En
中文 En
m88 casino bonus code-Top Online Gambling 加入m88 casino bonus code,成就青云之志 m88 casino bonus code
m88 casino bonus code-Top Online Gambling / Publications / M88 Game实践铸就法治新篇章——以案分析《公司法》股东代表诉讼规定的瑕疵丨M88 / details of junhe law review

Some Key Poins of m88 casino Regulations on Network Data Security Management (Draft for Comments)–Data Cross-Border Transfer

2021.11.24m88 casino bonus code、LI, Shuoying

On November 14, 2021, m88 casino Regulations on Network Data Security Management (Draft for Comments) (“Draft Data Security Regulations") was released by m88 casino Cyberspace Administration of China (“CAC”) and made available to m88 casino public for comment until December 13, 2021


m88 casino Draft Data Security Regulations was drafted based on m88 casino Cybersecurity Law, m88 casino Data Security Law and m88 casino Personal Information Protection Law (“PIPL”) as m88 casino superordinate laws. It consists of 75 articles in nine chapters, addressing many key points in detail such as m88 casino safe cross-border transfer of data, m88 casino protection of personal information rights, m88 casino cybersecurity review standards for IPOs in foreign countries or Hong Kong, and m88 casino obligations of internet platform operators. We will discuss m88 casino Draft Data Security Regulations in a series of updates and topics. In this article, we focus on cross-border transfers of data.


1. Prerequisites for Exports of Data and Exemptions


m88 casino first paragraph of Article 35 of m88 casino Draft Data Security Regulations generally reiterates m88 casino prerequisites for m88 casino cross-border transfer of personal information stipulated in Article 38 of m88 casino PIPL and extends m88 casinoir application to all network data as follows:

(1) m88 casino data processor has passed m88 casino data export security assessment organized by m88 casino national cyberspace administration;

(2) both m88 casino data processor and m88 casino data recipient have been certified for m88 casino protection of personal information by a professional institution accredited by m88 casino national cyberspace administration;

(3) m88 casino data processor has entered into a contract with m88 casino data recipient outside m88 casino territory of China in accordance with m88 casino standard contract regulations established by m88 casino national cyberspace administration to set forth m88 casino rights and obligations of both parties. It is provided for in Article 35(2) of m88 casino Draft Data Security Regulations that m88 casino above prerequisites can be exempted if: m88 casino data processor provides m88 casino personal information of an individual to a recipient outside m88 casino territory of China (1) as is necessary for m88 casino conclusion or performance of a contract to which such individual is a party, or (2) as is necessary for m88 casino protection of m88 casino life, health and property of such individual.


According to m88 casino above regulations, data processors are required to meet one of m88 casino three prerequisites for m88 casino data cross-border transfer, regardless of whem88 casinor m88 casino data m88 casinoy transfer abroad contains any personal information, core data or important data. This imposes higher compliance requirements on data export practices by enterprises. As for m88 casino required standard contract, m88 casino national cyberspace administration has not yet issued any standard contract applicable to m88 casino export of personal information. Also, m88 casino aspects an enterprise should focus on in m88 casinoir security assessments and contracts with respect to m88 casino export of data om88 casinor than personal information, core data and important data are subject to furm88 casinor clarification in m88 casino relevant regulations.


m88 casino exemption of data exports that are “necessary for m88 casino conclusion or performance of a contract” and are “necessary for m88 casino protection of m88 casino life, health and property of such individual” can facilitate a data export, but m88 casinoir exact scope needs furm88 casinor clarification. For example, if a domestic user uses an app/mini program developed by a foreign company to acquire services, or if an international company provides global services to consumers, whem88 casinor m88 casino said exemption provisions can apply is subject to furm88 casinor clarification. In addition, m88 casino Draft Data Security Regulations does not explicitly set forth any clear provisions on data localization.


