Legislation
CCCP and State Council Issue Overall Layout Plan for Digital China Construction
On February 27, 2023,the Central Committee of the Communist Party ("CCCP") and the State Council issued the Overall Layout Plan for Digital China Construction ("Plan") and made a notice requesting all regions and departments to earnestly implement it according to the actual situation. The Plan states that digital China construction is an important engine for advancing Chinese-style modernization in the digital era and a powerful support for constructing a new national competitive advantage. 1
MIIT Issues 26 Measures, Focusing on Personal Information Protection and APP Compliance
On 27 February, the Ministry of Industry and Information Technology ("MITT") issued a notice proposing a total of 26 measures to optimize service supply, improve user experience, maintain a good information consumption environment, and promote high-quality development of the industry. These measures can be divided into two categories: first, focusing on APP installation and uninstallation, service experience, personal information protection, and demand response, 12 measures are proposed to improve users' service perception; second, from the perspective of industry collaboration and standardized development, upstream and downstream joint prevention and common governance, and focusing on five types of current mobile Internet service subjects, namely APP developers and operators, distribution platforms, SDK, terminal and access enterprises, 14 measures are proposed. 2
CAC Issues Measures for Standard Contract for Cross-Border Transfer of Personal Information
On February 24, the Cyberspace Administration of China ("CAC") issued the Measures for Standard Contract for Cross-Border Transfer of Personal Information ("Measures"), which will come into effect on 1 June 2023. The relevant person in charge of the CAC states that the Measures aims to implement the provisions of the Personal Information Protection Law ("PIPL"), protect the rights and interests of personal information, and regulate cross-border transfer of personal information activities. The Measures also sets out the scope of application, conditions for conclusion, and filing requirements for the Standard Contracts for Cross-Border Transfer of Personal Information ("Standard Contracts"), clarify the template of the Standard Contracts, and provide specific guidelines for the cross-border transfer of personal information. 3
Shenzhen DRC Issues Interim Measures for Administration of Data Property Rights Registration in Shenzhen (Draft for Comments)
On February 20, Development and Reform Commission of Shenzhen ("Shenzhen DRC") issued the Interim Measures for Administration of Data Property Rights Registration in Shenzhen (Draft for Comments). 4
China Issues Global Security Initiative Concept Paper, Emphasizing Deepening International Cooperation in Field of Information Security
On February 21, Chinese President Xi Jinping proposed a global security initiative, advocating a spirit of solidarity to adapt to the profoundly restructured international landscape and a win-win mindset to address complex and intertwined security challenges, with the aim of eliminating the root causes of international conflicts, improving global security governance, promoting the international community to work together to inject more stability and certainty into the turbulent and changing times, and achieving lasting peace and development in the world. 5
Press Conference on Sichuan Data Regulation: Prohibit Abusing Big Data to Discriminate
On February 16, the press conference on "Interpretation of the Sichuan Data Regulation ('Regulation')" hosted by the Information Office of Sichuan Provincial People's Government was held in Chengdu. The person in charge of the Economic Committee of the Sichuan Provincial People's Congress introduced the Regulation, which is the first basic regulation in the field of data in Sichuan Province, focusing on three major aspects: the construction of data resources system, data circulation, and utilization, data security management. 6
CSAC Issues Self-Regulation Convention on Personal Information Protection
On February 3, Cyber Security Association of China ("CSAC") issued the Self-Regulation Convention on Personal Information Protection ("Convention"), aiming to raise awareness of personal information protection among all parties in society and to promote the comprehensive management of personal information protection. 7
Beijing MBEIT Issues Letter on Promoting the Construction of Beijing's "Data Special Zone"
