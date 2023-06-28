Legislation

CAC Releases Personal Information Exit Standard Contract Filing Guide (First Edition)

On May 30, the CAC released Personal Information Exit Standard Contract Filing Guide (First Edition), which explains the specific requirements of the personal information exit standard contract filing method, filing process, and filing materials.1

NISSTC Releases Cybersecurity Standards Practice Guide - Implementation Guidelines for Cyber Data Security Risk Assessment

On May 29, the National Information Security Standardization Technical Committee ("NISSTC") released Cybersecurity Standards Practice Guide - Implementation Guidelines for Cyber Data Security Risk Assessment for guiding the work of cyber data security risk assessment.2

Information Security Technology - Implementation Guideline for Informing and Consenting in Personal Information Processing Released

On May 23, 2023, Information Security Technology - Implementation Guideline for Informing and Consenting in Personal Information Processing, which is supervised by Standardization Administration of the People's Republic of China ("SAC") and categorized and implemented by NISSTC, was released and will be implemented from December 1, 2023. The guideline provides implementation methods and steps for informing individuals of processing rules and obtaining their consent when handling personal information.3

Commercial Cryptography Administration Regulations Amended and Adopted to Come into Force on July 1

On May 25, Commercial Cryptography Administration Regulations was amended and adopted, and will come into force on July 1.4

MIIT Publicly Seeks Comments on Guideline for the Construction of Data Security Standard System in the Industrial Sector (2023 Edition)

On May 22, the Ministry of Industry and Information Technology ("MIIT") publicly solicited comments from all sectors of society on Guideline for the Construction of Data Security Standard System in the Industrial Sector (2023 Edition) (Draft for Comments).5

Beijing Formulates General AI Innovation Measures to Strengthen Personal Data Protection

On May 12, 2023, the Beijing Municipal Commission of Science and Technology and Zhongguancun Administrative Committee publicly solicited comments on Several Measures to Promote the Innovative Development of General Artificial Intelligence in Beijing (2023-2025) (Draft for Comments).6

The First National Data Security Management Regulations for Automated Driving Demonstration Zones Released in Beijing

On May 12, 2023, the Beijing Municipal Office of High-Level Automated Driving Demonstration Zone officially released Measures for Data Security Management in the Beijing Intelligent Networked Vehicle Policy Pilot Area (for Trial Implementation). This release fills the gap in data safety management of domestic autonomous driving demonstration zones, clarifies that enterprises are responsible for data safety under the coordination and guidance of the Municipal Automated Driving Office, and builds a mechanism for data capability enhancement and sharing among enterprises in demonstration zones.7

New Rules for the Real Estate Brokerage Service Industry Issued, Emphasizing That No SMS or Telephone Promotion Is Allowed without the Consent of the Parties Concerned

On May 8, in order to regulate real estate brokerage services, strengthen the management of the real estate brokerage industry and promote the healthy development of the real estate market, SAMR and the Ministry of Housing and Urban-Rural Development issued Opinions on Regulating Real Estate Brokerage Services.8

MOT Released Management Measures for the Security Protection of Critical Information Infrastructure on Highways and Waterways to Clarify the Main Responsibilities and Obligations of Operators

On May 6, the Ministry of Transport ("MOT") announced Management Measures for the Security Protection of Critical Information Infrastructure on Highways and Waterways, which will come into effect from June 1, 2023.9

The Person in Charge of CAC Answered Questions from Reporters Regarding Announcement on Adjusting Matters Related to the Security Management of Network Security Dedicated Products

Recently, CAC, MIIT, the Ministry of Public Security, the Ministry of Finance, and the Certification and Accreditation Administration jointly issued the Announcement on Adjusting Matters Related to the Security Management of Network Security Dedicated Products (the "Announcement"). A relevant person in charge of CAC answered questions from reporters regarding the issues addressed in the "Announcement".10

MIIT Publicly Solicits Opinions on Four Mandatory National Standards Including Technical Requirements for Information Security of Whole Vehicles of Automobiles