2. Separate Consent for m88 casino Export of Personal Information and m88 casino Timing for Obtaining Consent


Article 36 (1) of m88 casino Draft Data Security Regulations reiterates m88 casino separate consent required for m88 casino export of personal information under Article 39 of m88 casino PIPL as follows: where a data processor provides m88 casino personal information of an individual to a recipient outside m88 casino territory of People's Republic of China, m88 casino data processor shall inform such individual of m88 casino name and contact details of m88 casino overseas data recipient, m88 casino purpose of m88 casino processing, m88 casino manner of m88 casino processing, m88 casino type of personal information, and m88 casino manner in which m88 casino individual can exercise m88 casinoir rights in his/her personal information against m88 casino overseas data recipient, and obtain separate consent from such individual.


As for m88 casino relationship between m88 casino separate consent required for m88 casino export of personal information and m88 casino exemption of data exports that are “necessary for m88 casino conclusion or performance of a contract to which m88 casino individual is a party” under Article 13(1)(ii) of m88 casino PIPL, m88 casinore have been different views on whem88 casinor separate consent is required or not for m88 casino export of personal information if m88 casino export is “necessary for m88 casino conclusion or performance of a contract to which m88 casino individual is a party”. m88 casino government authority has not provided a clear explanation yet. m88 casino Draft Data Security Regulations also does not clearly address this issue.


Article 36(2) of m88 casino Draft Data Security Regulations separately provides that “If separate consent for m88 casino export of personal information has been obtained from m88 casino individual at m88 casino time of collection of such personal information, and m88 casino export of personal information complies with m88 casino matters for which consent is obtained, no separate consent is required to be obtained again from m88 casino individual.” According to this provision, if a company has already obtained separate consent from an individual for m88 casino export of personal information at m88 casino time of collection m88 casinoreof, it is not necessary to obtain separate consent from m88 casino individual again before a subsequent export.


3. Data Export Security Assessment


Article 37 of m88 casino Draft Data Security Regulations sets out m88 casino following circumstances that are subject to m88 casino data export security assessment organized by m88 casino national cyberspace administration: (1) m88 casino data transferred abroad contains important data; and (2) critical information infrastructure operators, or data processors who process m88 casino personal information of more than one million individuals, provide personal information to a recipient outside m88 casino territory of China.


m88 casino “one million” threshold mentioned in m88 casino second circumstance above echoes Article 13 of m88 casino Draft Data Security Regulations and Article 6 of m88 casino Cybersecurity Review Measures (Draft Revised for Public Comments) released by m88 casino CAC on 10 July 20213, which requires a data processor to apply for a cybersecurity review if it falls into m88 casino circumstance of “m88 casino overseas listing of a data processor that processes m88 casino personal information of more than one million individuals”. However, it is noteworthy that m88 casino Draft Data Security Regulations does not reiterate m88 casino requirement that “any provision of m88 casino personal information of more than 100,000 individuals or m88 casino sensitive personal information of more than 10,000 individuals to recipients outside of China in aggregate” shall be subject to a security assessment as stipulated in m88 casino Data Export Security Assessment Measures (Draft for Comments) issued by m88 casino CAC on 29 October 20214. In addition, m88 casino Draft Data Security Regulations does not specify m88 casino validity period of m88 casino data export security assessment.


Data processors who violate m88 casino compliance obligations listed above may face penalties in accordance with Article 64 of m88 casino Draft Data Security Regulations, including government orders to suspend data exports and impose monetary fines of up to RMB 10 million for companies and RMB 1 million for responsible personnel. In particular,


(1) m88 casino relevant authority will order rectification, issue warnings, suspend m88 casino data export, and may at its discretion impose a fine of at least RMB 100,000 and up to RMB 1 million against m88 casino data processor and at least RMB 10,000 and up to RMB 100,000 against m88 casino officers and om88 casinor personnel of m88 casino data processor who are directly liable for m88 casino violation; (2) in case of a grave violation, m88 casino relevant authority will impose a fine of at least RMB 1 million and up to RMB 10 million, and may at its discretion order m88 casino data processor to suspend any related business activity or to suspend business until rectification, revoke m88 casino related business permit or business license of m88 casino data processor, and impose a fine of at least RMB 100,000 and up to RMB 1 million against m88 casino officers and om88 casinor personnel of m88 casino data processor who are directly liable for m88 casino violation.


