Greetings from Beijing!

The past weeks have been full of various dynamic privacy activities in the Asia-Pacific region! Personal Data Privacy Week 2022 in Singapore started with the IAPP Asia Privacy Forum, followed by a suite of PDP workshops and discussions to further dive into the latest developments in data protection, the use of data technologies and how accountable practices help accelerate business growth.

The privacy “spree” did not end there. The Privacy Symposium 2022 (jointly organized by Infosys, the IAPP and the Association of Corporate Counsel) took place in the first half of this week, and it provided good learning and networking opportunities for privacy professionals in the APAC region and beyond! What a few wonderful weeks to enjoy the summer with like-minded people!

Turning to more serious topics, China’s data legal regime is evolving quickly. Two weeks ago, I reported the Cyberspace Administration of China issued the draft Standard Contract Clauses for cross-border data transfer. The China SCCs mirror some structures of the EU General Data Protection Regulation SCCs, but maintain certain unique Chinese characteristics. Compared with the data export via regulator-led security assessment, overseas transfer of personal data by way of the China SCCs provides a faster, less costly and more predicable mechanism. The consultation phase will end on 29 July. Businesses should keep a close watch on further development in this regard.

Another interesting movement is that on 27 July, the State Council of China issued a new policy promoting China’s cultural digitalization strategy. China will establish a national cultural big data system, and an exchange center for national cultural big data will be set up in Shenzhen. The target operation will start before the end of August. Coincidently, the Shanghai Government recently issued plans to support the development of NFTs and accelerate the exploration of blockchain and digital technology applications in virtual digital assets, artworks, IPs and games. These new policies are expected to bring new business opportunities in NFTs, metaverse and blockchain tech.

On the enforcement front, China’s national and local data regulators have been busy with a series of enforcement actions. The level and severity of penalties recently imposed by the authorities on companies that failed to collect and process data according to Chinese laws are huge enough for companies to sit up and take prompt compliance steps according to the relevant regulatory requirements under the Cybersecurity Law, Data Security Law and the Personal Information Protection Law.

The data regulator in Hong Kong also takes a strict line in enforcing data protection. The office of the Privacy Commissioner for Personal Data recently arrested an individual who disclosed the names, telephone numbers and photos of a data subject and her husband without their consent on a social media platform, in contravention of relevant provisions of the Personal Data (Privacy) Ordinance. The PCPD reminds the public that doxxing is a serious offense, and an offender is liable and may face a fine of up to HK$1 million and imprisonment for five years.

Hope you enjoy this digest. Until next time!