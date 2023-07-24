Legislation

Zhejiang Cyberspace Administration Issues Guidelines for Filing of Standard Contracts for Outbound Transfer of Personal Information in Zhejiang

On June 14, 2023, in order to guide and help personal information handlers to standardize and orderly file standard contracts for outbound transfer of personal information, Zhejiang Cyberspace Administration prepared the Guidelines for Filing of Standard Contracts for Outbound Transfer of Personal Information in Zhejiang and opened a telephone number for consultation. 1

Shanxi Government Issues Measures for Security Management of Government Data in Shanxi Province

On June 13, in order to strengthen the province's government data security management, regulate government data processing activities, to maintain national security, social order and public interest, according to the Cybersecurity Law of the People's Republic of China ("CSL"), the Data Security Law of the People's Republic of China ("DSL"), the Personal Information Protection Law of the People's Republic of China ("PIPL") and other laws and regulations, combined with the actual situation in Shanxi, the Shanxi government formulated the Measures for the Security Management of Government Data in Shanxi Province. 2

SPC Publicly Solicits Opinions on Guidance on Punishing Illegal Crimes of Cyber Violence Legally (Draft for Comments)

On June 9, in order to punish illegal and criminal activities of cyber violence in accordance with the law and effectively safeguard the rights and interests of citizens' personality and normal network order, the Supreme People's Court ("SPC"), the Supreme People's Procuratorate and the Ministry of Public Security drafted the Guidance on Punishing Illegal Crimes of Cyber Violence Legally (Draft for Comments) and invited public comments. 3

Shanghai Cyberspace Administration Publishes Notice on Filing of Standard Contracts for Outbound Transfer of Personal Information

On June 8, in order to guide and help personal information handlers to carry out the filing work in a standardized and orderly manner, the Shanghai Cyberspace Administration officially released the Notice on Filing of Standard Contracts for Outbound Transfer of Personal Information according to the Measures on Standard Contract for Outbound Transfer of Personal Information and the Guide on Filing of Standard Contract for Outbound Transfer of Personal Information (First Edition), and provided consultation methods and content summary. 4

CAC Releases Regulations on Administration of Proximity Self-organizing Network Information Services (Draft for Comments)

On June 7, in order to regulate proximity self-organizing network information services, safeguard national security and social public interests, protect the legitimate rights and interests of citizens, legal persons and other organizations, according to the DSL and other laws and regulations, the Cyberspace Administration of China ("CAC") drafted the Regulations on Administration of Proximity Self-organizing Network Information Services (Draft for Comments) and invited public comments. 5

Shanghai Communications Administration Issues Guidelines on Construction of Chief Data Officer System in Shanghai Telecom and Internet Industry (for Trial Implementation)

On June 6, in order to improve the data governance system in the telecom and Internet industry, and according to the requirements of the special action of "Pujiang Huhang" on data security, the Shanghai Communications Administration has researched and compiled the Guidelines on Construction of Chief Data Officer System in Shanghai Telecom and Internet Industry (for Trial Implementation) and issued it to all telecom and Internet enterprises in Shanghai. 6

Beijing Cyberspace Administration Releases Guidelines for Filing of Standard Contracts for Outbound Transfer of Personal Information in Beijing

On June 5, in order to guide and help personal information handlers to carry out filing work in a standardized and orderly manner, the Beijing Cyberspace Administration issued the Guidelines for Filing of Standard Contracts for Outbound Transfer of Personal Information in Beijing in accordance with the Measures on Standard Contract for Outbound Transfer of Personal Information and the Guide on Filing of Standard Contract for Outbound Transfer of Personal Information (First Edition), providing relevant consultation methods and a summary of the contents. 7





Enforcement Authority

NAFR: Enhancing Cyber and Data Security Management in Third Party Collaboration

On June 27, 2023, the National Administration of Financial Regulation ("NAFR") issued the Notice on Enhancing Cyber and Data Security Management in Third Party Collaboration to all local banking and insurance supervisory authorities, banks, insurance and finance companies, which clearly listed the risk situation of services related to a top platform, the risk situation of technology outsourcing of several banking and insurance and data center hosting service providers, and set out the corresponding regulatory requirements.8