4. Annual Reporting Obligations to CAC Regarding Data Exports


Under Article 40, m88 casino Draft Data Security Regulations impose reporting obligations on data processors who process any personal data or important data for preparing and submitting a data export security report regarding data exports in m88 casino previous year to m88 casino municipal cyberspace administration of a city having districts by January 31 each year, and such a report should include:

(1) m88 casino name and contact details of each data recipient involved;

(2) m88 casino type, amount and purpose of data transferred abroad;

(3) m88 casino place and period of storage and scope and means of use of m88 casino data abroad;

(4) m88 casino complaints lodged by users regarding m88 casino transfer of m88 casinoir data abroad and related resolutions;

(5) m88 casino data security incidents that occurred and m88 casinoir handling;

(6) m88 casino retransfer of m88 casino data transferred abroad.


m88 casino Draft Data Security Regulations are short on waivers of such reporting obligations. This means that in practice, it is m88 casino obligation of any company that transfers personal information outside of China. In accordance with Article 64 of m88 casino Draft Data Security Regulations, non-compliant data processors may face penalties including government orders to suspend data exports and monetary fines of up to RMB 10 million for companies and RMB 1 million for responsible personnel. Please refer to Section 3 “Data Export Security Assessment” for more details regarding m88 casino statutory provisions for m88 casino penalties and sanctions imposed.


m88 casino Regulations on Automobile Data Security Management3 (for Trial Implementation) also introduce, under Article 14, m88 casino reporting requirements for automobile data processors transferring important data outside of China. Although having substantially consistent provisions with Article 40 of m88 casino Draft Data Security Regulations, m88 casino Automobile Data Security Regulations introduce additional reporting requirements on automobile data processors to provide a statement of m88 casino necessity for transferring automobile data outside of China and report such information as required by CAC in conjunction with m88 casino relevant administrative authorities of industry and information technology, public security and transport, etc. In this regard, uncertainties still exist in relation to m88 casino harmonization of m88 casino requirements outlined in Article 40 of m88 casino Draft Data Security Regulations with m88 casino provisions of m88 casino Regulations on Automobile Data Security Management (for Trial Implementation) previously issued regarding m88 casino data export security assessment.


5. Om88 casinor Obligations Related to Data Exports


Article 39 of m88 casino Draft Data Security Regulations clarify m88 casino obligations of data processors when transferring data outside of China. In addition to m88 casino specific rules regarding cross-border data transfers indicated in Chapter 3 of m88 casino PIPL, m88 casino following newly adopted requirements set forth under Article 39 are noteworthy:

(1) Where m88 casino data export causes any damage to m88 casino legitimate rights and interests of individuals or organizations or to m88 casino public interest, m88 casino data processor shall be held liable in accordance with m88 casino law. This means that m88 casino data processor would accept joint and several liability for m88 casino damages caused by m88 casino data recipients.

(2) Records of m88 casino logs and approvals related to data exports shall be kept for at least three years. m88 casino three-year time requirement is consistent with m88 casino retention period of personal information assessment reports provided for under m88 casino PIPL.

(3) If m88 casino national cyberspace administration determines that m88 casino data shall not be transferred abroad, m88 casino data processor shall stop m88 casino cross-boarder transfer of m88 casino data and take effective measures to remedy m88 casino security of m88 casino data that has been transferred abroad.

(4) Where it is necessary to re-transfer personal information after it has been transferred abroad, m88 casino data processor shall agree in advance with m88 casino individual on m88 casino conditions for m88 casino re-transfer and specify m88 casino security protection obligations required to be performed by m88 casino data recipient. Article 9 of m88 casino Measures on Security Assessment of Data Export (Draft for Comments) provides that m88 casino contract between m88 casino data processor and m88 casino overseas recipient shall contain a provision that restricts an overseas recipient from retransferring m88 casino data transferred to it to any om88 casinor organization or individual. This “restrictive provision” echoes m88 casino provision of Article 39 under m88 casino Draft Data Security Regulations regarding m88 casino agreement “with m88 casino individual on m88 casino conditions for re-transfer” and can be used as a reference by data processors when designing such a “restrictive provision”.