On May 5, 2023, MIIT publicly solicited comments on four mandatory national standards, including Technical Requirements for Information Security of Automobile Vehicles and Automatic Driving Data Recording System for Intelligent Networked Vehicles, which will close on July 5, 2023.11

Taiwan to Establish Data Protection Agency

On May 3, the Taiwan Legislative Yuan passed a draft amendment to the Personal Information Protection Act, which establishes a Taiwan data protection agency with the power to impose fines of up to NT$15 million (approximately US$490,000). According to the draft amendment, non-governmental organizations that fail to implement appropriate security measures to prevent the theft, alteration, damage, destruction, or leakage of personal data may face fines ranging from NT$20,000 to NT$2 million.12

Enforcement Authority

Hubei Cyberspace Administration Released the First List of Registered Data Security Risk Assessment Agencies in Hubei Province

On May 23, in accordance with Notice on the Registration of Data Security Risk Assessment Agencies in Hubei Province issued by the Hubei Provincial Cyberspace Administration, the first list of registered agencies was released by the Hubei Cyberspace Administration.13

CAC Releases Digital China Development Report (2022)

On May 23, CAC, together with relevant parties, systematically summarized the main results achieved by various regions and departments in promoting the construction of Digital China in 2022, carried out regional evaluation of the development of Digital China, looked forward to the development of Digital China in 2023, and prepared and formed Digital China Development Report (2022).14

National Healthcare Security Administration and CAC Conduct Survey on Healthcare Platform and Data Usage, Emphasizing the Importance of Securing Data and Ensuring its Safety

On May 15, 2023, the National Healthcare Security Administration and CAC conducted an online survey on the use of the healthcare information platform and healthcare big data. The healthcare bureaus of 31 provinces (autonomous regions, municipalities) and the Xinjiang Production and Construction Corps Healthcare Bureau introduced the use of healthcare data and the problems that exist, and put forward opinions and suggestions. Huang Huabo, a member of the bureau's party committee and deputy director, participated in the survey.15

Sichuan Province Releases Report on Consumer Personal Information Protection, Over 70% of Respondents' Personal Information Was Leaked

On May 9, the Sichuan Provincial Consumer Protection Committee released a report on the previously conducted survey on consumer personal information protection. The results showed that over 50% of respondents did not understand the content of the Personal Information Protection Law, and over 70% of respondents believed that their personal information had been leaked.16

Beijing Cyberspace Administration Released the Results of the Annual Assessment of Automotive Data Security Management

In accordance with the unified deployment of CAC and based on Several Provisions on Automotive Data Security Management (Trial), the Beijing Cyberspace Administration organized the annual report review of automotive data security management in Beijing starting from November 2022. A total of 31 companies including Mercedes-Benz, Audi, Toyota, Baidu, Ideal, and BAIC submitted their annual reports for assessment, out of which 10 were rated as excellent and 21 were rated as good.17

Shanghai Cyberspace Administration Announces 7 Excellent Pilot Cases for Data Classification and Grading and the Establishment of Important Data Catalogues

From July to December 2022, the Shanghai Municipal Cyberspace Administration organized a pilot program for data classification and grading and the establishment of important data catalogues. A number of outstanding pilot units and cases were selected. Recently, the Shanghai Cyberspace Administration released seven excellent pilot cases, including the excellent pilot case from the Jing'an District Government Office, District Cyberspace Administration, and District Government Affairs Data Management Center, Guidelines for Public Data Classification and Grading in Jing'an District, the excellent pilot case from Yangpu District Big Data Center, Manual for the Use of Automated Tools for Data Classification and Grading - Sensitive Data Discovery, the excellent pilot case from the Baoshan District Education Bureau, Rules for Identifying Important Data and Management of Important Data Catalog for Education in Baoshan District (Trial Implementation), the excellent pilot case from the Minhang District Big Data Center, Data Lifecycle Security Protection Requirements for the Minhang District Big Data Center, the pilot excellent cases from the New Energy Vehicle Public Data Collection and Monitoring Research Center, Identification Rules for Important Data, Management System for Data Classification and Grading, and Management System for Data Sharing and Application.18

