China Passes Data Security Law to Take Effect in Less Than Two Months

07/08/2021

On June 10, 2021, China’s National People’s Congress Standing Committee (“NPC”) passed the Data Security Law (“DSL”), to take effect on September 1, 2021. This version of the DSL was fast-tracked after just two drafts for public comments in July 2020 and April 2021, respectively. The DSL will essentially have an impact on all businesses operating in China by imposing various obligations in processing and transferring data. Multinational companies (“MNCs”) should be particularly mindful of the DSL because of the law’s emphasis on cross-border data transfer. Together with the Cybersecurity Law ("CSL") passed by the NPC in 2017 and the soon-to-be final Personal Information Protection Law, China’s cyberspace administration and data protection framework poses various compliance challenges for businesses with China operations.

Here are some highlights of the DSL:

1. Applicability of the DSL

According to Article 2 of the DSL, it applies to data processing activities in China. “Data” refers to any recording of information by electronic or other means, regardless of online or offline. “Data processing” is broadly defined to include the collection, storage, use, processing, transmission, production, and disclosure, etc. of data. Essentially all businesses operating in China will be subject to the DSL.

Read the full alert here.

Email Disclaimer