CAICT Releases Top 10 Keywords for Big Data in 2023

On June 26, the China Academy of Information and Communications Technology ("CAICT") released the Top 10 Keywords for Big Data in 2023 at the "2023 Big Data Industry Development Conference", which examined the current hot spots and directions of the development of the big data industry and proposed ten key words, including: cross-border data transfer, data security risk assessment, etc. 9

Beijing Passes First Filing for Standard Contract for Outbound Transfer of Personal Information

On June 25, the standard contract for outbound transfer of personal information signed between Beijing Deyixin Data Co., Ltd. and Hong Kong Novartis Integrity Co., Ltd. has passed the filing audit organized by the Beijing Cyberspace Administration, with the filing number "JingHeTongBei 202300001", becoming the first enterprises to achieve compliance with the cross-border personal information transfer by entering into a standard contract, marking the first filing case for the standard contract implemented in Beijing. 10

CAC Issues Notice on Release of Information on Filing of Algorithm for Deep Synthesis of Internet-based Information Services

On June 20, the CAC issued a notice stating that, according to the Administrative Provisions on Deep Synthesis of Internet-based Information Services, it is now publicly releasing information on the filing of deep synthesis of internet-based information services, with specific information available through the Algorithm for Internet-based Information Services Filing System (https://beian.cac.gov.cn ). 11

CAC Approves Cross-border Data Transfer Security Assessment of Alipay's "Cross-border Mini-apps"

On June 19, the data related to the businesses of "cross-border mini-apps" of Alipay (Hangzhou) Information Technology Co., Ltd. passed the cross-border data transfer security assessment of the CAC, which is the third case in Zhejiang Province and helps enterprises to carry out cross-border data activities in Internet technology industry legally in Zhejiang. 12

CCA to Launch Nationwide Consumer Supervision Campaign against "Compulsory Following of WeChat Official Accounts"

On June 19, the China Consumers Association ("CCA") will launch a nationwide consumer supervision campaign to protect consumers' rights and interests, such as the right to choose, the right to fair trade and personal information, and to address the problems associated with code scanning in consumption. The CCA will commission professional volunteers to summarize, analyze and collate the clues, and to protect the legitimate rights and interests of consumers in accordance with the law. 13

First Three Enterprises in Guangdong Pass Cross-border Data Transfer Security Assessment

On June 19, Green Point Technology (Shen Zhen) Co., Ltd., Amway (China) Co., Ltd., and Jabil Circuit (Guangzhou) Ltd. passed the cross-border data transfer security assessment. This is the first batch of three enterprises in Guangdong to pass the assessment, which is an important reference for data handlers in Guangdong to carry out assessment and notification in the future. 14

Shanghai Cyberspace Administration and Shanghai AMR Jointly Launch "Liangjian Pujiang - Special Enforcement Action for Protection of Personal Information Rights and Interests in the Consumer Field"

On June 16, the Shanghai Cyberspace Administration and the Shanghai AMR jointly launched "Liangjian Pujiang - Special Enforcement Action for Protection of Personal Information Rights and Interests in the Consumer Field". The six-month operation will be carried out under the guidance of the CAC, mainly targeting illegal acts related to personal information, in order to promote enterprises to take the initiative to fulfill their obligations on personal information protection, enhance the awareness of the whole society on personal information protection, and strive to promote a significant improvement in the current situation of personal information protection in the consumer field. 15

Shandong Cyberspace Administration Opens Channel for Filing Standard Contract for Outbound Transfer of Personal Information

On June 14, in order to guide and help the personal information handlers to standardize and orderly file standard contracts for outbound transfer of personal information, the Shandong Cyberspace Administration opened a channel for filing standard contracts for outbound transfer of personal information. 16

