Hello, privacy pros. It was great to reconnect with old friends at the IAPP Global Privacy Summit in Washington, D.C., and meet some new faces too. Back from Summit, brimming with joy and excitement, I'm diving back into the usual busy life as a privacy lawyer in Beijing.

In recent weeks, China issued several new regulations easing cross-border data transfers and opening up certain telecom services to foreign investment. The Provisions on Regulating and Promoting Cross-Border Data Flows, released by the Cyberspace Administration of China 22 March, offer more flexibility for multinational companies to decide how to transfer China-collected data out of the country. This includes relaxations on transferring employee data, shifting burdens for identifying important data, and narrowing the scope of regulator-led security assessments — all welcomed by business organizations.

For those eyeing the value-added telecommunications sector, the Ministry of Industry and Information Technology unveiled new rules 10 April promoting a pilot scheme in Beijing, Shanghai, Shenzhen and Hainan. Foreign investors can now set up 100% subsidiaries to engage in internet-based telecom services. Some of these pilot zones, empowered by the CAC to draft local rules to facilitate cross-border data flows, seem to offer double incentives for investors.

Artificial intelligence remains a hot topic this spring in China. The CAC recently greenlit a batch of generative AI services under China's Generative AI Regulation. A total of 117 generative AI services passed the CAC filing, with some well-known Chinese brands such as Baidu and Vivo included. Meanwhile, a special campaign launched by the CAC targeting fraud, misinformation and personal information infringement caused by AI-generated content is on the horizon.

In Hong Kong, the Privacy Commissioner for Personal Data is stepping up action for personal data protection. A recent enforcement notice slapped Hong Kong Cyberport Management Company for a data breach affecting over 13,000 individuals. Recommendations include beefing up cybersecurity frameworks, conducting timely risk assessments and security audits and promptly deleting personal data.

Simultaneously, the Hong Kong government is driving digital economy development. At the Visionary Forum of the Digital Economy Summit 2024, the financial secretary highlighted plans to bolster digital policies, improve infrastructure, facilitate data flows, expedite transformation, and nurture talent. The Greater Bay Area policy, involving Guangdong, Hong Kong and Macau, is in the works and expected to unlock promising opportunities across finance, trade, medical technology, tourism, aviation, and professional services in the GBA.

Hope you have enjoyed this update. Until next time.