Data Protection & Privacy

Subscribe to Data Protection & Privacy via RSS

Introduction

As AI technology continues to advance, it has increasingly been exploited for infringing activities that violate general personality rights protected under the Civil Code of the People’s Republic of China (the “Civil Code”), including the right to name, right to image, and right to reputation.  In many reported cases, infringers upload unauthorized content through

Introduction

Protecting the integrity of networks and data has become a global imperative. China, recognising this, has promulgated the “Administrative Measures for the Reporting of National Cybersecurity Incidents ” (“Measures“; effective 1 November 2025). The Measures outline a comprehensive approach to reporting cybersecurity incidents, aiming to minimise losses, incentivise legal compliance, protect national

In today’s digital era, data is an invaluable asset for businesses, offering opportunities for innovation and competitive advantages. However, effectively monetising data involves navigating complex legal frameworks that govern ownership, protection, and commercialisation. This Article examines key legal provisions under Chinese law that facilitate and regulate data monetisation, focusing on intellectual property (“IP”)

Abstract

This article analyses the definition, regulatory framework, and compliance challenges surrounding Sensitive Personal Information (SPI) under China’s Personal Information Protection Law (PIPL) and related standards. For enterprises, accurately identifying SPI within their data ecosystems is critical to the PIPL compliance efforts. Organisations must continually assess risks tied to data practices, particularly amid challenges posed

China’s Personal Information Protection Law (“PIPL”), enacted in 2021, establishes a structured regulatory framework for cross-border transfers of personal information (“PI”). Depending on the volume, sensitivity and context of PI being exported, exporters may face varying levels of compliance obligations. For instance, small-scale exports of non-sensitive PI may be exempt from formal

Introduction

In the digital age, data is a vital asset, and its security is of the utmost importance, particularly within the financial services industry which is relied on by all levels of society.

The National Financial Regulatory Administration (“NFRA”) has introduced the Measures for Data Security Management of Banking and Insurance Institutions (“

In an era dominated by digital connectivity, safeguarding the integrity of networks and information systems has become a global imperative. China, recognizing the critical importance of cybersecurity, has introduced the draft Management Measures for Cybersecurity Incident Reporting (the Measures). The Measures outline a comprehensive approach to reporting cybersecurity incidents, aiming to minimize losses, incentivize legal