Xinjiang Cyberspace Administration: Cyber and Data Security and Personal Information Protection Special Reporting Channel Officially Opened

On, in order to implement the DSL, the PIPL and other laws and regulations, to protect data security and the lawful and orderly use of personal information, and effectively safeguard national security, public interests, the rights and interests of citizens. Xinjiang Uygur Autonomous Region Cyberspace Administration from now on to accept cyber and data and personal information violations of supervision and reporting clues. The channel for receiving reports is http://www.xjwljb.com . 17

Shanghai Cyberspace Administration Publishes 9th, 10th, 11th Outstanding Cases of Classification and Grading of Data, Development of Catalogs of Important Data Pilot

On June 5,8 and 14, in order to accelerate the establishment of a sound data classification and grading protection system and important data catalog management mechanism, and to promote data sharing and application, the Shanghai Cyberspace Administration published a series of pilot outstanding units and pilot outstanding cases in the organization of data classification and grading, and the development of important data catalogue pilot work since July to December 2022 after it set up a pilot working group in conjunction with the Office of the Shanghai Municipal Government. 18

State Council Publishes Legislative Work Plan for 2023: Formulation of Regulations for the Administration of Network Data Security, Regulation for the Online Protection of Minors, and Revision of Law on Guarding State Secrets

On June 7, the State Council released its legislative work plan for 2023, which includes the formulation of draft amendments to the Law on Guarding State Secrets and the Regulations for the Administration of Network Data Security in the area of improving the national security rule of law system and maintaining national security and social stability. The enactment of the Regulation for the Online Protection of Minors is also included in the implementation of the strategy of promoting science and education and promoting cultural self-confidence and self-improvement. 19





Enforcement Cases

Hengyang Cyberspace Administration Fines Local Hospital RMB 62,000

On June 27, 2023, the Hengyang Cyberspace Administration imposed an administrative penalty of ordering rectification, issuing a warning, and imposing a fine of RMB 50,000 on a local hospital for failing to fulfill its data security protection obligations, resulting in partial data leakage, in accordance with the provisions of Article 45 of the DSL. At the same time, a fine of RMB 12,000 was imposed on a third-party technology company and the person responsible. 20

Shanghai AMR and Shanghai Cyberspace Administration Interview Starbucks and Other Famous Restaurants

On June 16, after the Shanghai Cyberspace Administration and the Shanghai AMR jointly initiated enforcement actions, law enforcement officers conducted on-site inspections of the Starbucks, Simplythai and SHAKE SHACK shops involved, and requested the companies involved to attend interviews. The reason for the interviews includes commonly asking for users' personal information frequently and inducing or forcing consumers to register as members frequently, etc. 21

Public Security and Cybersecurity Departments of Zhejiang Fines Illegal Company RMB 1 Million According to DSL

On June 16, a technology company in Zhejiang in the process of development and maintenance of an information management system for a government department of a county-level city in Zhejiang uploaded sensitive business data collected by the department to a rented public cloud server without the consent of the department and without taking security protection measures, resulting in a serious data leakage. The Zhejiang Wenzhou public security authority imposed administrative penalties of fines of RMB 1 million, RMB 80,000 and RMB 60,000 on the technology company and the persons in charge and directly responsible for the project respectively, in accordance with Article 45 of the DSL. 22

Nanchang Cyberspace Administration Punishes Jiangxi Company for Failing to Meet Data Security Obligations and Taking Remedial Measures

On June 7, a Jiangxi company stored a large amount of sensitive data in its OA system and server but failed to fulfill its data security protection obligations, and its OA system was infected with a Trojan horse program that could obtain server file management rights and command execution rights. The relevant acts violated the relevant provisions of the DSL. The Nanchang Cyberspace Administration, in accordance with the provisions of Article 45 of the DSL, imposed a warning and a fine of RMB 500,000 on that company and an administrative penalty of RMB 50,000 on the directly responsible person. 23

