LEGISLATION
Shanghai Seeks Public Comments on Several Provisions for Promoting Data Circulation and Transaction in Pudong New Area of Shanghai (Draft)
On July 25, 2023, the Standing Committee of the Shanghai Municipal People's Congress sought public opinions on the Several Provisions for Promoting Data Circulation and Transaction in Pudong New Area of Shanghai (Draft).1
Beijing Communications Administration Releases Implementation Rules for Data Security Management in the Telecommunications Field in Beijing
On July 24, the Beijing Communications Administration issued the Implementation Rules for Data Security Management in the Telecommunications Field in Beijing, which will take effect from the date of issuance.2
People's Bank of China Seeks Opinions on New Regulations for Data Security, Strengthening the Whole-process Security and Compliance Bottom Line for Data Processing Activities
On July 24, the People's Bank of China openly sought opinions on the Administrative Measures for Data Security Management in the Business Field of the People's Bank of China (Draft for Comments). The aim is to provide guidance and supervision for relevant data controllers to lawfully and compliantly carry out data processing activities in the business field of banking and fulfill their obligations for data security protection.3
National Railway Administration Seeks Public Opinions on the Administrative Measures for Security Protection of Railway Critical Information Infrastructure (Draft for Comments)
On July 18, in order to ensure the security of railway critical information infrastructure and maintain cybersecurity, the National Railway Administration has publicly sought opinions on the Administrative Measures for Security Protection of Railway Critical Information Infrastructure (Draft for Comments).4
Shanghai Consumer Protection Committee and Shanghai Catering and Cooking Industry Association Jointly Release Guidelines for Consumer Personal Information Protection Compliance in Shanghai's Online Food Ordering Services
On July 17, Shanghai Consumer Protection Committee and Shanghai Catering and Cooking Industry Association jointly formulated and released the Guidelines for Consumer Personal Information Protection Compliance in Shanghai's Online Food Ordering Services. The guidelines will be implemented starting from July 18, 2023.5
CAC Releases Interim Measures for the Administration of Generative Artificial Intelligence Services
On July 10, the Cyberspace Administration of China ("CAC") issued the Interim Measures for the Administration of Generative Artificial Intelligence Services ("Measures") which will be implemented starting from August 15, 2023.6
Hebei Province and Jiangsu Province Successively Issue the Guidelines for SCC Filing
On July 7, Hebei Province and Jiangsu Province respectively issued the guidelines for filing standard contracts for personal information outbound transfers ("SCC").7
CAC Issues Announcement on the Adjustment of the Catalogue of Network Key Equipment and Network Security Dedicated Products
On July 3, CAC, together with the Ministry of Industry and Information Technology ("MIIT"), Ministry of Public Security and the Certification and Accreditation Administration ("CNCA") updated and released the Catalogue of Network Key Equipment and Network Security Dedicated Products.8
MIIT and CBIRC Jointly Issue Opinions on Promoting the Standard and Healthy Development of Cybersecurity Insurance
On July 2, MIIT and China Banking and Insurance Regulatory Commission ("CBIRC") jointly issued the Opinions on Promoting the Standard and Healthy Development of Cybersecurity Insurance. The document puts forward ten specific opinions in five aspects, including establishing and improving the policy and standard system for cybersecurity insurance, enhancing innovation in cybersecurity insurance products and services, strengthening the integration of cybersecurity technology and insurance development, promoting the release of demand in the cybersecurity industry, and cultivating the development ecosystem of cybersecurity insurance.9
Ministry of Justice and CAC Research and Review the Regulations on the Protection of Minors in Cyberspace (Draft), Emphasizing the Protection of Minors' Personal Information
Recently, the Ministry of Justice and CAC conducted in-depth research and review of the Regulations on the Protection of Minors in Cyberspace (Draft). After further modifications and improvements, they will expedite the legislative process of the regulations.10
MOHRSS Issues Regulations on the Management of Human Resources Service Agencies, Clarifying the Obligations of Network Security and Personal Information Protection for Human Resources Service Agencies
On June 29, MOHRSS issued the Regulations on the Management of Human Resources Service Agencies, which came into effect on August 1, 2023.11
CAC Signs Memorandum of Understanding on Facilitating Cross-border Data Flow within the Guangdong-Hong Kong-Macao Greater Bay Area with the Innovation and Technology Bureau of the Hong Kong Special Administrative Region Government
