its Impact on Doing Business in China
into effect on June 1, 2017. The new law
promotes two key objectives:
Chinese citizens from cyberattacks and
the misuse of personal information.
framework on cybersecurity but also gives
privacy protection to Chinese citizens.
to cybersecurity also came into effect on
June 1, 2017. On April 11, 2017, the
Cyberspace Administration of China
(CAC) released a draft (Draft) Measures
for Security Assessment of Outbound
Transmission of Personal Information and
Important Data (Local Data) to solicit
public comments. The consultation has
ended and it is expected that the finalized
measure for security assessment of
outbound transmission of Local Data will
be issued soon.
Cybersecurity Law
localization rule that imposes an
obligation on operators of "Critical
Information Infrastructure" (CII) to store
personal information and other important
data collected and generated during
operations within China.
For outbound data transfer of Local
Data, the new law requires CII operators
to undertake security assessment before
transferring such data abroad. The
security assessment shall be conducted
by the CAC and the State Council (unless
permission for the transfer is already
provided under another law).
CII is defined broadly as
"infrastructure that, in the event
of damage, loss of function, or data
leak, might seriously endanger
national security, national welfare or
the livelihoods of the people, or the
public interest." It includes public
communications and information
services, energy, transportation, water
conservancy, finance, public services and
e-government.
networks used for critical public services
and private sector operators who operate
networks which, if breached, would cause
serious damage to state security, the
Chinese economy or to the public at large.
The new law also covers "Network
Operators" (NO), which is widely defined
to include any business that owns and
operates IT networks in China including
a computer network, website, app or other
electronic platform where information
collected from third party users in China
is stored, transmitted, exchanged or
processed.
Under the new law, NOs need to:
and processing personal data
measures to secure against loss and
destruction of personal data, data
minimization, confidentiality and
rights to accuracy and restriction on
processing of personal data.
information is defined as including
all kinds of information, recorded
electronically or through other means
which is sufficient to identify a person's
identity, including but not limited to:
Independent Commission Against Corruption (ICAC).
His practice focuses on advising clients on matters
relating to anti-corruption, white-collar crime, law
enforcement, regulatory and compliance matters
in Hong Kong, including advice on anti-money
laundering. He also handles cases involving
corporate litigation, shareholders' disputes and
insolvency matters, defamation cases, domestic
and international arbitration cases, cybersecurity,
data security and privacy law issues, competition
law matters, e-Discovery and forensic investigation
issues as well as property litigation.
19th Floor, Three Exchange Square
8 Connaught Place, Central
Hong Kong, Hong Kong (SAR)
onc.hk