security

[Tech Law] TikTok And Data Privacy In China: Security Assessment … – Mondaq News Alerts



To print this article, all you need is to be registered or login on Mondaq.com.

The US congressional hearing of the TikTok CEO this March has
further divided opinion on data privacy and China. But what about
personal data privacy in China? What do foreign companies need to
know about data privacy when dealing with China?

Did you know that most multinationals in China have to file for
a security assessment or take equivalent actions as required by the
Cyberspace Administration of China (CAC) when
transferring personal data to outside of China, and that this
policy can be enforced since 1 March 2023, if not applied?

Which laws in China are about data

The Data Security Law, Cyber Security Law and the Personal
Information Protection Law forms a comprehensive legal framework in
the field of data security, that will protect data and tries to
solve data leakage.

Personal information and the security assessment by CAC

The Personal Information Protection Law demands that if personal
information is transferred out of China, that the processors obtain
separate consent from data subjects, that there is a personal
information protection impact assessment and that there is one of
the following three requirements fulfilled:

– a successful CAC security assessment issued;

– certification from CAC approved institution;

– data transfer agreement with the recipient conform the
template by CAC.

The Measures of September 1, 2022, made the security assessment
requirement applicable to any company that wants to transfer
‘important data’ outside of China. Due to broad
classification, most multinational companies would fall under this.
Hence the Measures gave a six-month grace period to comply, which
ended on 1 March 2023.

Revocation of business license and other heavy fines

For the Personal Information Protection Law companies could be
fined up to 50 million RMB, but also even harsher penalties as
suspending business, revoking business license, or even pursuing
criminal responsibility could apply.

Who has applied for security assessment by CAC

At the current date, not many foreign companies have filed for
data security assessments with the Beijing CAC.

Companies need to know how to protect whose data where

For companies it is key to know how data needs to be protected
in accordance with China’s laws. As there is a realistic chance
that TikTok will get into further scrutiny in the USA, it would not
be surprising if China will enforce its various Data Laws to punish
companies that are not compliant.

As revocation of business license is one of the potential
measures that can be applied, businesses could lose their right to
operate on the Chinese market. Being compliant is now more than
important than ever before, especially since the six-month grace
period regarding the Measures of the Personal Information
Protection Law is over. We can expect many companies to be getting
into trouble very soon.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from China

The Revolutionary Chat GPT And Its Legal Policies

Legacy Law Offices

The year 2022 marked a fresh and innovative beginning for the field of artificial intelligence (AI), wherein the technology was re-introduced in a more accessible and usable form to the public.

What’s In India’s New Data Protection Bill?

lus Laboris

On 18 November 2022, the Government of India released the long awaited fourth draft of India’s proposed privacy law, now renamed as the Digital Personal Data Protection Bill…

Data Protection Laws In India – Everything You Must Know

Vaish Associates Advocates

Data Protection refers to the set of privacy laws, policies and procedures that aim to minimise intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.