On June 29, CAC and the Innovation and Technology Bureau of the Hong Kong Special Administrative Region Government signed a Memorandum of Understanding on Facilitating Cross-border Data Flow within the Guangdong-Hong Kong-Macao Greater Bay Area. Within the framework of the national cross-border data security management system, the memorandum aims to establish secure rules for cross-border data flow in the Greater Bay Area, promote orderly and secure cross-border data flow, and drive high-quality development in the Greater Bay Area.12
Beijing Issues Implementation Opinions on Better Utilizing Data Elements to Accelerate the Development of the Digital Economy
On June 20, the Beijing Municipal Committee and the People's Government of Beijing issued the Implementation Opinions on Better Utilizing Data Elements to Accelerate the Development of the Digital Economy.13
Shenzhen Development and Reform Commission Issues Interim Measures for the Registration and Management of Data Property Rights in Shenzhen
On June 15, the Development and Reform Commission of Shenzhen issued the Interim Measures for the Registration and Management of Data Property Rights in Shenzhen, which is implemented starting from July 1, 2023.14
ENFORCEMENT AUTHORITY
Former Chairman of China Unicom, Liu Liehong, Appointed as the First Director of the State Administration for Data
On July 28, 2023, the State Council appointed Liu Liehong, the former Chairman and Party Secretary of China United Network Communications Group Co., Ltd., as the Director of the State Administration for Data.15
CAC Releases Test Reports on Personal Information Collection by Three Categories of Apps
Recently, the China Cyberspace Security Association and the National Computer Network Emergency Response Technical Coordination Center conducted tests on the collection of personal information by popular apps in the categories of "e-books," "photo editing," and "cloud storage." The test results have been released to the public.16
Shanghai AMR and Municipal Cyberspace Administration Guide Enterprises to Launch "Clean Edition" Parking Payment QR Codes
Recently, the "Sharp Sword Pujiang: Special Law Enforcement Action for Protecting Personal Information Rights and Interests in the Consumer Sector" has focused on comprehensive governance in the "scan-to-park" scenario. It requires shopping malls or parking operators to promptly introduce a "clean edition" parking payment QR code to ensure that no personal information is collected.17
China Consumers Association Focuses on Consumer Data Security of Cloud Storage Services
Recently, China Consumers Association has launched consumer supervision work on cloud storage security, indicating that it is collecting member handbooks, service agreements, and reminder methods from multiple cloud storage service companies in order to compare solutions that are more convenient for storing consumer data, more effective ways to notice consumers, more favorable clauses to consumers.18
Zhejiang Cyberspace Administration Releases Q&A on Filing of Standard Contract of Personal Information (Part One)
On July 11th, Zhejiang Cyberspace Administration released the Q&A on Filing of Standard Contract of Personal Information (Part One).19
CAC: 177.94 Million Reports of Online Illegal and Harmful Information Received Nationwide in June 2023
In June 2023, the CAC Reporting Center provided guidance to reporting departments at all levels nationwide, as well as major online platforms, for handling 177.94 million reports from internet users regarding illegal and harmful information, including content related to pornography, gambling, infringement, and rumors.20
ENFORCEMENT CASES
Earthquake Monitoring Center of Wuhan Municipal Emergency Management Bureau Subject to Cyber Attack on Its Network Equipment, Police Initiate Investigation
On July 25th, 2023, the Earthquake Monitoring Center of the Wuhan Municipal Emergency Management Bureau reported that certain network equipment at the front-end stations for seismic rapid reporting had been implanted with backdoor programs. Subsequently, the police initiated an investigation into the matter.21
Shanghai Baoshan Procuratorate Supervises Personal Information Protection by Express Delivery Companies
On July 24, prosecutors from the Baoshan District Procuratorate in Shanghai contacted the Baoshan Postal Administration to inquire about the recent promotion and usage of privacy labels within the local express delivery industry.22
Release of Guangzhou's Top 10 Typical Cybersecurity Cases of 2022
Recently, the top 10 typical cybersecurity cases of 2022 in Guangzhou were announced, involving issues such as data security, cybersecurity, and personal information protection.23
Beijing Cyberspace Administration Holds Guidance Meeting on Rectification of Personal Information Collection and Usage by Apps, Issues Rectification Notices to 10 Companies