On February 2, Beijing Municipal Bureau of Economy and Information Technology ("MBEIT") issued a letter promoting the construction of Beijing's "Data Special Zone". According to the confirmation, "Promoting the construction of Beijing Data Special Zone" is among the content of the "List of Key Tasks in the 2023 Municipal Government Work Report" released by Beijing not long ago. 8
Enforcement Authority
BJCA: Countdown to Cross-Border Data Transfer Rectification, 48 Companies' Notification Materials Received
On February 22, 2023, Beijing Cyberspace Administration ("BJCA") received application materials for security assessment of outbound data transfers from 48 companies. Since the official implementation of the Measures on Security Assessment of Cross Border Data Transfer ("Measures") by CAC, BJCA has refined and implemented the requirements of the Measures, strengthened cross-border data transfer security management, and actively promoted local enterprises and institutions to carry out cross-border data transfer activities in accordance with the law and regulations. The Measures have set a six-month grace period for rectification, and enterprises and institutions that have carried out cross-border data transfer activities in Beijing shall apply for security assessment of outbound data transfers in accordance with the specific provisions of the Measures in a timely manner. 9
National Procuratorial Authorities Handle 68,000 Cases of Public Interest Litigation in New Area Like Personal Information Protection in 2022
On February 20, in a guest interview on "Learning and Implementing the Spirit of the 20th Communist Party of China ("CPC") National Congress and Improving the Quality and Effectiveness of Legal Supervision in the New Era", Hu Weilie, a member of the prosecution committee of the Supreme People's Procuratorate ("SPP") and director of the Eighth Procuratorial Office, said that compared to the early stage of the work, public interest litigation has gradually shifted from the high growth rate to the high-quality development with priority on quality and efficiency. The year 2022 marks the fifth anniversary of introducing public interest litigation, which has entered a new phase of transformation and quality development. 10
SHCA Holds Series of Cross-Border Data Transfer Security Assessment Policy Briefings (Zhangjiang Station)
On February 17, Shanghai held a series of briefing sessions on cross-border data transfer security assessment policy (Zhangjiang Station). The purpose of this briefing session is to provide better guidance and services for data handlers in Shanghai to notify cross-border data transfer security assessment, carry out cross-border data transfer activities legally and in compliance with regulations, and create a good business environment. 11
CAC Holds National Conference on Network Legal Ruling
On February 13, CAC held a national conference on network legal ruling in Hangzhou, Zhejiang province, which summarizes, reviews the effectiveness and experience of the new era of ten years of network legal ruling construction, analyzes the situation and tasks facing network legal ruling, and studies and deploys network legal ruling in 2023. 12
SHCA Launches Series of Cross-Border Data Transfer Security Assessment Policy Briefings
On February 10, SHCA, together with the Administrative Committee of Lingang New District, held a briefing session on the cross-border data transfer security assessment policy, which was attended by representatives of 35 enterprises from Lingang district. The session marked the official launch of the series of cross-border data transfer security assessment policy briefing activities in Shanghai. 13
Citizens Personal Information Frequently Leaked, SPP: to Dig Deeper Related Crimes to Trace the Leakage Channel
On February 9, SPP said that from January 2019 to October 2022, procuratorial authorities nationwide approved the arrest of more than 13,000 suspects, who are suspected of crimes of infringement of citizens' personal information and filed more than 28,000 prosecutions. 14
CAC Issues Test Report on Personal Information Collection of "Online Shopping" Apps
On February 2, CAC issued a test report on personal information collection of "Online Shopping" Apps. The test was conducted on the top 10 "Online Shopping" apps in 19 app shops in terms of cumulative downloads. 15
SHCA: Practical Q&A on Cross-Border Data Transfer Security Assessment Notification (II)
On February 2, to better serve Shanghai data handlers in conducting cross-border data transfer security assessment notifications, SHCA issues Practice Q&A (II), in accordance with the Measures on Security Assessment of Cross-border Data Transfer and the Guide to Cross-Border Data Transfer Security Assessment Notification (Version 1) ("Guide") and taking into account recent consultations and frequently asked questions on completeness checking. 16
