China
2.2. Additional or ancillary regulation, directives, or norms In addition to the Three Fundamental Laws, China’s data protection framework also encompasses specialized regulations, general laws, and regulations. These include, non– exhaustively: (1) Specialized Regulations The Administrative Measures for Personal Information Protection Compliance Audits, effective from May 1, 2025. It provides requirements and guidelines for conducting compliance audits of personal data processing activities. The Regulations on Facilitating and Regulating the Cross–border Data Flows, effective from March 22, 2024. It aims to streamline the cross-border data transfer process by relaxing certain compliance requirements and detailing specific scenarios where data transfers are exempt from security assessments, standard contract filings, or personal data protection certifications, thereby simplifying outbound data flows for companies. The Regulations on the Protection of Minors in Cyberspace, effective from January 1, 2024. It aims to create a cyberspace environment conducive to minors’ physical and mental health development while safeguarding their legitimate rights and interests. It comprehensively governs the collection, use, and storage of
minors’ data, mandating specific requirements such as obtaining guardian consent and prohibiting the forced provision of unnecessary personal data. personal The Measures for the Standard Contract for Outbound Transfer of Personal Information, effective from June 1, 2023. It offers a key compliance pathway for cross- border data transfers, allows Personal Data Processors (see following section 3.1.4 for definition) to transfer data abroad by entering into a standard contract with the overseas recipient, and specifies the mandatory clauses and filing requirements for such contracts. (2)General Laws and Regulations The Civil Code, effective from January 1, 2021. It provides a fundamental legal basis for protecting natural persons’ personal data and defines civil liabilities for infringements. The Criminal Law, the latest amendments of which came into effect on March 1, 2021. It imposes criminal liability for crimes infringing on citizens’ personal data. China has also formulated specialized laws and regulations regarding the protection of personal data in certain regulated industries and sectors, such as healthcare, financial services, telecommunications, and automotive.
www.llinkslaw.com
Made with FlippingBook - PDF hosting