MIIT Announces 56 Apps (SDKs) that Violate Users' Personal Information Rights and Interests

Recently, the MIIT organized third-party inspection agencies to conduct inspections on mobile internet applications (APPs) and third-party software development kits (SDKs) that are of public concern, such as practical tools, leisure and entertainment, and short videos. The inspection found that 56 APPs (SDKs) violated users' rights and interests and were publicly reported.19

Shanghai Cyberspace Administration: Shanghai's First Two Companies Pass Data Export Security Assessment

Recently, the Shanghai Cyberspace Administration announced that Mazda (China) Enterprise Management Co., Ltd. and Sephora (Shanghai) Cosmetics Sales Co., Ltd. passed the data export security assessment.20

CAC Releases Data on National Cyberspace Administrative Enforcement and Supervision Work for Q1 2023

Recently, CAC released data on national cyberspace administrative law enforcement and supervision work for the first quarter of 2023. A total of 2,203 websites were interviewed, 48 websites had their functions suspended or updated, 55 applications were removed, and 12 mini-programs were shut down. In collaboration with the telecommunications regulatory authorities, licenses or registrations for illegal websites were cancelled, and illegal websites were shut down, in total of 4208.21

Shanghai Data Exchange Launches Construction of International Board

Recently, the Shanghai Data Exchange launched the construction of its international board, exploring new mechanisms for cross-border data flow and promoting cooperation between domestic and foreign companies in cross-border data circulation, thereby achieving global data interconnection.22

Testing Report on Personal Information Collection of "News and Information" Apps

Recently, CAC and the National Computer Network Emergency Response Technical Coordination Center conducted tests on the collection of personal information by some "news and information" apps that have been widely used by the public.23

Enforcement Cases

Zhejiang's First Two Companies Pass Data Export Security Assessment

Recently, Hangzhou Hikvision Digital Technology Co., Ltd. and Hangzhou Ezviz Network Co., Ltd. passed the data export security assessment conducted by CAC, becoming the first batch of companies in Zhejiang Province to pass the assessment.24

Micron's Products Sold in China Fail Cyber Security Review

Recently, the Network Security Review Office conducted a cyber security review on Micron's products sold in China in accordance with the law. The review found that Micron's products have serious potential cyber security risks, which pose significant security risks to China's critical information infrastructure supply chain and affect China's national security. As a result, the Network Security Review Office concluded that the products did not pass the cyber security review in accordance with the law.25

Guangdong Provincial Communication Administration Removes 30 Apps that Violate Users' Rights and Interests

On May 16, 2023, the Guangdong Provincial Communication Administration issued a notice about the removal of 30 apps that violate users' rights and interests.26

Cyberspace Administration Team Enters Douyu Platform

On May 8, in response to serious problems such as pornography and vulgarity on the Douyu platform, CAC instructed the Hubei Provincial Cyberspace Administration to dispatch a work team to enter the Douyu platform for one month to carry out centralized rectification and supervision.27

Gansu Province Investigates First Case After Implementation of Regulations on the Comprehensive Management of Internet Information Services

Recently, the Internet Security Brigade of Pingliang Public Security Bureau in Gansu Province cracked a case of using AI technology to fabricate false information. This is also the first case in Gansu Province investigated after the implementation of the Regulations on the Comprehensive Management of Internet Information Services on January 10.28

Academia

Zuo Xiaodong: Revision of Commercial Cryptography Administration Regulations to Provide Strong Legal Protection for Maintaining National Cybersecurity

On May 24, the website of the Ministry of Justice released a policy interpretation by Zuo Xiaodong, a professor at the School of Public Affairs of the University of Science and Technology of China, on the revised Commercial Cryptography Administration Regulations.29

Procuratorial Daily: Strengthening Personal Information Protection through Administrative Public Interest Litigation

On May 11, the Supreme People's Procuratorate released a theoretical study article on Strengthening Personal Information Protection through Administrative Public Interest Litigation.30