On July 13, the Beijing Cyberspace Administration, in conjunction with the Beijing Branch of the National Internet Emergency Center, organized a guidance meeting for rectification. During this meeting, 10 companies including "Shansong" (FlashEx), "SF Same Day Delivery," and "Damai" were collectively informed about illegal collection of personal information found during a special governance action, and received Rectification Notices to guide these companies in undertaking compliance improvements for their products and were required to rectify the issues within a specified timeframe.24
Shenzhen Securities Regulatory Bureau Issues Warning Letters to CITIC Securities and Three Individuals, Including Chief Information Officer, Due to Network Security Loopholes
On July 13, the Shenzhen Securities Regulatory Bureau issued warning letters to CITIC Securities and three individuals, including the Chief Information Officer. This action was taken due to CITIC Securities' network security incident on June 19, 2023, which revealed deficiencies in the security of their data center infrastructure, as well as oversights in the reliability management of information system equipment.25
MIIT Releases Report on 31 Apps (SDKs) Violating User Rights
On July 7, following an examination conducted by third-party testing agencies on popular mobile internet applications (Apps) and third-party software development kits (SDKs) in categories such as leisure entertainment, practical utilities, and travel services, MIIT identified 31 Apps (SDKs) that engage in actions violating user rights and subsequently issued a public notification.26
Shanghai Municipal Cyberspace Administration and Other Departments Carry out Public Legal Education and Administrative Guidance on Personal Information Protection in the Catering Industry
Recently, in response to the widespread issue of excessive collection, frequent inducement, and even compulsory solicitation of unnecessary personal information from users during the process of scanning QR codes for ordering meals, the Shanghai Municipal Cyberspace Administration, in collaboration with Shanghai AMR and Municipal Commerce Commission, has carried out phased public legal education and administrative guidance on personal information protection in the catering industry.27
Personal Information of Some Students at Renmin University of China Stolen, Suspect Criminally Detained
On July 2, Renmin University of China issued a notice stating that the suspect, identified as Mr. Ma, has been criminally detained by the Haidian Public Security Bureau in Beijing for alleged illegal collection of personal information of some students at the university, among other illegal activities. The case is currently under further investigation0.28
Footnotes
1. https://mp.weixin.qq.com/s/XV-aJpPQh5WVHV-xTk1Amw?scene=25#wechat_redirect
2. https://mp.weixin.qq.com/s/iGvQJacvKOl5_kgMjlh1lw?scene=25#wechat_redirect
3. https://baijiahao.baidu.com/s?id=1772271595720180634&wfr=spider&for=pc
4. https://www.nra.gov.cn/xxgk/gkml/ztjg/zqyj/202307/t20230718_342383.shtml
5. https://mp.weixin.qq.com/s/bBeMayWHI5HEhLl09u0WJQ?scene=25#wechat_redirect
6. https://mp.weixin.qq.com/s/TztAWbEJmA3qBCiLgvZMyg?scene=25#wechat_redirect;https://mp.weixin.qq.com/s/x5nsgaf-7zVkbCKJc-Mwuw?scene=25#wechat_redirect
7. https://mp.weixin.qq.com/s/7LqvBV1OPkxqcnYGWsEr1Q;https://mp.weixin.qq.com/s/Z02PasKwyOzRl6QwGL0VWA
8. http://www.cac.gov.cn/2023-07/03/c_1690034742530280.htm
9. https://mp.weixin.qq.com/s/U4wVnb8BXFdfKjFXIW7DJA;https://www.miit.gov.cn/jgsj/waj/gzdt/art/2023/art_052b056445a5430e87f37d5b07080d82.html
10. http://www.moj.gov.cn/pub/sfbgw/gwxw/xwyw/202307/t20230710_482328.html
11. http://www.mohrss.gov.cn/xxgk2020/gzk/gz/202306/t20230630_502242.html
12. https://mp.weixin.qq.com/s/4z0v6VuvxU6nvA4nUAM6IQ?scene=25#wechat_redirect
13. https://news.bjd.com.cn/2023/07/05/10485499.shtml
14. http://www.sz.gov.cn/cn/xxgk/zfxxgj/zcfg/content/post_10692613.html
15. https://baijiahao.baidu.com/s?id=1772658619896820728
16. https://mp.weixin.qq.com/s/vEOq6MxZWZDkciUccd3SGg?scene=25#wechat_redirect;https://mp.weixin.qq.com/s/MkmWgZz4lOjKmGE-KHC6Wg;https://mp.weixin.qq.com/s/m4VivNd9IErORb4gLghI9g
17. https://mp.weixin.qq.com/s/dIe_co_S6A7Paj44Vo7W9w?scene=25#wechat_redirect
18. https://www.cca.org.cn/jmxf/detail/30698.html
19. https://mp.weixin.qq.com/s/Tz5C3lhlRkFUHLIKEUyfuA?scene=25#wechat_redirect
20. https://mp.weixin.qq.com/s/fpZscVMmmo38sH3ESDJvCA?scene=25#wechat_redirect
21. https://mp.weixin.qq.com/s/_y1-BooCBD5wlWWIcbEx3g?scene=25#wechat_redirect
22. https://www.spp.gov.cn/spp/dfjcdt/202307/t20230727_622819.shtml
23. https://mp.weixin.qq.com/s/pTUnpxvSmlwSxt3dMIspEg?scene=25#wechat_redirect
24. https://mp.weixin.qq.com/s/xRO6Xb7KQwtRmhZDTh8lGQ?scene=25 - wechat_redirect
25. https://mp.weixin.qq.com/s/cHJkX6s-zujb1gQlA80GHQ?scene=25#wechat_redirect
26. https://mp.weixin.qq.com/s/2Ht7PzR4gEXW-KvuWrbAZg?scene=25#wechat_redirect
27. https://www.shanghai.gov.cn/nw4411/20230706/8d840a7be8ab4092b6ddab935f9388b9.html
28. https://mp.weixin.qq.com/s/jQ2Lf73blJdjCjpLsGrnSw?scene=25#wechat_redirect
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.