I hope you are all enjoying autumn (and spring for folks in the southern hemisphere) and warm greetings from Beijing, China!
Data privacy and data protection in Asia Pacific? You never get bored.
1 Nov. will witness the long-awaited China’s Personal Information Protection Law going into effect, which has been extremely topical among businesses, academics, privacy professionals as well as government agencies in the past months. Since the promulgation of the PIPL on 20 Aug., business entities, large and small, have been busy bringing their privacy documentation and mechanisms up to the level required under the new personal data law.
“Important data” is a legal concept under the China Cybersecurity Law and the China Data Security Law, but the lack of definition has presented difficulty for businesses to assess whether the data they collect would fall within the scope of “important data.” China’s National Information Security Standardization Technical Committee, the drafters of China TC260 standards, issued the Information Security Technology — Identification Guide of Important Data (draft for comments). Under the guidelines, “important data” is defined as “data where national security and public interests would be harmed in the event that they are tampered with, destroyed, leaked, or illegally obtained or used.” Personal information is not “important data.” However, derivative data produced based on a huge volume of personal data may fall under the scope of “important data.” Further clarity is expected in the final version of the guidelines.
Shanghai, the largest city in China and also an important hub for technology development and innovation around the Yangtze delta, issued the Shanghai Data Regulations (draft for public comments) on 30 Sept., with a view to building Shanghai into an international digitalization city. The Shanghai Data Regulations (draft) cover a number of hot topics such as data ownership, data assetization and monetization, open data, data flow, etc. Shanghai will set up a data exchange to explore and release the value of data assets.
Moving down to the south, there are some recent important regulatory developments in Hong Kong. The Personal Data (Privacy) (Amendment) Bill 2021 went into effect 8 Oct., following its passage by Hong Kong’s legislature 29 Sept. The bill creates new offenses to tackle doxxing acts, with fines up to HK$ 1 million and imprisonment for five years. The bill also empowers the Office of the Privacy Commissioner for Personal Data to carry out criminal investigations, institute prosecution against doxxing incidents and demand the cessation of doxxing contents.
Hope you enjoy this digest. See you next time!
If you want to comment on this post, you need to login.