6. Setup of "Export Data Security Gateways" and Regulations on m88 casino Use of Illegal VPNs


Article 41 of m88 casino Draft Data Security Regulations explicitly provides that m88 casino government will set up a national “cross-border data security gateway” to block m88 casino flow of foreign-originated illegal information. Any person who provides programs, tools, routes or services, including internet access, server hosting, technical support, marketing and promotion, payment and settlement or application downloads, for penetrating and bypassing cross-border data security gateways will face penalties in accordance with Article 66 of m88 casino Draft Data Security Regulations, including monetary fines of up to ten times m88 casino value of m88 casino illegal gains or RMB 500,000 in m88 casino absence of illegal gains.


Despite m88 casino legal framework established by m88 casino Regulation on Telecommunications and om88 casinor existing laws and regulations for international network services from m88 casino aspects of license grants and usage specifications, m88 casino Draft Data Security Regulations expressly prohibits m88 casino illegal cross-border programs, tools, routes and om88 casinor services for m88 casino first time and imposes more severe penalties for breaches.


In addition to m88 casino specific requirements for cross-border data transfers addressed above, m88 casino Draft Data Security Regulations furm88 casinor refine and build upon m88 casino regulatory provisions for m88 casino protection of m88 casino rights of individuals to personal information, m88 casino criteria for cybersecurity review for listing abroad and listing in Hong Kong, as well as m88 casino obligations of Internet platform operators. We will discuss m88 casinose topics in future articles.


1. m88 casino Cybersecurity Review Measures (Draft Revised for Public Comments) released by m88 casino CAC can be found at http://www.cac.gov.cn/2021-07/10/c_1627503724456684.htm

2. m88 casino notice of m88 casino CAC on m88 casino release of m88 casino Data Export Security Assessment Measures (Draft for Comments) for public comments can be found at http://www.cac.gov.cn/2021-10/29/c_1637102874600858.htm.

3.Cyberspace Administration of China, Regulations on Automobile Data Security Management (for Trial Implementation), see http://www.cac.gov.cn/2021-08/20/c_1631049984897667.htm.

professionals
latest legal updates
practice areas
junheour prm88 casinoessional areas

DONG, Xiao (Marissa)Beijing Head Office

  • - Corporate and M&A
  • - Telecom and Internet
  • - Data Privacy, Cybersecurity and Information Law
junheour prm88 casinoessional areas

GUO, JingheBeijing Head Office

  • - Corporate and M&A
  • - Data Privacy, Cybersecurity and Information Law
m88 casino app en ,中文,En,首页,君合招聘,联系我们
junhenews picture

A Brief Commentary on m88 casino Administrative Measures for m88 casino Suitability Management of Financial Institution Products

Aug 18
junhenews picture

China’s New Labor Judicial Interpretation: Key Implications for Multinational Corporations in China

Aug 14
junhenews picture

China’s Evolving Data Security Regulatory Framework for Financial Institutions

Aug 05
junhenews picture

China's ESG risks for outbound enterprises

Jul 28
junhenews picture

SSE/SZSE Issued Stock Connect Program Trading Reporting Rules

Jul 24
junhenews picture

China Targets Overseas Bribery under Amended AUC Law

Jul 01
M88 Game实践铸就法治新篇章——以案分析《公司法》股东代表诉讼规定的瑕疵丨M88 Game35 · 争议解决经典案例展播
m88 casino
As m88 casino first carbon neutrality fund sponsored by a law firm in China, m88 casino BAF Carbon Neutrality Special Fund was jointly established by JunHe and m88 casino Beijing Afforestation Foundation (BAF) to promote carbon neutral initiatives, and encourage social collaboration based on m88 casino public fundraising platform to mobilize engagement in public welfare campaigns.

m88 casino

京公网安备11010102005423号

m88 casino招聘

Legal Notice