Article by Daniel Albrecht

Summary: The Cybersecurity Law of the People’s Republic of China was issued on November 7, 2016, and officially put into effect June 1, 2017. The Cyberspace Administration of China (CAC) has released supportive measures to implement provisions of the Cybersecurity Law. These draft Measures provide guidelines for cross-border transfer of data, data security assessments, and the protection of data in relation to national and public interest. In 2017, the CAC published Measures on Security Assessment of Cross-Border Transfer of Personal Information and Important Data. The draft received immense feedback, leading to a second draft released in June 2019, Measures on Security Assessment of Cross-Border Transfer of Personal Information. The new draft will affect a wide range of domestic and foreign entities in China that have cross-border transfer needs.

Separating “Personal Information” and “Important Data”

On June 13, 2019, the Cyberspace Administration of China (CAC) released Measures on Security Assessment of Cross-Border Transfer of Personal Information. Regulations and guidelines provided in the draft pertain to network operators that export personal information data to recipients outside of China. It should be noted that the 2017 draft Measures applied to both “important data” and “personal information” data. However, the 2019 draft legislation omits the term “important data” and solely focuses on the export of “personal information.” The removal of the term implies that the CAC is now treating important data and personal information as separate categories that are subject to different requirements.[1] Therefore, the content in the new draft regulation only concerns the cross-border transfer of “personal information” collected within the territory of China.[2]

Data Localization Requirement

China’s Cybersecurity Law requires data localization for “critical information infrastructure operators” (CIIO’s) that collect and generate data within China. In other words, the provision requires that personal information and important data collected by CIIO’s within the territory of China will be stored in Chinese servers. The 2017 draft Measures attempted to bring clarification to this data localization rule. However, the draft expanded the data localization requirement to all “network operators,” causing controversy and confusion in the international community. Since “network operator” is more vaguely defined than CIIO’s, the 2017 Measures broadened the scope for the data localization requirement.

To make things more complicated, the CAC published the 2019 draft Measures without any mention of data localization requirements. Although there is no data localization provision in the new draft, it does not mean that network operators are exempt from data localization. Legal experts point out that China’s Cybersecurity Law overlaps with the new draft Measures, and CIIO’s are still obligated to follow data localization rules. However, with the cybersecurity law referring to “CIIO’s”, and the Measures only referring to “network operators,” there is room for interpretation regarding what entities will be impacted by data localization requirements.

Continue reading “Measures on Security Assessment of Cross-Border Transfer of Personal Information (2019 Draft)” »

On 23 April 2019 the Standing Committee of the National People’s Congress issued the fourth revision of the Trademark Law, which came into force on November 1st. This has attracted much attention from the international IP community as it addresses the issue of bad-faith registrations – one of the most significant challenges to protecting international brands in China.

The new law provides that bad-faith applications made with no intent to use will be rejected. In addition, the absence of requisite intent to use is now included as grounds for opposition and invalidation proceedings.

Moreover, the law allows for a higher amount of damages that can be claimed for trademark infringement; likewise, the highest amount of statutory damages was increased from RMB 3 million to RMB 5 million in an attempt to deter infringements.

The revision also establishes new guidelines for the Trial of Cases on Trademark Authorisation and Affirmation, as well as new articles on the legal liability of applicants of bad-faith application without intent to use.

For the full analysis on the recent revision, read the full article by Charles Feng at Lexology.