Enforcement Cases
MPS Announces 10 Typical Cases of 2022 "Break Account" Action
On February 15, 2023, the Ministry of Public Security ("MPS") announced the top ten typical cases of the "Break the Account" action in 2022. In recent years, telecommunication network fraud, cross-border online gambling, internet bot, and other prominent network crimes have been highly prevalent, seriously endangering the management order of the internet and damaging the legitimate rights and interests of the people. Public security authorities have given full play to their functions, strengthened case investigations, and cracked down on the black industrial chain of online accounts in accordance with the law. Since last year, MPS has deployed public security authorities nationwide to promote the "Break the Account" action, which has achieved remarkable results. 17
Inner Mongolia Notifies 19 APPs Infringing Users Rights and Interests
On February 15, the Inner Mongolia Communications Administration ("IMCA") issued a notification on App infringement of users' rights and interests. In accordance with laws and regulations such as the Personal Information Protection Law ("PIPL"), the Cybersecurity Law ("CSL"), the Telecommunications Regulations, and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, IMCA organized a third-party testing agency to inspect mobile Internet APPs that were found to have infringed users' rights and interests. Up to then, there were still 19 APPs that have not completed the rectification as required and were notified on February 15. 18
Hunan CYWB Consumer Finance Fined CNY 750,000 for Unauthorized Access to Personal Information
On February 8, information on the fine issued by the Changsha Central Sub-Branch of the People's Bank of China shows that Hunan CYWB Consumer Finance Co., Ltd was fined CNY 750,000 for the infringement of accessing personal information without consent. 19
MIIT Notifies 46 APPs (SDK) with Illegal Collection of Personal Information and Other Problems
On February 8, in accordance with laws and regulations such as PIPL, CSL, the Telecommunications Regulations, and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, MIIT organized a third-party testing agency to inspect mobile Internet APPs and SDKs such as life services and daily tools that the public are concerned about. It has been found that 46 APPs (SDKs) have infringed on users' rights and interests, which should be rectified before February 15. 20
Bank of Xiamen Fined CNY 7.64 Million for 23 Violations, Including Violations Related to Personal Financial Information Protection
On January 30, The Fuzhou Central Branch of the People's Bank of China published a public notice of administrative punishment, which showed that the Bank of Xiamen was warned by the Fuzhou Central Branch of the People's Bank of China, confiscated illegal proceeds of CNY 767.17 and fined CNY 7.646 million for 23 violations involving the personal financial information protection and other violations. 21
Footnotes
1 http://www.gov.cn/zhengce/2023-02/27/content_5743484.htm
2 https://mp.weixin.qq.com/s/35EocDbRHVErIXWkWuZTag?scene=25#wechat_redirect
3 http://www.cac.gov.cn/2023-02/24/c_1678884830036813.htm
4.https://mp.weixin.qq.com/s/O8aGTuVIpq55i71cadI3_Q?scene=25#wechat_redirect
5.http://www.news.cn/2023-02/21/c_1129382628.htm
6.http://www.leshan.cn/html/113D9C4BB2925A7A/2023/02/16/view_1E227EE84853E0A0.html
7.https://mp.weixin.qq.com/s/MI9khQ7Dk3H7GW53ZzVXVg?scene=25#wechat_redirect
8.https://mp.weixin.qq.com/s/ja0BIvK2tlKUPu9xKNDi-A?scene=25#wechat_redirect
9 https://mp.weixin.qq.com/s/UCHITtp3dK2KVHtLQFAF2Q?scene=25#wechat_redirect
10.https://www.spp.gov.cn/spp/zdgz/202302/t20230220_602744.shtml
11.https://mp.weixin.qq.com/s/253FdKQIP6ZtGP1q7U45Ng?scene=25#wechat_redirect
12.https://mp.weixin.qq.com/s/rr5QYPGgCDcGauJGEbTtrQ?scene=25#wechat_redirect
13.https://mp.weixin.qq.com/s/4iACatOK5Ta9DBhGzQTbgg?scene=25#wechat_redirect
14.https://m.thepaper.cn/newsDetail_forward_21859493
15.http://www.cac.gov.cn/2023-02/02/c_1676974782535858.htm
16. https://mp.weixin.qq.com/s/4lYcOmFNVOOtn_YqS6v3HA
17.https://mp.weixin.qq.com/s/2IJDGNMMwAuPh2M6f6GPVw?scene=25#wechat_redirect
18.https://t.cj.sina.com.cn/articles/view/1826017320/6cd6d028020017jeg
19 https://baijiahao.baidu.com/s?id=1757334765867300841&wfr=spider&for=pc
20 https://mp.weixin.qq.com/s/E_lqsGf60Oc9yYYIVJsJ-Q?scene=25#wechat_redirect
21 https://mp.weixin.qq.com/s/PVkZDWpCX7Sho-ZbkiRXVA?scene=25#wechat_redirect
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
