform Commission ("NDRC") and other departments jointly issued the Guiding Opinions on Promoting the Development of Data Security Industry ("Guiding Opinions"). The MIIT noted that the Guiding Opinions are positioned as the top-level policy document for the data security industry. ³

SHEITC and Shanghai Cyberspace Administration Jointly Issue the Shanghai Public Data Opening Implementation Rules

On December 31, 2022, in order to implement the Shanghai Data Regulations and the Interim Measures for the Opening of Public Data in Shanghai, to promote deeper and higher level opening of public data and to support the digital transformation of Shanghai city, Shanghai Economy and Information Technology Commission ("SHEITC") and Shanghai Cyberspace Administration jointly issued the Shanghai Public Data Opening Implementation Rules. The rules came into force from December 31, 2022 and shall be valid until December 30, 2027. ⁴

Enforcement Authority

CAC : National Cyber Law Enforcement Continues to Gain Effectiveness in 2022

On January 19, 2023, CAC published a summary of cyber law enforcement in 2022. In the past year, CAC continued to strengthen cyber law enforcement, with 294 APPs that handled personal information in violation of laws and regulations being investigated, and 44 APPs that failed to perform security assessments and other obligations as required being pulled off. ⁵

Shanghai Data Exchange Officially Operates

On January 3, Shanghai Data Exchange was officially put into operation. It was reported that since its inauguration for trial operation on November 25, 2021, the transaction volume of Shanghai Data Exchange had exceeded 100 million. It achieved milestones in terms of institutional system, system support and trading services, with good operating conditions. ⁶

Enforcement Cases

First Approved Data Export Security Assessment Case in China Lands in Beijing

On January 18, 2023, Beijing Cyberspace Administration issued a document indicating that two units have passed the data export security assessment. Among them, the collaborative research project between Beijing Friendship Hospital affiliated to Capital Medical University and the Amsterdam University Medical Center in the Netherlands became the first approved data compliance export case in China, marking that the national data export security assessment system was first implemented in Beijing. The project of Air China Co., Ltd. declared in Beijing was successfully approved as the second case in China. ⁷

National Cybersecurity Review Office Agrees to Resume New User Registration for DiDi

On January 16, DiDi Chuxing announced through its official microblog that after more than a year of comprehensive rectification, the National Cybersecurity Review Office agreed to resume its new user registration. DiDi said that the company will subsequently take effective measures to effectively safeguard the security of platform facilities and big data and maintain national network security. ⁸

BJCA Informs 29 Problematic APPs

On January 11, Beijing Communications Administration ("BJCA") issued a notice on 29 APPs that infringe on users' rights and pose security risks. BJCA will further promote the special rectification of APP privacy compliance and network data security. ⁹

Ministry of Public Security: More than 16,000 Cases of Infringement of Citizens' Personal Information Are Investigated in 2022

On January 9, the Ministry of Public Security stated that in 2022, the cybersecurity departments of public security bureaus across the country had promoted the "Clean Network 2022" special action in depth. By the end of December 2022, a total of 83,000 cases were investigated and handled, including more than 16,000 cases of infringement of citizens' personal information and more than 340 cases of serious infringement of people's privacy. ¹⁰

Courts Litigation

SPC Releases Typical Cases on the Implementation of the Civil Code, Including a Case on the Protection of Personal Information

On January 12, 2023, SPC released the second batch of typical cases on the implementation of the Civil Code, including a dispute over privacy and personal information protection between a natural person and a communication company. ¹¹

People's Court of Chongzhou of Sichuan Province Issues the First Personal Security Protection Order in China to Protect Women's Privacy and Personal Information

On January 1, People's Court of Chongzhou City, Sichuan Province, issued the first personal security protection order to protect women's privacy and personal information, prohibiting the respondent Li from continuing to disclose and disseminate the privacy and personal information of the applicant Chen. The legal basis is the Law of the People's Republic of China on the Protection of Rights and Interests of Women, which came into force on the same day: "Badgering and harassing a woman, on divulging and disseminating the privacy and personal information of the woman, under the pretext of a romantic or friendship relationship, on after termination of a romantic relationship or divorce shall be prohibited." ¹²

Footnotes

1. http://www.xizangrd.gov.cn/lfgz/42474

2. https://mp.weixin.qq.com/s?__biz=MzIzOTAzMzkyNg==&mid=2247505936&idx=1&sn=23c1374b3f957bc992007ee8ee32494d&scene=21#wechat_redirect

3. http://www.cac.gov.cn/2023-01/14/c_1675346873856103.htm

4. https://sheitc.sh.gov.cn/sjxwxgwj/20230110/cc487968a94849618ee9374618e53673.html

5. https://mp.weixin.qq.com/s/bmwqmdCNZ3jC_hlC4mpXVA?scene=25#wechat_redirect

6. https://m.thepaper.cn/newsDetail_forward_21578469

7. https://mp.weixin.qq.com/s/mCS7dZIuqs7LCevDUnd58g?scene=25#wechat_redirect

8. https://news.cnr.cn/native/gd/20230116/t20230116_526127730.shtml

9. https://bjca.miit.gov.cn/zwgk/tzgg/art/2023/art_b8c68f14f8cf48b5b1491dd0513e2030.html

10. https://m.21jingji.com/article/20230109/herald/d616da5015c72cb3cdec8637d1353462.html

11. https://www.court.gov.cn/zixun-xiangqing-386521.html

12. https://mp.weixin.qq.com/s/Ol--La8sH9IGZuBxTo0NUg?scene=25#wechat_redirect

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

China: China Monthly Data Protection Update