News Archives

Tuesday, July 28, 2015

China Issues Draft Network Security Law

On July 6, 2015, China’s National People’s Congress released a draft of a new Network Security Law for public comment through August 5, 2015.  While the draft consolidates a number of previously-issued obligation for network operators, it adds several new ones: a requirement that data breaches be notified to users, as well as to government authorities; a prohibition on transfers of certain types of sensitive personal information outside of China, unless approved by national network administration authorities; and the creation of a new category of personal data, namely "personal biometric information."  According to Covington & Burling, provisions of the draft law "reflect a recent trend of tightening rules regarding cross-border data transfers. It will be more burdensome for multinational companies operating critical information infrastructure in China to transfer personal data internationally, whether intra-group or to third parties (such as data processing contractors)."  Like most high-level laws, the draft Network Security Law employs broad language, leaving many aspects of interpretation and clarification to implementing rules that will be issued by government regulators. 

No comments:

Post a Comment